On Fri, Sep 16, 2016 at 13:55:53 -0400, Lennart Sorensen wrote: > On Fri, Sep 16, 2016 at 06:59:44PM +0200, Julien Cristau wrote: > > On Fri, Sep 2, 2016 at 20:35:12 +0200, Julien Cristau wrote: > > > > > On Mon, Aug 15, 2016 at 12:12:02 +0200, Ansgar Burchardt wrote: > > > > > > > If you restore support for `InRelease` and want to use `gpgv`, please > > > > split `InRelease` into two files, i.e. `Release` and `Release.gpg`, and > > > > verify that the signature actually covers all of `Release`. > > > > > > > Here's an attempt at doing that. Only lightly tested. > > > > > Ansgar pointed out on IRC that so far nothing in debootstrap requires > > awk on the host. I haven't found a way to kill the last newline with > > sed in a quick attempt, and I don't know how big of a deal requiring awk > > would be, so help welcome. > > How about instead of the awk bit using: > > sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" > "$reldest" > > At least that works for the InRelease in debian sid since it has a blank > line at the end of the PGP header before the Release file data. > My problem is getting something that I can feed to gpgv to verify the signature, I don't think your command provides that.
Cheers, Julien
