From b49927fbd035851446d5f183652e144757c8ec9e Mon Sep 17 00:00:00 2001
From: nipil <nipil@users.noreply.github.com>
Date: Wed, 4 Sep 2024 09:51:40 +0200
Subject: [PATCH] docs: more secure two-step signature and hash validation

---
 docs/content/release_signing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/release_signing.md b/docs/content/release_signing.md
index 8e19303dc..824d42d6b 100644
--- a/docs/content/release_signing.md
+++ b/docs/content/release_signing.md
@@ -149,7 +149,7 @@ $ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip
 You can verify the signatures and hashes in one command line like this:
 
 ```
-$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+$ h=$(gpg --decrypt SHA256SUMS) && echo "$h" | sha256sum - -c --ignore-missing
 gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
 gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
 gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]