iterion

← docs index · ← desktop-qa-checklist.md · ← desktop-distribution.md

Desktop — release checklist

Walk this checklist before pushing a desktop-v* (or v* if CLI + desktop release together) tag. It’s the gate between “code is QA-clean on every platform” (covered by desktop-qa-checklist.md) and “the release is published, signed, and announced”.

A box left unticked is a release that ships broken. Resist the urge to bypass.

1. Code freeze

2. Versioning

3. Signing prerequisites

These are hard prerequisites held outside the repo. Confirm each is current and accessible by the release operator before pushing the tag.

If any of these is missing or expired:

5. Trigger the release

6. Post-publish verification

7. Announcement (optional but expected for v1.0)

8. Rollback contingency

If a release artefact ships a critical bug after publication:

Key rotation (Ed25519 updater key)

The Ed25519 keypair signing the manifest + artefacts is the trust root for auto-update. Rotate it when:

Rotation procedure:

  1. Generate a new keypair: ./scripts/desktop/ed25519-keygen.sh ./new-keys.
  2. Update cmd/iterion-desktop/updater.go updaterPublicKeyHex to the new public key (hex-encoded).
  3. Cut a release with both the old and new public keys recognised — temporarily widen verifyManifest to accept either signature, ship that release, wait until > 95% of installs have updated.
  4. Cut a follow-up release that drops the old public key.
  5. Update the GitHub secret UPDATER_ED25519_PRIVATE to the new key.
  6. Securely destroy the old private key.

Without the dual-key bridge, users on the old version can’t update past the rotation point because their embedded public key won’t verify the new manifest.

What’s not here