I recently adopted the openbsd-manpages package[1], and wanted to verify downloaded files using OpenBSD's signify(1) tool. For each release of OpenBSD, you download the base public key[2], the architecture-specific files and the SHA256.sig[3] for those files. The files are verified by running: signify -Cp openbsd-65-base.pub -x SHA256.sig *.tgz The problem is that PKGBUILD thinks that the signify signature is a PGP signature, and tries to verify it against a non-existent file/PGP key. I've worked around this by renaming SHA256.sig to SHA256. Have any other packagers/maintainers experienced this problem, and if so are there any better solutions other than the one I mentioned? [1] https://aur.archlinux.org/packages/openbsd-manpages/ [2] https://ftp.openbsd.org/pub/OpenBSD/6.5/openbsd-65-base.pub [3] https://ftp.openbsd.org/pub/OpenBSD/6.5/amd64/SHA256.sig -- Stephen Gregoratto
