From c638a8c28c29f8338960af2a1d5603377982dd4d Mon Sep 17 00:00:00 2001 From: rcourtman Date: Thu, 6 Nov 2025 11:21:49 +0000 Subject: [PATCH] Fix checksum verification failure during installation Related to #639 Users reported "Failed to download checksum for Pulse release" errors during installation. The root cause was a mismatch between what the build system generates and what the installer expects: - install.sh downloads individual .sha256 files (e.g., pulse-v4.25.0-linux-amd64.tar.gz.sha256) - build-release.sh only created a single checksums.txt file This commit updates build-release.sh to generate both: 1. Individual .sha256 files for each asset (required by install.sh) 2. Combined checksums.txt for manual verification and signing This maintains backwards compatibility with the installer while keeping the aggregated checksums.txt for power users and GPG signing. --- scripts/build-release.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/build-release.sh b/scripts/build-release.sh index 9b1e072..e5f65b0 100755 --- a/scripts/build-release.sh +++ b/scripts/build-release.sh @@ -270,6 +270,12 @@ fi if [ ${#checksum_files[@]} -eq 0 ]; then echo "Warning: no release artifacts found to checksum." else + # Generate individual .sha256 files for each asset (required by install.sh) + for file in "${checksum_files[@]}"; do + sha256sum "$file" | awk '{print $1}' > "${file}.sha256" + done + + # Also generate combined checksums.txt for convenience sha256sum "${checksum_files[@]}" > checksums.txt if [ -n "${SIGNING_KEY_ID:-}" ]; then if command -v gpg >/dev/null 2>&1; then