This is slightly fraught: If we don't specify a digest preference, sha1
will be used with both keys, which we don't want. Even if we do specify
a digest preference, sha1 is still used for DSA, and gpg won't verify
all the signatures, if they don't use the same hash algorithm (See [1]).
So specify dsa2 as well, to allow sha256 to be used in both signatures.
[1] https://dev.gnupg.org/T1462
UPLOAD_HOST=cygwin-admin@cygwin.com
UPLOAD_PATH=/www/sourceware/htdocs/cygwin/setup
+SIGN_KEYS="--enable-dsa2 --personal-digest-preferences=sha256 -u 676041BA -u 1A698DE9E2E56300"
upload: release
scp setup-${VER}.$(ARCH).exe setup-${VER}.$(ARCH).dbg ${UPLOAD_HOST}:${UPLOAD_PATH}
- ssh ${UPLOAD_HOST} gpg --detach-sign ${UPLOAD_PATH}/setup-${VER}.$(ARCH).exe
+ ssh ${UPLOAD_HOST} gpg ${SIGN_KEYS} --detach-sign ${UPLOAD_PATH}/setup-${VER}.$(ARCH).exe
clean-local:
rm -f setup*${EXEEXT} setup*.dbg