Sign released binaries

Cameron Swordsrequested to merge
cam/sign-released-binaries into main

Changes

  • Creates a checksum file, step-runner-release.sha256, which contains checksums of all binaries
  • Signs the checksum file, as step-runner-release.sha256.asc, using a private key added to the CI/CD settings
  • The new files are added to each release as an asset
  • Adds verification instructions to the README.md

The public key has been uploaded to the package registry. The key uses RSA 4096-bit encryption to maximize compatibility across user systems. Current public key:

Key Attribute Value
Name GitLab, Inc.
Email support@gitlab.com
Fingerprint 0FCD 59B1 6F4A 62D0 3839 27A5 42FF CA71 62A5 35F5
Expiry 2029-01-05

References

Related to issue Publish platform binaries to package manager on... (#327 - closed).

Edited by Cameron Swords

Merge request reports