verification of text signatures is broken
Consider:
$ cat /tmp/bad.txt | gpg2 --textmode -a -u 0xA56557F7A6941F45 -s | sq verify --signer-file /tmp/carol.asc
Compressed using ZIP
Error verifying checksum from CCD301E839E71B41BEF08584A56557F7A6941F45:
Message has been manipulated
1 bad checksum.
Error: Verification failed
$ cat /tmp/bad.txt | gpg2 --textmode -a -u 0xA56557F7A6941F45 -s | gpg2 --verify
gpg: Signature made Sat 10 Dec 2022 09:00:43 AM CET
gpg: using RSA key CCD301E839E71B41BEF08584A56557F7A6941F45
gpg: Good signature from "Carol <carol@example.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CCD3 01E8 39E7 1B41 BEF0 8584 A565 57F7 A694 1F45
I tried minimizing the input file and this is as small as I could get it. So, I think it might have something to do with a boundary condition.