| Message ID | e2daf21f1f2574a79f83d4e66591f67b1c937efe.1562945635.git.gitgitgadget@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Update gpg.txt to correct gpg --verify syntax | expand |
"Robert Morgan via GitGitGadget" <gitgitgadget@gmail.com> writes: > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt > index f999f8ea49..cce2c89245 100644 > --- a/Documentation/config/gpg.txt > +++ b/Documentation/config/gpg.txt > @@ -2,7 +2,7 @@ gpg.program:: > Use this custom program instead of "`gpg`" found on `$PATH` when > making or verifying a PGP signature. The program must support the > same command-line interface as GPG, namely, to verify a detached > - signature, "`gpg --verify $file - <$signature`" is run, and the > + signature, "`gpg --verify $signature - <$file`" is run, and the > program is expected to signal a good signature by exiting with > code 0, and to generate an ASCII-armored detached signature, the > standard input of "`gpg -bsau $key`" is fed with the contents to be Wow. Good find. gpg-interface.c::verify_signed_buffer() takes a detached signature in core, writes it to a temporary file and runs gpg --status-fd=1 --verify $the_temporary_file and the payload that is supposed to match the given signature is fed via the standard input, so the above documentation is the only thing that needs fixing, which is good ;-) Thanks.
Thanks Junio. I was looking at 'smimesign' and working to understand how, when set within 'gpg.program', it conformed with gpg's usage within git sign,verify etc. I happened to look at the docs for the 'gpg.program' config variable and noticed the discrepancy. Thanks again, Robert On Fri, Jul 12, 2019 at 11:47 AM Junio C Hamano <gitster@pobox.com> wrote: > > "Robert Morgan via GitGitGadget" <gitgitgadget@gmail.com> writes: > > > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt > > index f999f8ea49..cce2c89245 100644 > > --- a/Documentation/config/gpg.txt > > +++ b/Documentation/config/gpg.txt > > @@ -2,7 +2,7 @@ gpg.program:: > > Use this custom program instead of "`gpg`" found on `$PATH` when > > making or verifying a PGP signature. The program must support the > > same command-line interface as GPG, namely, to verify a detached > > - signature, "`gpg --verify $file - <$signature`" is run, and the > > + signature, "`gpg --verify $signature - <$file`" is run, and the > > program is expected to signal a good signature by exiting with > > code 0, and to generate an ASCII-armored detached signature, the > > standard input of "`gpg -bsau $key`" is fed with the contents to be > > Wow. Good find. > > gpg-interface.c::verify_signed_buffer() takes a detached signature > in core, writes it to a temporary file and runs > > gpg --status-fd=1 --verify $the_temporary_file > > and the payload that is supposed to match the given signature is fed > via the standard input, so the above documentation is the only thing > that needs fixing, which is good ;-) > > Thanks. > > >
diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt index f999f8ea49..cce2c89245 100644 --- a/Documentation/config/gpg.txt +++ b/Documentation/config/gpg.txt @@ -2,7 +2,7 @@ gpg.program:: Use this custom program instead of "`gpg`" found on `$PATH` when making or verifying a PGP signature. The program must support the same command-line interface as GPG, namely, to verify a detached - signature, "`gpg --verify $file - <$signature`" is run, and the + signature, "`gpg --verify $signature - <$file`" is run, and the program is expected to signal a good signature by exiting with code 0, and to generate an ASCII-armored detached signature, the standard input of "`gpg -bsau $key`" is fed with the contents to be