On 7/28/25 11:31 AM, Sam James wrote:
>> + for key in "${SEC_KEYS_VALIDPGPKEYS[@]}"; do
>> + if [[ ${key##*:} = *github* ]]; then
>> + name=${key#*:}; name=${name%%:*}
>> + wget -qO- https://github.com/${name}.gpg | gpg --import
>> || die
>
> I (still) think this should have a pipestatus, if nothing else to be a
> good example and avoid possible lint issues down the road.
Okay, I remember this private conversation now -- at the time, I refused
on the grounds it would entail using the name "assert". :P
Will add.
>> + fi
>> + done
>> +
>> + for fingerprint in "${SEC_KEYS_VALIDPGPKEYS[@]%%:*}"; do
>> + pgpdump "${fingerprint}.asc" > "${fingerprint}.pgpdump" || die
>> + "${gpg_command[@]}" --export "${fingerprint}" | pgpdump
>>> "${fingerprint}.pgpdump.new" || die
>
> ... and here.
(And for context, this is safe because pgpdump has a reliable exit code
even if given a half-formed key missing the closing boundary. Still, I
agree that for consistency and as a good example it's fine to do.)
--
Eli Schwartz
OpenPGP_signature.asc
Description: OpenPGP digital signature
