On Sat, Dec 10, 2011 at 11:45 PM, Allan McRae <[email protected]> wrote: > On 11/12/11 14:10, Dave Reisner wrote: >> Allows renamed .asc/.sig files to be still discovered by makepkg. This >> is needed for a package such as PuTTY, which provides abnormally named >> sig files (.DSA and .RSA) which are valid input for gpg --verify. > > Just to clarify... Are they valid input as in "gpg --verify foo.DSA" > works or do you need to use "gpg --verify foo.DSA source.file" (or > whatever the correct command syntax is)? >
You need to specify the source tarball filename: $ gpg --verify putty-0.62.tar.gz.DSA gpg: no signed data gpg: can't hash datafile: file open error $ gpg --verify putty-0.62.tar.gz.DSA putty-0.62.tar.gz gpg: Signature made Sat 10 Dec 2011 08:34:11 AM EST using DSA key ID 08B0A90B gpg: Good signature from "PuTTY Releases (DSA) <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B > Allan > >
