Using --output with --verify

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Sep 8 15:21:00 CEST 2016


On Thu 2016-09-08 12:36:30 +0200, Daniel Kahn Gillmor wrote:
> On Thu 2016-09-08 00:52:31 +0200, Werner Koch wrote:
>> The next step will be to add an --output option to gpgv.
>
> I see you've done this already -- thanks!  One issue with the current
> implementation is how confused it gets if a file already exists, the
> error message appears to be wrong:
>
> 0 dkg at alice:~/tmp/trial$ rm -rf output
> 0 dkg at alice:~/tmp/trial$ ./g10/gpgv --output output --keyring foo.gpg test.txt.asc 
> gpgv: Signature made Tue 06 Sep 2016 09:53:02 AM CEST
> gpgv:                using RSA key 24ECFF5AFF68370A
> gpgv: Good signature from "Daniel Kahn Gillmor <dkg at debian.org>"
> 0 dkg at alice:~/tmp/trial$ ./g10/gpgv --output output --keyring foo.gpg test.txt.asc 
> gpgv: handle plaintext failed: General error
> gpgv: no signature found
> gpgv: the signature could not be verified.
> Please remember that the signature file (.sig or .asc)
> should be the first file given on the command line.
> 2 dkg at alice:~/tmp/trial$
>
> i think the error message should be something about the output file
> already existing.

hm, i see that you added --yes to gpgv in order to be able to override
the output file.  I think we should remove the --yes option entirely,
and just set it to true.  if the user does "gpgv --output foo data" then
gpgv will wipe foo and output the signed data to it.

> it would be nice (but not super important) to add
> --enable-special-filenames to gpgv as well.

I also changed my mind on this.  I don't think introducing a new option
for gpgv is the right way to go; instead, i think
--enable-special-filenames should always be set for gpgv.

I'll send a patch with these changes shortly.

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20160908/94c70a20/attachment.sig>


More information about the Gnupg-devel mailing list