Don't attempt to put signify signature into gz header

This is currently buggy, cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042837
2024-11-23 04:04:31 +08:00 · 2023-07-05 18:58:05 +01:00 · 2023-07-05 18:58:05 +01:00 · 0d830af6b8
commit 0d830af6b8
parent 7b9e7eeec6
2 changed files with 6 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -49,13 +49,12 @@ Supported Platforms
 Installation
 ------------

-You can download libfuse from
-https://github.com/libfuse/libfuse/releases. To build and install, you
-must use [Meson](http://mesonbuild.com/) and
-[Ninja](https://ninja-build.org).  After downloading the tarball, verify
-it using [signify])(https://www.openbsd.org/papers/bsdcan-signify.html):
+You can download libfuse from https://github.com/libfuse/libfuse/releases. To build and
+install, you must use [Meson](http://mesonbuild.com/) and
+[Ninja](https://ninja-build.org).  After downloading the tarball and `.sig` file, verify
+it using [signify](https://www.openbsd.org/papers/bsdcan-signify.html):

-    signify -V -z -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
+    signify -V -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
    
 The `fuse-X.Y.pub` file contains the signing key and needs to be obtained from a
 trustworthy source. Each libfuse release contains the signing key for the release after it
--- a/make_release_tarball.sh
+++ b/make_release_tarball.sh
@ -29,7 +29,7 @@ rm -r "${TAG}/make_release_tarball.sh" \
 cp -a doc/html "${TAG}/doc/"
 tar -czf "${TAG}.tar.gz" "${TAG}/"

-signify-openbsd -S -z -s signify/$MAJOR_REV.sec -m $TAG.tar.gz
+signify-openbsd -S -s signify/$MAJOR_REV.sec -m $TAG.tar.gz


 echo "Contributors from ${PREV_TAG} to ${TAG}:"