From d7a14b078c866026a5a27426d37d1f03cacee4fb Mon Sep 17 00:00:00 2001
From: Jakub Wilk <jwilk@jwilk.net>
Date: Tue, 18 Sep 2018 21:45:05 +0200
Subject: [PATCH] Fix live image integrity check

"gpg SHA512SUMS.sign" would do the right thing only if the file actually
contained a detached signature.

Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS"
instead.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c9bd082..d124a99 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,7 @@ $ curl -LfO https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/S
 
 $ !!.sign
 
-$ gpg SHA512SUMS.sign
+$ gpg --verify SHA512SUMS.sign SHA512SUMS
 [...]
 gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]
 [...]