Hi Andreas-- On Fri 2023-02-10 15:31:27 +0100, Andreas Metzler wrote: > According to both manpage and "sqop help verify" sqop verify accepts > exactly to args (sig and cert) plus two options > (--not-after/--not-before). > > However this command simply hangs: > sqop verify gnutls28_3.7.8.orig.tar.xz.asc > gnutls-3.7.8/debian/upstream/signing-key.asc > > Reading #969590 I found that the to-be verified tarball needs to be > passed as third arg on stdin.
Technically this isn't a third argument, it's just stdin. sqop implements the standard Stateless OpenPGP Command Line Interface, which is found at https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ Hopefully that documentation is clearer than the manpages shipped with sqop. This crate should really create more up-to-date manpages during build, and the manpages should describe the expectations for stdin/stdout more clearly. i think that's at least in part an upstream concern: https://gitlab.com/sequoia-pgp/sequoia-sop/-/issues/33 Regards, --dkg
signature.asc
Description: PGP signature
