Explicitly append a trailing newline to the output stream created by "gpg --verify", to ensure it always contains one. The FreePG patchset to GPG corrects handling the trailing newlines in cleartext signed messages, which means that GPG-created "incorrect" messages no longer include a trailing newline character [1]. We are parsing the checksum file via bash's "read" command that ignores the characters after the final newline character, so we need to ensure that one is always present after the ultimate checksum.
Adding an extra newline to vanilla GnuPG output causes no harm, as the verification function will simply ignore the resulting empty line. [1] https://gitlab.com/freepg/gnupg/-/blob/a4e8d23439f1e101da3e335b3beab822be968d56/DIFF.md#handle-cleartext-signature-framework-csf-messages-correctly Signed-off-by: Michał Górny <[email protected]> --- eclass/verify-sig.eclass | 1 + 1 file changed, 1 insertion(+) diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index 1cd3e1010ae57..4e38d327b8381 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -380,6 +380,7 @@ _gpg_verify_signed_checksums() { verify-sig_verify_unsigned_checksums - "${algo}" "${files}" < <( verify-sig_verify_message "${checksum_file}" - "${key}" + echo ) }
