These scripts help you build and prepare update manifests for production releases.
Install the required tools:
-
signify: For Ed25519 key generation and signing
- macOS:
brew install signify-osx - Linux: Install from your distribution's package manager
- Windows: Use WSL or download from OpenBSD
- macOS:
-
b2sum: For BLAKE2b hash generation
- macOS:
brew install coreutils(providesb2sum) - Linux: Usually pre-installed
- Windows: Use WSL or download from a coreutils package
- macOS:
-
WiX Toolset: For building MSI installers (Windows only)
- Download from: https://github.com/wixtoolset/wix/releases/
Important: Skip this step if you already have signing keys.
./scripts/generate-keys.sh signing-keysThis creates:
signing-keys/release.pub- Public keysigning-keys/release.sec- Secret key (keep this secure!)
Important: Skip this step if you've already set the public key in constants.go.
./scripts/extract-public-key.sh signing-keys/release.pubCopy the output and update updater/constants.go:
const (
releasePublicKeyBase64 = "<paste-key-here>"
// ... other constants
)./scripts/set-version.sh 1.0.3This updates both version/version.go and installer/pangolin.wxs with the new version.
make buildThis creates build/Pangolin.exe.
# Windows
scripts\build-msi.batRename the generated MSI files to include the version number:
build\pangolin-amd64-<version>.msi
# Auto-detect all MSI files in build/
./scripts/generate-manifest.sh
# Or specify files manually
./scripts/generate-manifest.sh build/pangolin-amd64-1.0.1.msiThis creates build/filelist.txt with BLAKE2b-256 hashes of all MSI files.
./scripts/sign-manifest.sh signing-keys/release.secThis creates build/latest.sig (the signed manifest).
Upload the following files to your update server:
-
build/latest.sig→ Upload to path specified inupdater/constants.go(latestVersionPath)- Example:
/windows-client/latest.sig
- Example:
-
MSI files → Upload to path specified in
updater/constants.go(msiPath)- Example:
/windows-client/pangolin-amd64-1.0.1.msi
- Example: