Skip to content

commitpkg: prefer explicit signature+data parameters for gpg --verify

Lets prefer the explicit variant of gpg --verify by providing both, the signature and the data file as parameters. For the unlikely case there is a matching signature file already present that was created outside of the toolchain and has an embedded signature with data, we at least could detect it early with this check.

Merge request reports

Loading