Sign the dist as the last step before creating the archive. Take care not to modify/regenerate dist meta files or the manifest.

Error: gpg: Signature made Thu 09 May 2019 11:24:13 PM JST gpg: using RSA key F726AA58136E97D97B4C41F06C94FD7F46B7F3C8 gpg: requesting key 6C94FD7F46B7F3C8 from hkp server keyserver.ubuntu.com gpg: Good signature from "Michael Kröll <michael.kroell@geizhals.at>" [unknown] gpg: aka "Michael Kröll <michael.kroell@uibk.ac.at>" [unknown] gpg: aka "Michael Kröll <michael.kroell@gmail.com>" [unknown] gpg: error getting main key 1C38FB1C576C4B45 of subkey 6C94FD7F46B7F3C8: No public key gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF14 3D8E 6CC5 AD6E 39B2 4498 40CB 0F47 8A5F 913A Subkey fingerprint: F726 AA58 136E 97D9 7B4C 41F0 6C94 FD7F 46B7 F3C8 ==> BAD/TAMPERED signature detected! <==

Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.