Fix checksum verification failure during installation

Related to #639

Users reported "Failed to download checksum for Pulse release" errors
during installation. The root cause was a mismatch between what the
build system generates and what the installer expects:

- install.sh downloads individual .sha256 files (e.g., pulse-v4.25.0-linux-amd64.tar.gz.sha256)
- build-release.sh only created a single checksums.txt file

This commit updates build-release.sh to generate both:
1. Individual .sha256 files for each asset (required by install.sh)
2. Combined checksums.txt for manual verification and signing

This maintains backwards compatibility with the installer while keeping
the aggregated checksums.txt for power users and GPG signing.
This commit is contained in:
rcourtman 2025-11-06 11:21:49 +00:00
parent 20854256c3
commit c638a8c28c

View file

@ -270,6 +270,12 @@ fi
if [ ${#checksum_files[@]} -eq 0 ]; then
echo "Warning: no release artifacts found to checksum."
else
# Generate individual .sha256 files for each asset (required by install.sh)
for file in "${checksum_files[@]}"; do
sha256sum "$file" | awk '{print $1}' > "${file}.sha256"
done
# Also generate combined checksums.txt for convenience
sha256sum "${checksum_files[@]}" > checksums.txt
if [ -n "${SIGNING_KEY_ID:-}" ]; then
if command -v gpg >/dev/null 2>&1; then