Update gpg.txt to correct gpg --verify syntax #285
Conversation
Welcome to GitGitGadgetHi @rtmorgan, and welcome to GitGitGadget, the GitHub App to send patch series to the Git mailing list from GitHub Pull Requests. Please make sure that this Pull Request has a good description, as it will be used as cover letter. Also, it is a good idea to review the commit messages one last time, as the Git project expects them in a quite specific form:
It is in general a good idea to await the automated test ("Checks") in this Pull Request before contributing the patches, e.g. to avoid trivial issues such as unportable code. Contributing the patchesBefore you can contribute the patches, your GitHub username needs to be added to the list of permitted users. Any already-permitted user can do that, by adding a PR comment of the form Once on the list of permitted usernames, you can contribute the patches to the Git mailing list by adding a PR comment After you submit, GitGitGadget will respond with another comment that contains the link to the cover letter mail in the Git mailing list archive. Please make sure to monitor the discussion in that thread and to address comments and suggestions. If you do not want to subscribe to the Git mailing list just to be able to respond to a mail, you can download the mbox ("raw") file corresponding to the mail you want to reply to from the Git mailing list. If you use GMail, you can upload that raw mbox file via: curl -g --user "<EMailAddress>:<Password>" --url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txt |
|
Welcome, @rtmorgan! Could you also please wrap the commit message at <= 76 columns per line? |
|
/allow rtmorgan |
|
User rtmorgan is now allowed to use GitGitGadget. |
|
Also, maybe replace
by
|
|
Thank you @dscho . I'll make those changes. |
The gpg --verify usage example within the 'gpg.program' variable reference provides an incorrect example of the gpg --verify command arguments. The command argument order, when providing both a detached signature and data, should be signature first and data second: https://gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html Signed-off-by: Robert Morgan <robert.thomas.morgan@gmail.com>
|
/submit |
|
Submitted as pull.285.git.gitgitgadget@gmail.com |
![gitgitgadget[bot]](https://avatars.githubusercontent.com/in/12836?s=60&v=4){kind=small}
| @@ -2,7 +2,7 @@ gpg.program:: | |||
| Use this custom program instead of "`gpg`" found on `$PATH` when | |||
There was a problem hiding this comment.
On the Git mailing list, Junio C Hamano wrote (reply to this):
"Robert Morgan via GitGitGadget" <gitgitgadget@gmail.com> writes:
> diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
> index f999f8ea49..cce2c89245 100644
> --- a/Documentation/config/gpg.txt
> +++ b/Documentation/config/gpg.txt
> @@ -2,7 +2,7 @@ gpg.program::
> Use this custom program instead of "`gpg`" found on `$PATH` when
> making or verifying a PGP signature. The program must support the
> same command-line interface as GPG, namely, to verify a detached
> - signature, "`gpg --verify $file - <$signature`" is run, and the
> + signature, "`gpg --verify $signature - <$file`" is run, and the
> program is expected to signal a good signature by exiting with
> code 0, and to generate an ASCII-armored detached signature, the
> standard input of "`gpg -bsau $key`" is fed with the contents to be
Wow. Good find.
gpg-interface.c::verify_signed_buffer() takes a detached signature
in core, writes it to a temporary file and runs
gpg --status-fd=1 --verify $the_temporary_file
and the payload that is supposed to match the given signature is fed
via the standard input, so the above documentation is the only thing
that needs fixing, which is good ;-)
Thanks.
There was a problem hiding this comment.
On the Git mailing list, Robert Morgan wrote (reply to this):
Thanks Junio.
I was looking at 'smimesign' and working to understand how, when set
within 'gpg.program', it conformed with gpg's usage within git
sign,verify etc. I happened to look at the docs for the 'gpg.program'
config variable and noticed the discrepancy.
Thanks again,
Robert
On Fri, Jul 12, 2019 at 11:47 AM Junio C Hamano <gitster@pobox.com> wrote:
>
> "Robert Morgan via GitGitGadget" <gitgitgadget@gmail.com> writes:
>
> > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
> > index f999f8ea49..cce2c89245 100644
> > --- a/Documentation/config/gpg.txt
> > +++ b/Documentation/config/gpg.txt
> > @@ -2,7 +2,7 @@ gpg.program::
> > Use this custom program instead of "`gpg`" found on `$PATH` when
> > making or verifying a PGP signature. The program must support the
> > same command-line interface as GPG, namely, to verify a detached
> > - signature, "`gpg --verify $file - <$signature`" is run, and the
> > + signature, "`gpg --verify $signature - <$file`" is run, and the
> > program is expected to signal a good signature by exiting with
> > code 0, and to generate an ASCII-armored detached signature, the
> > standard input of "`gpg -bsau $key`" is fed with the contents to be
>
> Wow. Good find.
>
> gpg-interface.c::verify_signed_buffer() takes a detached signature
> in core, writes it to a temporary file and runs
>
> gpg --status-fd=1 --verify $the_temporary_file
>
> and the payload that is supposed to match the given signature is fed
> via the standard input, so the above documentation is the only thing
> that needs fixing, which is good ;-)
>
> Thanks.
>
>
>
|
This branch is now known as |
|
This patch series was integrated into pu via git@73d6c04. |
|
This patch series was integrated into pu via git@d4f65ce. |
|
This patch series was integrated into pu via git@b7a8064. |
|
This patch series was integrated into next via git@ef358ec. |
|
This patch series was integrated into pu via git@34e59b8. |
|
This patch series was integrated into pu via git@f9e6839. |
|
This patch series was integrated into pu via git@edefaa5. |
|
This patch series was integrated into next via git@edefaa5. |
|
This patch series was integrated into master via git@edefaa5. |
|
Closed via edefaa5. |
The gpg --verify usage example within the 'gpg.program' variable reference provides an incorrect example of the gpg --verify command arguments. The command argument order, when providing both a detached signature and data, should be signature first and data second: https://gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html#index-verify.
Signed-off-by: Robert T Morgan robert.thomas.morgan@gmail.com