danielrobbins/keychain 2.9.6

keychain 2.9.6

on GitHub

keychain 2.9.6 (06 Sep 2025)

Documentation/branding release (no functional code changes):

• Updated references in wiki to reflect the new official home of Keychain at
  https://github.com/danielrobbins/keychain.
• Consolidate historical references; retain only intentional archival note(s).

Additional release engineering improvements:

• Add release automation helpers: Makefile release (create) and
  release-refresh (asset replace), plus scripts under scripts/ and
  GitHub Actions workflow to build artifacts on tag push (staging only).
• Add docs/release-steps.md to formalize release process (numeric tags only,
  assets: tarball, wrapper script, man page).
• Orchestrated release flow (make release / make release-refresh) now enforces:
  • Mandatory CI (Debian container) artifact fetch for the tag.
  • Normalized comparisons:
    • keychain – raw sha256.
    • keychain.1 – raw sha256; on mismatch, re-compare with Pod::Man first line stripped.
    • Tarball – internal file list + per-file sha256 (man page internally normalized) ignoring tar/gzip metadata.
  • If (and only if) all artifacts match (raw or normalized) CI artifacts are used DIRECTLY for publication; local artifacts are never overwritten (kept for audit).
  • Any real content mismatch aborts unless KEYCHAIN_FORCE_LOCAL=1 is explicitly set (single override; KEYCHAIN_ADOPT_CI removed).
  • Copy/paste diff command hints emitted on mismatch for rapid investigation.
  • Asset path indirection via exported variables prevents local file mutation, improving auditability.
• Release notes body automatically extended with a Build Provenance table (sha256 for keychain and keychain.1) plus the tag commit SHA1.
• Workflow continues to only stage artifacts; publication requires explicit maintainer action (no auto-release on tag push).

Build Provenance

Tag commit SHA1: c6ecde08fe7de3ab51eef0e5ca424ae1b005dd6f