Greetings. I'm working with GPG 0.9.1, and have found that if you request
a signature verification but the .sig file is empty, GPG exits with a 0:
sylvia:updir$ : >foopkg.sig
sylvia:updir$ gpg --no-greeting --no-default-keyring --keyring ../lib/distkeyring --verify "foopkg.sig" "foopkg.update"
gpg: key 570FC9AD: secret key without public key - skipped
gpg: key 35146005: secret key without public key - skipped
sylvia:updir$ echo $?
0
However, if you put any text in foopkg.sig, it exits with 2:
sylvia:updir$ echo ":" >foopkg.sig
sylvia:updir$ gpg --no-greeting --no-default-keyring --keyring /home/jafo/projects/Firewall/update/lib/distkeyring --verify "foopkg.sig" "foopkg.update" 2>&1
gpg: key 570FC9AD: secret key without public key - skipped
gpg: key 35146005: secret key without public key - skipped
gpg: no valid OpenPGP data found.
sylvia:updir$ echo $?
2
I was working on a script which called GPG to verify that a signature was
valid before continuing. So, I check for a 0 exit code *AND* that the
output generated by GPG includes "gpg: Good signature from". However, it
would seem that returning non-zero in *ANY* case where a verify failed would
be the best plan as far as script-writers are concerned (or at least a note
in the man page that you should check for 0 and "Good" in the output).
Thanks,
Sean
--
His thoughts tumbled in his head, making and breaking alliances like
underpants in a dryer without Cling Free.
Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com>
URL: <http://www.tummy.com/xvscan> HP-UX/Linux/FreeBSD/BSDOS scanning software.
a signature verification but the .sig file is empty, GPG exits with a 0:
sylvia:updir$ : >foopkg.sig
sylvia:updir$ gpg --no-greeting --no-default-keyring --keyring ../lib/distkeyring --verify "foopkg.sig" "foopkg.update"
gpg: key 570FC9AD: secret key without public key - skipped
gpg: key 35146005: secret key without public key - skipped
sylvia:updir$ echo $?
0
However, if you put any text in foopkg.sig, it exits with 2:
sylvia:updir$ echo ":" >foopkg.sig
sylvia:updir$ gpg --no-greeting --no-default-keyring --keyring /home/jafo/projects/Firewall/update/lib/distkeyring --verify "foopkg.sig" "foopkg.update" 2>&1
gpg: key 570FC9AD: secret key without public key - skipped
gpg: key 35146005: secret key without public key - skipped
gpg: no valid OpenPGP data found.
sylvia:updir$ echo $?
2
I was working on a script which called GPG to verify that a signature was
valid before continuing. So, I check for a 0 exit code *AND* that the
output generated by GPG includes "gpg: Good signature from". However, it
would seem that returning non-zero in *ANY* case where a verify failed would
be the best plan as far as script-writers are concerned (or at least a note
in the man page that you should check for 0 and "Good" in the output).
Thanks,
Sean
--
His thoughts tumbled in his head, making and breaking alliances like
underpants in a dryer without Cling Free.
Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com>
URL: <http://www.tummy.com/xvscan> HP-UX/Linux/FreeBSD/BSDOS scanning software.