[llvm-branch-commits] [llvm] 9590bfd - [llvm][release] Note that some packages have 2 signature files (#183266)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Sat Feb 28 00:43:52 PST 2026
Author: David Spickett
Date: 2026-02-25T11:36:36Z
New Revision: 9590bfde9930be9449f82691ed0e12d4ffdb15b9
URL: https://github.com/llvm/llvm-project/commit/9590bfde9930be9449f82691ed0e12d4ffdb15b9
DIFF: https://github.com/llvm/llvm-project/commit/9590bfde9930be9449f82691ed0e12d4ffdb15b9.diff
LOG: [llvm][release] Note that some packages have 2 signature files (#183266)
For example in the latest release, there is:
LLVM-22.1.0-Linux-ARM64.tar.xz
Which has 2 signature files:
LLVM-22.1.0-Linux-ARM64.tar.xz.jsonl
LLVM-22.1.0-Linux-ARM64.tar.xz.sig
jsonl comes from the GitHub build and the sig is uploaded by the release
manager.
(cherry picked from commit 678aaa75c7fac4bbda9e5d70f629e698657f5e3a)
Added:
Modified:
llvm/utils/release/github-upload-release.py
Removed:
################################################################################
diff --git a/llvm/utils/release/github-upload-release.py b/llvm/utils/release/github-upload-release.py
index bf37bbb7b2bcd..3eb592bb27462 100755
--- a/llvm/utils/release/github-upload-release.py
+++ b/llvm/utils/release/github-upload-release.py
@@ -180,7 +180,7 @@ def create_release(repo, release, tag=None, name=None, message=None):
## Verifying Packages
-All packages come with a matching `.sig` or `.jsonl` file. You should use these to verify the integrity of the packages.
+All packages come with a matching `.sig` and/or `.jsonl` file. You should use these to verify the integrity of the packages.
If it has a `.sig` file, it should have been signed by the release managers using GPG. Download the keys from the [LLVM website](https://releases.llvm.org/release-keys.asc), import them into your keyring and use them to verify the file:
```
More information about the llvm-branch-commits
mailing list