Josef Wolf wrote: > On Fri, Jan 31, 2025 at 09:57:24AM +0000, Andrew Gallagher wrote: >> On 30 Jan 2025, at 23:15, Josef Wolf <j...@raven.inka.de> wrote: >>> >>> I am trying to verify signature of downloaded files when creating a docker >>> container. This is what I am trying to do within the Dockerfile: >> >> Perhaps it would be easier to use gpgv? >> >> https://www.gnupg.org/documentation/manuals/gnupg/gpgv.html > > Thanks for the pointer, Andrew! This works. Just one addiotional note: gpgv > don't have --recipient-file switch, so the pubkey needs to be de-armored: > > RUN gpg --yes -o release-key.gpg --dearmor release-key.txt > RUN gpgv --keyring ./release-key.gpg sigfile.asc foo.tar.gz > > A --recipient-file (or --public-key-asc-file or something) would be a nice > addition to gpgv
https://dev.gnupg.org/T2290 (Allow gpgv2 to use armored GPG keys as keyring file with trusted keys) is a similar wishlist item. It's quite old, so I don't know that anyone who can fix it has the time or desire. But it would make using gpgv nicer. -- Todd
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users