docs: more secure two-step signature and hash validation

2024-09-04 09:51:40 +02:00 · 2024-09-04 09:51:40 +02:00 · b49927fbd0
commit b49927fbd0
parent 1a8b7662e7
1 changed files with 1 additions and 1 deletions
--- a/docs/content/release_signing.md
+++ b/docs/content/release_signing.md
@ -149,7 +149,7 @@ $ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip
 You can verify the signatures and hashes in one command line like this:

 ```
-$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+$ h=$(gpg --decrypt SHA256SUMS) && echo "$h" | sha256sum - -c --ignore-missing
 gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
 gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
 gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]