On Tue, 2011-10-04 at 11:09 -0700, H. Peter Anvin wrote: > On 10/04/2011 11:02 AM, Greg KH wrote: > > On Tue, Oct 04, 2011 at 01:46:34PM -0400, Steven Rostedt wrote: > >> +my $pgp = `gpg --simple-sk-checksum -a --detach-sign $pass --output - < > >> $tmpfile`; > > > > Try not to use gpg when calling from scripts, use gpgv instead, it > > handles things much better, and sets the return value correctly so you > > can check it (which I don't think you do here.) > > > > gpgv is only usable to verify contents (equivalent to gpg --verify). > For other things you need to use gpg's --status-fd feature, *or* > (perhaps better) run gpgv on the output to verify that you actually got > a good signature.
Oh! That would probably save me a lot of debugging time to verify it directly in the script :) I've been sending lots of patches to myself to see if it showed a valid sig or not, then try to figure out what when wrong. I could write a gpgverifymail.pl, to confirm that the patch that is going out is correct. Yeah, I think another temp file would be the right thing here to fail nicely on issues with pgp. Thanks! -- Steve _______________________________________________ Quilt-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/quilt-dev
