github.com/szyn/goreleaser@v0.76.1-0.20180517112710-333da09a1297/www/content/sign.md

github.com/szyn/goreleaser@v0.76.1-0.20180517112710-333da09a1297/www/content/sign.md (about)

     1  ---
     2  title: Signing
     3  series: customization
     4  hideFromIndex: true
     5  weight: 60
     6  ---
     7  
     8  GoReleaser can sign some or all of the generated artifacts. Signing ensures
     9  that the artifacts have been generated by yourself and your users can verify
    10  that by comparing the generated signature with your public signing key.
    11  
    12  Signing works in combination with checksum files and it is generally sufficient
    13  to sign the checksum files only.
    14  
    15  The default is configured to create a detached signature for the checksum files
    16  with [GnuPG](https://www.gnupg.org/) and your default key. To enable signing
    17  just add
    18  
    19  ```yaml
    20  # goreleaser.yml
    21  sign:
    22     artifacts: checksum
    23  ```
    24  
    25  To customize the signing pipeline you can use the following options:
    26  
    27  ```yml
    28  # .goreleaser.yml
    29  sign:
    30    # name of the signature file.
    31    # '${artifact}' is the path to the artifact that should be signed.
    32    #
    33    # signature: "${artifact}.sig"
    34  
    35    # path to the signature command
    36    #
    37    # cmd: gpg
    38  
    39    # command line arguments for the command
    40    #
    41    # to sign with a specific key use
    42    # args: ["-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
    43    #
    44    # args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
    45  
    46  
    47    # which artifacts to sign
    48    #
    49    #   checksum: only checksum file(s)
    50    #   all:      all artifacts
    51    #   none:     no signing
    52    #
    53    # artifacts: none
    54  ```