Thanks Junio. I was looking at 'smimesign' and working to understand how, when set within 'gpg.program', it conformed with gpg's usage within git sign,verify etc. I happened to look at the docs for the 'gpg.program' config variable and noticed the discrepancy. Thanks again, Robert On Fri, Jul 12, 2019 at 11:47 AM Junio C Hamano <gitster@xxxxxxxxx> wrote: > > "Robert Morgan via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > > > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt > > index f999f8ea49..cce2c89245 100644 > > --- a/Documentation/config/gpg.txt > > +++ b/Documentation/config/gpg.txt > > @@ -2,7 +2,7 @@ gpg.program:: > > Use this custom program instead of "`gpg`" found on `$PATH` when > > making or verifying a PGP signature. The program must support the > > same command-line interface as GPG, namely, to verify a detached > > - signature, "`gpg --verify $file - <$signature`" is run, and the > > + signature, "`gpg --verify $signature - <$file`" is run, and the > > program is expected to signal a good signature by exiting with > > code 0, and to generate an ASCII-armored detached signature, the > > standard input of "`gpg -bsau $key`" is fed with the contents to be > > Wow. Good find. > > gpg-interface.c::verify_signed_buffer() takes a detached signature > in core, writes it to a temporary file and runs > > gpg --status-fd=1 --verify $the_temporary_file > > and the payload that is supposed to match the given signature is fed > via the standard input, so the above documentation is the only thing > that needs fixing, which is good ;-) > > Thanks. > > >
