Return-Path: X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E08F0181E2 for ; Thu, 13 Aug 2015 10:29:06 +0000 (UTC) Received: (qmail 79183 invoked by uid 500); 13 Aug 2015 10:29:06 -0000 Delivered-To: apmail-subversion-dev-archive@subversion.apache.org Received: (qmail 79137 invoked by uid 500); 13 Aug 2015 10:29:06 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 79127 invoked by uid 99); 13 Aug 2015 10:29:06 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Aug 2015 10:29:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id DA3DF1A9FCD for ; Thu, 13 Aug 2015 10:29:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31 tests=[RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id R0dHzqrN8xbj for ; Thu, 13 Aug 2015 10:28:57 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id D1A8C3A0A9 for ; Thu, 13 Aug 2015 10:17:03 +0000 (UTC) Received: from [195.135.221.2] by 3capp-gmx-bs72.server.lan (via HTTP); Thu, 13 Aug 2015 12:16:57 +0200 MIME-Version: 1.0 Message-ID: From: "Andreas Stieger" To: "dev@subversion.apache.org" Subject: issue 4587: Verifying multiple OpenPGP signatures on a release Content-Type: text/plain; charset=UTF-8 Date: Thu, 13 Aug 2015 12:16:57 +0200 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K0:GkkgRjlcMSg2Qfms94nR0pFtcwoJFYPIyc0gJeI0IIb QczmfkpYRkMPi+rRBaKcojSUJ8Ce0OQejpC+qe7meAcPqNIwgu raeUBG5qlwRamKG6xOwM2UDA677RmYZeDyhQdLXYuIwY6Sv8LG 6OmBKCfEnUqLzVHs7LLdhRz5WHKJGL6zNcguFtMcc38l8qaie5 ETDhLw9tDC8XtQb0vKwqMJghNcu5+tQbY1uCsrBoOZb6/Xpmi9 qf6AP/3SMlEicIyYYchob9CX9rm3+SxLra+KNCaB3KGBT/LEG6 J7CgIU= X-UI-Out-Filterresults: notjunk:1;V01:K0:HLgEb5Ch40c=:sfLcvnsH+1TSnp1OHfgpEC +ZzSvBru1X/2Azw3S1Cbqy2QlVJM6qLKzNvBi232HTWvRRQciRqY9v8R1FmxA18UjKdCo4uUK yit2lziA5ipFZVcZXVXQboUEQx9GlS70UWMMU7iNFTF70b1P4FkxgAJs74YZeLXG0ah+0h5mt N0JXz9WT8l6yOAZuULnjg/tRxUJIt0anpLh9GqT9PwezRYlPtna6lZgQ2JYH9F6GVTGbLfuyA /2G/tf4Dm2LAHQjL22mR0jKhEDwKaUYDa1cJVqZUGcNrD3hVpX83OhKWTp23vxK3nmDUmR7lA MiKCV1ZruCiSOx61e6tY9HUXD51nRcl58eR4OJfNPKwXeb4EOlubqxofisFB/UXbGFaKM7w4p MZxY4i/5pwJAU0xDL7BySO4jkTSU9yITQy4+e9aEQOakAFRWSHwKqkcuVEmYcUQ9o+UHjm1gm 4GhhuShUNQ== For issue 4587: Verifying multiple OpenPGP signatures on a release The following splits and verifies all signatures: csplit --elide-empty-files --prefix=sig --suffix-format=%0d2.asc subversion-1.9.0.tar.bz2.asc '/^-----BEGIN PGP SIGNATURE-----$/' '{*}' for X in sig*.asc; do gpg --verify $X subversion-1.9.0.tar.bz2; done The same could be done in awk. In 2013 gpg was noted to not support multiple signatures if the signing keys differ in type/digest: http://www.eyrie.org/~eagle/journal/2013-01/011.html Andreas