* [PATCH 0/1] Update gpg.txt to correct gpg --verify syntax
@ 2019-07-12 15:33 Robert Morgan via GitGitGadget
2019-07-12 15:33 ` [PATCH 1/1] gpg(docs): use correct " Robert Morgan via GitGitGadget
0 siblings, 1 reply; 4+ messages in thread
From: Robert Morgan via GitGitGadget @ 2019-07-12 15:33 UTC (permalink / raw)
To: git; +Cc: Junio C Hamano
The gpg --verify usage example within the 'gpg.program' variable reference
provides an incorrect example of the gpg --verify command arguments. The
command argument order, when providing both a detached signature and data,
should be signature first and data second:
https://gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html#index-verify
.
Signed-off-by: Robert T Morgan robert.thomas.morgan@gmail.com
[robert.thomas.morgan@gmail.com]
Robert Morgan (1):
gpg(docs): use correct --verify syntax
Documentation/config/gpg.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
base-commit: 6d5b26420848ec3bc7eae46a7ffa54f20276249d
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-285%2Frtmorgan%2Fpatch-1-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-285/rtmorgan/patch-1-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/285
--
gitgitgadget
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/1] gpg(docs): use correct --verify syntax
2019-07-12 15:33 [PATCH 0/1] Update gpg.txt to correct gpg --verify syntax Robert Morgan via GitGitGadget
@ 2019-07-12 15:33 ` Robert Morgan via GitGitGadget
2019-07-12 16:47 ` Junio C Hamano
0 siblings, 1 reply; 4+ messages in thread
From: Robert Morgan via GitGitGadget @ 2019-07-12 15:33 UTC (permalink / raw)
To: git; +Cc: Junio C Hamano, Robert Morgan
From: Robert Morgan <robert.thomas.morgan@gmail.com>
The gpg --verify usage example within the 'gpg.program' variable
reference provides an incorrect example of the gpg --verify command
arguments.
The command argument order, when providing both a detached signature
and data, should be signature first and data second:
https://gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html
Signed-off-by: Robert Morgan <robert.thomas.morgan@gmail.com>
---
Documentation/config/gpg.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
index f999f8ea49..cce2c89245 100644
--- a/Documentation/config/gpg.txt
+++ b/Documentation/config/gpg.txt
@@ -2,7 +2,7 @@ gpg.program::
Use this custom program instead of "`gpg`" found on `$PATH` when
making or verifying a PGP signature. The program must support the
same command-line interface as GPG, namely, to verify a detached
- signature, "`gpg --verify $file - <$signature`" is run, and the
+ signature, "`gpg --verify $signature - <$file`" is run, and the
program is expected to signal a good signature by exiting with
code 0, and to generate an ASCII-armored detached signature, the
standard input of "`gpg -bsau $key`" is fed with the contents to be
--
gitgitgadget
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] gpg(docs): use correct --verify syntax
2019-07-12 15:33 ` [PATCH 1/1] gpg(docs): use correct " Robert Morgan via GitGitGadget
@ 2019-07-12 16:47 ` Junio C Hamano
2019-07-12 19:11 ` Robert Morgan
0 siblings, 1 reply; 4+ messages in thread
From: Junio C Hamano @ 2019-07-12 16:47 UTC (permalink / raw)
To: Robert Morgan via GitGitGadget; +Cc: git, Robert Morgan
"Robert Morgan via GitGitGadget" <gitgitgadget@gmail.com> writes:
> diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
> index f999f8ea49..cce2c89245 100644
> --- a/Documentation/config/gpg.txt
> +++ b/Documentation/config/gpg.txt
> @@ -2,7 +2,7 @@ gpg.program::
> Use this custom program instead of "`gpg`" found on `$PATH` when
> making or verifying a PGP signature. The program must support the
> same command-line interface as GPG, namely, to verify a detached
> - signature, "`gpg --verify $file - <$signature`" is run, and the
> + signature, "`gpg --verify $signature - <$file`" is run, and the
> program is expected to signal a good signature by exiting with
> code 0, and to generate an ASCII-armored detached signature, the
> standard input of "`gpg -bsau $key`" is fed with the contents to be
Wow. Good find.
gpg-interface.c::verify_signed_buffer() takes a detached signature
in core, writes it to a temporary file and runs
gpg --status-fd=1 --verify $the_temporary_file
and the payload that is supposed to match the given signature is fed
via the standard input, so the above documentation is the only thing
that needs fixing, which is good ;-)
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] gpg(docs): use correct --verify syntax
2019-07-12 16:47 ` Junio C Hamano
@ 2019-07-12 19:11 ` Robert Morgan
0 siblings, 0 replies; 4+ messages in thread
From: Robert Morgan @ 2019-07-12 19:11 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
Thanks Junio.
I was looking at 'smimesign' and working to understand how, when set
within 'gpg.program', it conformed with gpg's usage within git
sign,verify etc. I happened to look at the docs for the 'gpg.program'
config variable and noticed the discrepancy.
Thanks again,
Robert
On Fri, Jul 12, 2019 at 11:47 AM Junio C Hamano <gitster@pobox.com> wrote:
>
> "Robert Morgan via GitGitGadget" <gitgitgadget@gmail.com> writes:
>
> > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
> > index f999f8ea49..cce2c89245 100644
> > --- a/Documentation/config/gpg.txt
> > +++ b/Documentation/config/gpg.txt
> > @@ -2,7 +2,7 @@ gpg.program::
> > Use this custom program instead of "`gpg`" found on `$PATH` when
> > making or verifying a PGP signature. The program must support the
> > same command-line interface as GPG, namely, to verify a detached
> > - signature, "`gpg --verify $file - <$signature`" is run, and the
> > + signature, "`gpg --verify $signature - <$file`" is run, and the
> > program is expected to signal a good signature by exiting with
> > code 0, and to generate an ASCII-armored detached signature, the
> > standard input of "`gpg -bsau $key`" is fed with the contents to be
>
> Wow. Good find.
>
> gpg-interface.c::verify_signed_buffer() takes a detached signature
> in core, writes it to a temporary file and runs
>
> gpg --status-fd=1 --verify $the_temporary_file
>
> and the payload that is supposed to match the given signature is fed
> via the standard input, so the above documentation is the only thing
> that needs fixing, which is good ;-)
>
> Thanks.
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-12 19:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-12 15:33 [PATCH 0/1] Update gpg.txt to correct gpg --verify syntax Robert Morgan via GitGitGadget
2019-07-12 15:33 ` [PATCH 1/1] gpg(docs): use correct " Robert Morgan via GitGitGadget
2019-07-12 16:47 ` Junio C Hamano
2019-07-12 19:11 ` Robert Morgan
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).