Pear DocsSet up multisig
One-time setup for a multisig production drive: generate signing keys, configure pear.json, compute the multisig link, and point upgrade at it.
Production releases are gated by a multisig drive — a Hypercore whose write access is controlled by a quorum of signing keys instead of one machine's private key. This is what removes the single point of failure from a typical desktop release flow, and it is why a multisig drive is not machine-bound: a quorum of signers can keep producing releases even if every other key is lost.
This guide is the one-time setup. Once it is done, every release uses the repeatable signing flow in Sign with multisig.
This is the production gate of the desktop release flow. You need a working provision link before you set up multisig — provision is the source drive that signing requests are prepared and committed against.
Create signing keys
Every signer generates a signing key with Pear:
pear multisig keys getEach signer takes note of the printed public key and shares it with whoever is assembling the multisig config. The same key can sign many builds.
Create the multisig config
In your project — the same directory as package.json — create or edit pear.json and set the multisig property to an object with every signer's public key, a quorum count, and an arbitrary namespace string:
{
"multisig": {
"publicKeys": ["pubkey-signer-1", "pubkey-signer-2", "pubkey-signer-3"],
"namespace": "pear-chat",
"quorum": 2
}
}This example needs two of three signers to release. The quorum is the minimum number of signers whose responses must agree before a release can be committed. The multisig link is derived from the namespace, publicKeys, and quorum alone — the provision (source) link is not part of the config; it is supplied later, when you prepare and commit each signing request.
Set upgrade to the multisig link
From the same directory, compute the multisig link:
pear multisig link
# pear://69qwbihxj4c8te15wt3skj4j1g3ufmbo3mperedjqr1hb55mspooThen finish the release cycle:
- Set the upgrade link in
package.jsonto the multisig link from above. - Bump
version. - Run
npm run make,pear build, andpear stage. - Provision again with the multisig link as the third argument:
pear provision pear://0.1082.qxenz5wmspmryjc13m9yzsqj1conqotn8fb4ocbufwtz9mtbqq5o pear://q9sopzoqgas9usoiq7uzkkwngm5pzj4zo3n4esjwwbmw6offis8o pear://0.0.69qwbihxj4c8te15wt3skj4j1g3ufmbo3mperedjqr1hb55mspooThe provision drive's upgrade field now points at the multisig drive. Setup is complete — releases now go through the signing flow.
See also
- Sign with multisig — the repeatable prepare → sign → verify → commit flow for every release.
- Troubleshoot multisig — interrupted commits,
INCOMPATIBLE_SOURCE_AND_TARGET, and recovering lost write access. - Deploy your application — the full eight-step release flow this gates.
- Release pipeline — conceptual diagrams for stage, provision, and multisig.