Hallo, Dan McGee: >On Thu, Jun 23, 2011 at 2:36 AM, Wieland Hoffmann ><[email protected]> wrote: >> + echo "$(gettext "NOT FOUND")" >&2 >> + errors=1 >> + found=0 >> + fi >> + >> + if (( found )); then >> + if ! gpg --quiet --batch --verify "$file" >> 2> /dev/null; then >> + echo "$(gettext "Verification >> failed")" >&2 >Any need to eat stderr? If things only show up in exceptional cases, >I'd rather it come through.
After looking at this more thorougly it seems like ALL output will appear on stderr [0]. I think it's a good idea to eat stderr here and instead use --status-file to save status messages in a temporary file and then grep for one of EXPSIG, EXPKEYSIG or REVKEYSIG (yes, gpg exits with status 0 even if the key that signed something has been revoked)[1] and exit immediately with an error message. Any objections? [0] http://lists.gnupg.org/pipermail/gnupg-users/2010-November/039821.html [1] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=2e1d92bb7c7cbeed9008ed268b365613ab3c5948;hb=refs/heads/STABLE-BRANCH-2-0#l232 -- Wieland / Mineo
signature.asc
Description: PGP signature
