From: Nikolaus Rath <Nikolaus@rath.org>
Date: Wed, 5 Jul 2023 17:58:05 +0000 (+0100)
Subject: Don't attempt to put signify signature into gz header
X-Git-Tag: fuse-3.16.1~1
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=0d830af6b8441b9fc52cf5e2c6f815b2cf178d8f;p=qemu-gpiodev%2Flibfuse.git

Don't attempt to put signify signature into gz header

This is currently buggy, cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042837
---

diff --git a/README.md b/README.md
index cf76978..6855cef 100644
--- a/README.md
+++ b/README.md
@@ -49,13 +49,12 @@ Supported Platforms
 Installation
 ------------
 
-You can download libfuse from
-https://github.com/libfuse/libfuse/releases. To build and install, you
-must use [Meson](http://mesonbuild.com/) and
-[Ninja](https://ninja-build.org).  After downloading the tarball, verify
-it using [signify])(https://www.openbsd.org/papers/bsdcan-signify.html):
+You can download libfuse from https://github.com/libfuse/libfuse/releases. To build and
+install, you must use [Meson](http://mesonbuild.com/) and
+[Ninja](https://ninja-build.org).  After downloading the tarball and `.sig` file, verify
+it using [signify](https://www.openbsd.org/papers/bsdcan-signify.html):
 
-    signify -V -z -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
+    signify -V -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
     
 The `fuse-X.Y.pub` file contains the signing key and needs to be obtained from a
 trustworthy source. Each libfuse release contains the signing key for the release after it
diff --git a/make_release_tarball.sh b/make_release_tarball.sh
index 32d15fd..a004063 100755
--- a/make_release_tarball.sh
+++ b/make_release_tarball.sh
@@ -29,7 +29,7 @@ rm -r "${TAG}/make_release_tarball.sh" \
 cp -a doc/html "${TAG}/doc/"
 tar -czf "${TAG}.tar.gz" "${TAG}/"
 
-signify-openbsd -S -z -s signify/$MAJOR_REV.sec -m $TAG.tar.gz
+signify-openbsd -S -s signify/$MAJOR_REV.sec -m $TAG.tar.gz
 
 
 echo "Contributors from ${PREV_TAG} to ${TAG}:"