[arch-general] Proper use of signify in PKGBUILDs
dev at sgregoratto.me
Sun Jul 21 06:19:08 UTC 2019
I recently adopted the openbsd-manpages package, and wanted to verify
downloaded files using OpenBSD's signify(1) tool. For each release of
OpenBSD, you download the base public key, the architecture-specific
files and the SHA256.sig for those files.
The files are verified by running:
signify -Cp openbsd-65-base.pub -x SHA256.sig *.tgz
The problem is that PKGBUILD thinks that the signify signature is a PGP
signature, and tries to verify it against a non-existent file/PGP key.
I've worked around this by renaming SHA256.sig to SHA256.
Have any other packagers/maintainers experienced this problem,
and if so are there any better solutions other than the one I mentioned?
More information about the arch-general