Don't attempt to put signify signature into gz header

This is currently buggy, cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042837

diff --git a/README.md b/README.md
index cf76978f7b5cb72238489fd463b23b0cc9ff7dab..6855cefa0ebf3ed4ef3baa3f9d08cfba704aae88 100644 (file)
--- a/README.md
+++ b/README.md
@@ -49,13 +49,12 @@ Supported Platforms
 Installation
 ------------
 
-You can download libfuse from
-https://github.com/libfuse/libfuse/releases. To build and install, you
-must use [Meson](http://mesonbuild.com/) and
-[Ninja](https://ninja-build.org).  After downloading the tarball, verify
-it using [signify])(https://www.openbsd.org/papers/bsdcan-signify.html):
+You can download libfuse from https://github.com/libfuse/libfuse/releases. To build and
+install, you must use [Meson](http://mesonbuild.com/) and
+[Ninja](https://ninja-build.org).  After downloading the tarball and `.sig` file, verify
+it using [signify](https://www.openbsd.org/papers/bsdcan-signify.html):
 
-    signify -V -z -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
+    signify -V -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
     
 The `fuse-X.Y.pub` file contains the signing key and needs to be obtained from a
 trustworthy source. Each libfuse release contains the signing key for the release after it

diff --git a/make_release_tarball.sh b/make_release_tarball.sh
index 32d15fd4d41baed6cdb8039d340a3f9f06b87e2d..a0040638b5c8718645bb62171eaf4c61be3e8d6d 100755 (executable)
--- a/make_release_tarball.sh
+++ b/make_release_tarball.sh
@@ -29,7 +29,7 @@ rm -r "${TAG}/make_release_tarball.sh" \
 cp -a doc/html "${TAG}/doc/"
 tar -czf "${TAG}.tar.gz" "${TAG}/"
 
-signify-openbsd -S -z -s signify/$MAJOR_REV.sec -m $TAG.tar.gz
+signify-openbsd -S -s signify/$MAJOR_REV.sec -m $TAG.tar.gz
 
 
 echo "Contributors from ${PREV_TAG} to ${TAG}:"