diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml
index 0e3e5079..78ac2058 100755
--- a/airsonic-main/pom.xml
+++ b/airsonic-main/pom.xml
@@ -634,6 +634,10 @@
org.owasp
dependency-check-maven
+
+ net.nicoulaj.maven.plugins
+ checksum-maven-plugin
+
diff --git a/contrib/release.md b/contrib/release.md
index ccd53f9b..fac0787c 100644
--- a/contrib/release.md
+++ b/contrib/release.md
@@ -20,37 +20,41 @@ Release Steps
6. Package
- mvn clean verify -P docker,sign
+ mvn clean verify -P docker
-7. push up branch and tag
+7. Sign sha256sums file
+
+ gpg2 --clearsign artifacts-checksums.sha
+
+8. push up branch and tag
git push origin vX.Y.Z
git push -u origin release-X.Y
-8. Create new release on github
+9. Create new release on github
- Draft new Relase
- Choose existing tag
- Title is "Airsonic X.Y.Z"
- Contents are the relevant entry of the CHANGELOG.md file
- - Upload `airsonic.war` and `airsonic.war.asc`
+ - Upload `airsonic.war` and `artifacts-checksums.sha`
-9. Update latest docker tag
+10. Update latest docker tag
docker tag airsonic/airsonic:X.Y.Z-RELEASE airsonic/airsonic:latest
-10. Docker login with airsonic credentials in `airsonic-passwords` repo
+11. Docker login with airsonic credentials in `airsonic-passwords` repo
docker login
-11. Push images
+12. Push images
docker push airsonic/airsonic:X.Y.Z-RELEASE
docker push airsonic/airsonic:latest
-12. Checkout master branch and bump maven version to next snapshot version
+13. Checkout master branch and bump maven version to next snapshot version
git checkout master
mvn versions:set -DnewVersion=X.Y+1.0-SNAPSHOT
-13. Git commit and push
+14. Git commit and push
diff --git a/integration-test/pom.xml b/integration-test/pom.xml
index 136b8a64..45ed1061 100644
--- a/integration-test/pom.xml
+++ b/integration-test/pom.xml
@@ -203,19 +203,6 @@
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 1.6
-
-
- none
-
- sign
-
-
-
-
diff --git a/pom.xml b/pom.xml
index 9f4b6c24..6f737813 100644
--- a/pom.xml
+++ b/pom.xml
@@ -326,6 +326,26 @@
maven-surefire-plugin
2.22.0
+
+ net.nicoulaj.maven.plugins
+ checksum-maven-plugin
+ 1.8
+
+
+ package
+
+ artifacts
+
+
+
+
+
+ SHA-256
+
+ false
+ true
+
+
@@ -417,25 +437,5 @@
integration-test
-
- sign
-
-
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 1.6
-
-
- verify
-
- sign
-
-
-
-
-
-
-