You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running swiftenv install with the --verify flag, it attempts to verify the signature but actually fails open with the following logging:
gpg: no signed data
gpg: can't hash datafile: No data
The current implementation doesn't actually do the needful because it doesn't meet gpg's conventions around naming:
--verify
Assume that the first argument is a signed file or a detached signature
and verify it without generating any output. With no arguments, the
signature packet is read from STDIN. If only a sigfile is given, it may
be a complete signature or a detached signature, in which case the signed
stuff is expected in a file without the ".sig" or ".asc" extension.
With more than 1 argument, the first should be a detached signature
and the remaining files are the signed stuff.
In the Swift.org instructions, the example works because the tarball is a swift-*.tar.gz and the signature is a swift-*.tar.gz.sig file and thus meets the single-argument conventions.
The code here is not preserving the names of the tarball and signature locally, so it does not match up and gpg fails to actually verify the signature whilst (unhelpfully) keeping its exit code as 0.
The text was updated successfully, but these errors were encountered:
When running
swiftenv installwith the--verifyflag, it attempts to verify the signature but actually fails open with the following logging:The current implementation doesn't actually do the needful because it doesn't meet
gpg's conventions around naming:In the Swift.org instructions, the example works because the tarball is a
swift-*.tar.gzand the signature is aswift-*.tar.gz.sigfile and thus meets the single-argument conventions.The code here is not preserving the names of the tarball and signature locally, so it does not match up and
gpgfails to actually verify the signature whilst (unhelpfully) keeping its exit code as 0.The text was updated successfully, but these errors were encountered: