From 25aaeeefca3cf043137abc460ab92e49fc7bc6b0 Mon Sep 17 00:00:00 2001 From: George Adams Date: Fri, 12 Jun 2026 12:50:58 +0100 Subject: [PATCH 1/2] Ship .asc signature alongside .sig Produce an .asc PGP signature file alongside the existing .sig for every tar.gz archive. The .sig remains the default/primary extension; .asc is shipped in parallel for compatibility with upstream Go tooling (e.g. official Dockerfiles). Fixes https://github.com/microsoft/go/issues/181 --- eng/_util/cmd/sign/archive.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/eng/_util/cmd/sign/archive.go b/eng/_util/cmd/sign/archive.go index 1ee24fb7b27..cb7635a3171 100644 --- a/eng/_util/cmd/sign/archive.go +++ b/eng/_util/cmd/sign/archive.go @@ -427,10 +427,10 @@ func (a *archive) prepareArchiveSignatures(ctx context.Context) ([]*fileToSign, if err := ctx.Err(); err != nil { return nil, err } - // Copy the archive file to have .sig suffix, e.g. "tar.gz" to "tar.gz.sig". The signing - // process sends the "tar.gz.sig" file to get a signature, then replaces the "tar.gz.sig" - // file's content in-place with the result. We need to preemptively make a renamed copy of the - // file so we end up with both the original file and sig on the machine. + // Copy the archive file with a ".sig" suffix. The signing process sends this file to get a + // signature, then replaces its content in-place with the result. We need to preemptively make + // a renamed copy of the file so we end up with both the original file and signature on the + // machine. log.Printf("Copying file for signature generation: %q -> %q", a.latestPath(), a.sigPath()) if err := copyFile(a.sigPath(), a.latestPath()); err != nil { return nil, err @@ -460,6 +460,10 @@ func (a *archive) copyToDestination(ctx context.Context) error { if err := copyFile(filepath.Join(*destinationDir, a.name+".sig"), a.sigPath()); err != nil { return err } + // Also produce an .asc file (same content) to match upstream Go's convention. + if err := copyFile(filepath.Join(*destinationDir, a.name+".asc"), a.sigPath()); err != nil { + return err + } return nil } From 69992e7a28ca3870151f4bbbcc9a69129c384d8c Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 15 Jun 2026 16:21:23 -0700 Subject: [PATCH 2/2] Update eng/_util/cmd/sign/archive.go Co-authored-by: Davis Goodin --- eng/_util/cmd/sign/archive.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/_util/cmd/sign/archive.go b/eng/_util/cmd/sign/archive.go index cb7635a3171..17371c647a9 100644 --- a/eng/_util/cmd/sign/archive.go +++ b/eng/_util/cmd/sign/archive.go @@ -427,7 +427,7 @@ func (a *archive) prepareArchiveSignatures(ctx context.Context) ([]*fileToSign, if err := ctx.Err(); err != nil { return nil, err } - // Copy the archive file with a ".sig" suffix. The signing process sends this file to get a + // Copy the archive file and add a ".sig" suffix. The signing process sends this new file to get a // signature, then replaces its content in-place with the result. We need to preemptively make // a renamed copy of the file so we end up with both the original file and signature on the // machine.