Sign the dist as the last step before creating the archive. Take care not to modify/regenerate dist meta files or the manifest.

Error: gpg: Signature made Fri 22 Nov 2019 09:14:20 AM JST gpg: using RSA key F77A0D3F6D90C2A6FF31FDA22399F1697C13C65D gpg: requesting key 2399F1697C13C65D from hkp server keyserver.ubuntu.com gpg: Good signature from "Johanna Amann <johanna@icir.org>" [unknown] gpg: error getting main key 0386A9FD7196EEA0 of subkey 2399F1697C13C65D: No public key gpg: Note: This key has expired! Primary key fingerprint: FF14 3D8E 6CC5 AD6E 39B2 4498 40CB 0F47 8A5F 913A Subkey fingerprint: F77A 0D3F 6D90 C2A6 FF31 FDA2 2399 F169 7C13 C65D ==> BAD/TAMPERED signature detected! <==

Add a META.json to the distribution. Your buildtool should be able to autogenerate it.

Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.