diff --git a/CONTRIBUTE b/CONTRIBUTE index 7c3421ed75..5dbcb469e0 100644 --- a/CONTRIBUTE +++ b/CONTRIBUTE @@ -366,6 +366,18 @@ reasons. These should be marked by including something like "Do not merge to master" or anything that matches gitmerge-skip-regexp (see admin/gitmerge.el) in the commit message. +** Git tags + +Git tags are used for released versions of Emacs, including pretests +and release candidates. To list them, type "git tag" or "git tag -n". + +Recent tags are signed for additional security. To verify a +signature, type "git tag -v TAGNAME". You will first need to fetch +the public key used to sign the tag, using something like: + + gpg --keyserver pgp.mit.edu --recv-keys \ + CEA1DE21AB108493CC9C65742E82323B8F4353EE + ** GNU ELPA This repository does not contain the Emacs Lisp package archive diff --git a/admin/make-tarball.txt b/admin/make-tarball.txt index 872cb00ca2..5350ddc962 100644 --- a/admin/make-tarball.txt +++ b/admin/make-tarball.txt @@ -187,7 +187,7 @@ General steps (for each step, check for possible errors): 8. You can now tag the release/pretest and push it together with the last commit: - cd EMACS_ROOT_DIR && git tag -a TAG -m "Emacs TAG" + cd EMACS_ROOT_DIR && git tag -s TAG -m "Emacs TAG" git push git push --tags @@ -199,16 +199,20 @@ General steps (for each step, check for possible errors): use the SHA1 of the last commit which went into the release tarball, in case there were some intervening commits since then: - git tag -a TAG -m "Emacs TAG" SHA1 + git tag -s TAG -m "Emacs TAG" SHA1 git push --tags In the past, we were not always consistent with the annotation (i.e. -m "Emacs TAG"). The preferred format is like this for a pretest, release candidate and final release: - git tag -a emacs-28.0.90 -m "Emacs 28.0.90 pretest" - git tag -a emacs-28.1-rc1 -m "Emacs 28.1 RC1" - git tag -a emacs-28.1 -m "Emacs 28.1 release" + git tag -s emacs-28.0.90 -m "Emacs 28.0.90 pretest" + git tag -s emacs-28.1-rc1 -m "Emacs 28.1 RC1" + git tag -s emacs-28.1 -m "Emacs 28.1 release" + + The "-s" option above means to sign the tag using your default GPG + key. Make sure this uses the same GPG key that you use to sign + the release (see below). 9. Decide what compression schemes to offer. For a release, at least gz and xz: