From 12ff38be499c71e34520e435f55846337fea887b Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" Date: Sat, 26 Oct 2024 20:53:42 -0700 Subject: [PATCH] Tighten up the comments for the various signed tags moving forward. These may seem excessive, but: - 3 are for Go module version naming automation - 1 is for kernel.org automation purposes - 1 is for legacy consistency tagging - 1 moving forward "official" tagging (packagers can use this one) I've back-signed all of the libcap-2.xy releases with the "official" key: $ gpg --fingerprint 0D23D34C577B08C4082CFD76430C5CFF993116B1 pub ed25519 2024-10-26 [SC] 0D23 D34C 577B 08C4 082C FD76 430C 5CFF 9931 16B1 uid [ultimate] Andrew G. Morgan (2024+ libcap signing key) sub cv25519 2024-10-26 [E] Since the legacy tag uses a no longer considered secure technology, I'll likely stop using it around libcap-2.75 when the new key has gained more history and trust. Signed-off-by: Andrew G. Morgan --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index f7d43cf..24196a0 100644 --- a/Makefile +++ b/Makefile @@ -75,13 +75,13 @@ morgangodoc: morganrelease: distcheck @echo "sign the main library tag three times: legacy DSA key; newer RSA (kernel.org automation) key; official ed25519 key" - git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s sig-libcap-$(VERSION).$(MINOR) -m "This is official tag for libcap-$(VERSION).$(MINOR)" - git tag -u AF7402BC38CC10E6885C1FCA421784ABD41A6DF2 -s libcap-$(VERSION).$(MINOR) -m "This is the legacy tag for libcap-$(VERSION).$(MINOR)" - git tag -u 38A644698C69787344E954CE29EE848AE2CCF3F4 -s libcap-korg-$(VERSION).$(MINOR) -m "This is kernel.org automation tag for libcap-$(VERSION).$(MINOR)" + git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s sig-libcap-$(VERSION).$(MINOR) -m "official tag for libcap-$(VERSION).$(MINOR)" + git tag -u AF7402BC38CC10E6885C1FCA421784ABD41A6DF2 -s libcap-$(VERSION).$(MINOR) -m "legacy tag for libcap-$(VERSION).$(MINOR)" + git tag -u 38A644698C69787344E954CE29EE848AE2CCF3F4 -s libcap-korg-$(VERSION).$(MINOR) -m "kernel.org automation tag for libcap-$(VERSION).$(MINOR)" @echo "The following are for the Go module tracking (the stylized tag names have semantic meaning)." - git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s v$(GOMAJOR).$(VERSION).$(MINOR) -m "This is the version tag for the 'libcap' Go base directory associated with libcap-$(VERSION).$(MINOR)." - git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s psx/v$(GOMAJOR).$(VERSION).$(MINOR) -m "This is the (stable) version tag for the 'psx' Go package associated with libcap-$(VERSION).$(MINOR)." - git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s cap/v$(GOMAJOR).$(VERSION).$(MINOR) -m "This is the (stable) version tag for the 'cap' Go package associated with libcap-$(VERSION).$(MINOR)." + git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s v$(GOMAJOR).$(VERSION).$(MINOR) -m "version tag for the 'libcap' Go base directory associated with libcap-$(VERSION).$(MINOR)" + git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s psx/v$(GOMAJOR).$(VERSION).$(MINOR) -m "stable version tag for the 'psx' Go package associated with libcap-$(VERSION).$(MINOR)" + git tag -u 0D23D34C577B08C4082CFD76430C5CFF993116B1 -s cap/v$(GOMAJOR).$(VERSION).$(MINOR) -m "stable version tag for the 'cap' Go package associated with libcap-$(VERSION).$(MINOR)" $(MAKE) release @echo "sign the tar file using korg key - so it can be uploaded to kernel.org" cd .. && gpg -sba -u 38A644698C69787344E954CE29EE848AE2CCF3F4 libcap-$(VERSION).$(MINOR).tar