How to log gpg verified files?

I am running a gpg --verify on a list of files that I am referencing from gpg_verify.txt. I want to track which passed, so that I can later download some files that have first passed my check.

Therefore, how can I capture whether/or not a particular file in my loop passed/failed so that I can log it into a different file, that I can later reference?

I want something like:

while read -r line;
do 
  gpg --verify $line
  if(above output^ passes) then;
   > passed_gpg.txt
  else
   > failed_gpg.txt
done < gpg_verify.txt

Here is example output when I just run:

while read -r line;
do 
  gpg --verify $line
done < gpg_verify.txt

Output:

gpg: Signature made Tue Feb 11 17:26:10 2020 UTC
gpg:                using RSA key XXXXXXXXXXXX
gpg: Good signature from "Rando person (XXXXX Signing Key) <example@example.com>" [ultimate]

1 answer

  • answered 2020-02-12 23:19 Charles Duffy

    Consider:

    #!/usr/bin/env bash
    while IFS= read -r filename; do
      if gpg -v "$filename"; then
        printf '%s\n' "$filename" >&3
      else
        printf '%s\n' "$filename" >&4
      fi
    done <gpg_verify.txt 3>passed_gpg.txt 4>failed_gpg.txt
    

    What's different here?

    • We're putting the command whose exit status we want to test inside the if.
    • We're explicitly writing something to the output files, not just opening them.
    • We're opening each output file only once, when the loop starts (and then attaching them to distinct file descriptor numbers). That means that outfile isn't truncated every time we want to write to it.

    This still isn't perfect -- a better tool would probably avoid making the assumptions about filenames implicit in storing them in a line-oriented file -- but it's a place to start.