No worries. Thanks a lot for checking. I like the idea of adding a
question mark as a creative hack, but I think I'll stick with renaming
the files. 😅️
Thanks for your help <3
My bad, sorry! Out of curiosity, I checked the source code for makepkg, and it
looks like the only other way is to use the --skippgpcheck flag.
(Curiously, the test for signature files checks the entire URL, not just the
path name, so if you add a question mark to the URL, this also bypasses the
Please do read my original message: that is precisely what I am doing
now, and what I'd like to avoid 🙂️
Basti,
Have you tried renaming the file? e.g.
source=('package_sig.txt::http://wherever/package.sig')
--
Edward
signature.asc
Description: OpenPGP digital signature
Hello,
apparently makepkg automatically attempts to verify .sig files in the
SOURCES array with gpg.
Can I somehow stop this behaviour?
I have .sig URLs but these aren't GPG signatures, but SSH signatures
I'd like to validate in a custom verify() function.
Currently, I'm working around this by
