On Sun, 5 Nov 2023, at 16:43, Tomasz Buchert wrote:
> the "binary garbage" you see is actually the exact contents of the gz
> file for which you verify. See:
>
> [ ~/test ] $ cat out.gz | signify-openbsd -Vz -p ~/.ssh/signify.pub | cat > x
> [ ~/test ] $ diff x out.gz
>
> (i.e., out.gz and the output of signify are exactly the same)
>
> This allows to use it cleanly in the shell pipelines as is shown in the
> manpage.
>
> I think the request in this bug could be to have an option to verify the
> signify-signed gz file WITHOUT printing out the gz file to stdout?
>
> Does it make sense?
Yes. Wow, it never would have occured to me that this is the intended effect.
You're right, this matches the example in the manpage but to me it's wholly
unexpected given the description of the option:
-z Sign and verify gzip(1) archives, where the signing data is
embedded in the gzip(1)
header.
(doesn't say anything about printing to stdout)
Best,
-Niko
