On Fri, Sep 16, 2016 at 02:17:24PM -0400, Lennart Sorensen wrote: > On Fri, Sep 16, 2016 at 02:06:51PM -0400, Lennart Sorensen wrote: > > On Fri, Sep 16, 2016 at 08:02:10PM +0200, Julien Cristau wrote: > > > On Fri, Sep 16, 2016 at 13:55:53 -0400, Lennart Sorensen wrote: > > > > > > > On Fri, Sep 16, 2016 at 06:59:44PM +0200, Julien Cristau wrote: > > > > > On Fri, Sep 2, 2016 at 20:35:12 +0200, Julien Cristau wrote: > > > > > > > > > > > On Mon, Aug 15, 2016 at 12:12:02 +0200, Ansgar Burchardt wrote: > > > > > > > > > > > > > If you restore support for `InRelease` and want to use `gpgv`, > > > > > > > please > > > > > > > split `InRelease` into two files, i.e. `Release` and > > > > > > > `Release.gpg`, and > > > > > > > verify that the signature actually covers all of `Release`. > > > > > > > > > > > > > Here's an attempt at doing that. Only lightly tested. > > > > > > > > > > > Ansgar pointed out on IRC that so far nothing in debootstrap requires > > > > > awk on the host. I haven't found a way to kill the last newline with > > > > > sed in a quick attempt, and I don't know how big of a deal requiring > > > > > awk > > > > > would be, so help welcome. > > > > > > > > How about instead of the awk bit using: > > > > > > > > sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" > > > > > "$reldest" > > > > > > > > At least that works for the InRelease in debian sid since it has a blank > > > > line at the end of the PGP header before the Release file data. > > > > > > > My problem is getting something that I can feed to gpgv to verify the > > > signature, I don't think your command provides that. > > > > Well it makes a Release file that is totally bit for bit identical to > > the Release file that goes with Release.gpg > > > > diff verified that. > > > > So if gpgv wants something different than the original Release file, > > then that's weird. > > Wow, it does want the last newline removed. That's just stupid.
If assuming gnu head or busybox head is available (head is certainly assumed to exist), then one could do: sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" | head -c -1 > "$reldest" But it is not pure posix compliant. But it would work with both gnu coreutils and busybox versions of head. -- Len Sorensen
