Hi Ted !!!
Today I downloaded a fresh SHA256.sig and bsd.rd and successfully
verified them both with signify(1).
--
signify -C [-q] -p pubkey -x sigfile [file ...]
Just wondering if signify(1) is intended to exit 0 ONLY if the [file
...] is within the shell's pwd ?? By chance, I noticed that
/path/to/file will fail on the same bsd.rd controlling for the working
directory.
You can see the same results by (for example):
a) mkdir /home/bench/snaps
b) cd /home/bench/snaps
c) /home/bench/snaps $> (download SHA256.sig and bsd.rd)
d) /home/bench/snaps $> signify -Cp /etc/signify/openbsd-63-base.pub
-x SHA256.sig bsd.rd
Signature Verified
bsd.rd: OK
e) /home/bench/snaps $> mv SHA256.sig ..
f) /home/bench/snaps $> signify -Cp /etc/signify/openbsd-63-base.pub
-x ../SHA256.sig bsd.rd
Signature Verified
bsd.rd: OK
g) cd ..
h) /home/bench $> signify -Cp /etc/signify/openbsd-63-base.pub
-x SHA256.sig snaps/bsd.rd
Signature Verified
snaps/bsd.rd: FAIL
---
I just wanted to bring this to your attention.
Big thanks to you and to Marc for such a great utilty !!! Thanks also to
Ingo for a man page full of really useful examples, especially the one
about "verifing a gzip pipeline." That example really shows off your
great work within the context of what makes un*x so amazing.
Have a great weekend !!!
-A
