Author: David Spickett Date: 2026-02-25T11:36:36Z New Revision: 9590bfde9930be9449f82691ed0e12d4ffdb15b9
URL: https://github.com/llvm/llvm-project/commit/9590bfde9930be9449f82691ed0e12d4ffdb15b9 DIFF: https://github.com/llvm/llvm-project/commit/9590bfde9930be9449f82691ed0e12d4ffdb15b9.diff LOG: [llvm][release] Note that some packages have 2 signature files (#183266) For example in the latest release, there is: LLVM-22.1.0-Linux-ARM64.tar.xz Which has 2 signature files: LLVM-22.1.0-Linux-ARM64.tar.xz.jsonl LLVM-22.1.0-Linux-ARM64.tar.xz.sig jsonl comes from the GitHub build and the sig is uploaded by the release manager. (cherry picked from commit 678aaa75c7fac4bbda9e5d70f629e698657f5e3a) Added: Modified: llvm/utils/release/github-upload-release.py Removed: ################################################################################ diff --git a/llvm/utils/release/github-upload-release.py b/llvm/utils/release/github-upload-release.py index bf37bbb7b2bcd..3eb592bb27462 100755 --- a/llvm/utils/release/github-upload-release.py +++ b/llvm/utils/release/github-upload-release.py @@ -180,7 +180,7 @@ def create_release(repo, release, tag=None, name=None, message=None): ## Verifying Packages -All packages come with a matching `.sig` or `.jsonl` file. You should use these to verify the integrity of the packages. +All packages come with a matching `.sig` and/or `.jsonl` file. You should use these to verify the integrity of the packages. If it has a `.sig` file, it should have been signed by the release managers using GPG. Download the keys from the [LLVM website](https://releases.llvm.org/release-keys.asc), import them into your keyring and use them to verify the file: ``` _______________________________________________ llvm-branch-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
