git-up/GitUp

Feature Request: Provide SHA output for each version release

kinueng opened this issue · 3 comments

Requesting each release provide a SHA output for the GitUp.zip file so users can validate the integrity of the release binaries.

An example is how openssl releases have SHA output files openssl-*.tar.gz.sha256 alongside the release files.
https://github.com/openssl/openssl/releases

Example generating SHA256 for GitUp release v1.4.2 using macOS builtin shasum

shasum -a 256 GitUp-v1.4.2.zip > GitUp-v1.4.2.zip.sha256
67b2612ef7aac75194b4fb77a27b2a06b031fccac56db71d9e358d362c2e3b25  GitUp-v1.4.2.zip

Example of macOS users verifying the SHA with the zip

shasum -a 256 -c GitUp-v1.4.2.zip.sha256
GitUp-v1.4.2.zip: OK

Ya, we can do that.

Using my limited knowledge of the GitUp build infrastructure, I have attempted to add a new build step to generate the digest file in attempt to make it easy for you to upload the SHA file when uploading GitUp.zip.

If you think this code change is helpful or would like more changes, please let me know and I can open a pull request.

https://github.com/git-up/GitUp/compare/master...kinueng:digest?expand=1

Thanks, the build script is in flux atm as we're moving to GitHub releases and off of Amazon S3, but I appreciate the changes.