Cleartext signatures have many gotchas. Therefore, the use of detached signatures is recommended where possible. See: <https://gnupg.org/blog/20251226-cleartext-signatures.html>.
* doc/coreutils.texi (tee invocation): Adjust gpg invocation to produce a detached signature. --- doc/coreutils.texi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/coreutils.texi b/doc/coreutils.texi index aeb258b23..f3d8c81ca 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -13984,7 +13984,8 @@ @node tee invocation tardir=your-pkg-M.N tar chof - "$tardir" \ | tee >(cksum -a sha2 -l 256) > >(cksum -a sha3 -l 256) \ - | sort | gpg --clearsign > your-pkg-M.N.tar.sig + | sort | tee your-pkg-M.N.checksums \ + | gpg --detach-sign --armor -o your-pkg-M.N.checksums.sig @end example @exitstatus -- 2.53.0
