enhancement: sign release binaries with GPG for integrity verification
#1,159 opened on Apr 10, 2026
Repository metrics
- Stars
- (48,085 stars)
- PR merge metrics
- (Avg merge 11d 1h) (45 merged PRs in 30d)
Description
Problem
RTK releases on GitHub contain pre-built binaries (`.tar.gz` archives) with no cryptographic signature. Users who download these binaries have no way to verify:
- Authenticity: The binary was actually built by RTK maintainers
- Integrity: The binary was not modified in transit or on GitHub's servers
This is particularly important for a CLI tool that:
- Sits between the user and their shell commands
- Executes system commands on behalf of AI agents
- Has access to file system operations via its hooks
Proposed solution
1. Generate a maintainer GPG key
Create a dedicated signing key for RTK releases (not a personal key).
2. Sign release artifacts
In the CI/CD release workflow (.github/workflows/), after building binaries:
```bash gpg --batch --yes --armor --detach-sign rtk-x86_64-unknown-linux-musl.tar.gz gpg --batch --yes --armor --detach-sign rtk-aarch64-apple-darwin.tar.gz
etc.
```
3. Publish signatures with releases
The `.asc` signature files should be uploaded alongside the binaries in each GitHub Release.
4. Update installer
`install.sh` should download and verify the signature:
```bash
Download signature
curl -fsSL "$DOWNLOAD_URL.asc" -o "$ARCHIVE.asc"
Verify (requires importing the public key first)
gpg --verify "$ARCHIVE.asc" "$ARCHIVE" ```
5. Publish public key
Host the public signing key on the RTK website and a keyserver. Include the key fingerprint in the README.
Alternative: Sigstore/cosign
Instead of GPG, use Sigstore's cosign for keyless signing. This is the modern approach used by many Rust projects:
```bash cosign sign-blob --yes rtk-x86_64-unknown-linux-musl.tar.gz cosign verify-blob --certificate-identity= rtk-x86_64-unknown-linux-musl.tar.gz ```
Acceptance criteria
- Each release has signed artifacts or a verifiable checksum
- CI workflow automatically signs during release
- Public verification key is accessible
- Installer supports verification (or documents manual verification steps)