当我执行以下命令时,我会得到这样的输出:
$ gpg --verify awscliv2.deb
gpg: Signature made Mon Nov 4 19:00:01 2019 PST
gpg: using RSA key FB5D B77F D5C1 18B8 0511 ADA8 A631 0ACC 4672 475C
gpg: Good signature from "AWS CLI Team <aws-cli@amazon.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FB5D B77F D5C1 18B8 0511 ADA8 A631 0ACC 4672 475C
如何使用shell验证以上输出是否包含字符串良好签名或主键指纹?
我使用过这样的grep命令,但它没有返回预期的结果。
$ gpg --verify awscliv2.deb | grep -iq 'Good signature'
$ echo $?
1
对于输出如上所述的有效签名文件echo$应返回0,否则返回1。但它总是返回1。
我也有点挣扎。这对我有效。
set -o pipefail
gpg --verify someascfile.asc 2>&1 >/dev/null | grep 'Good Signature'
if [ $? = 0 ]; then
echo "The signature for the tar file is not a good signature. Exiting now."
exit 1
fi
尽管验证通过了有效的RSA密钥,但第一种情况对我来说失败了,因为echo $?返回了2,这是出乎意料的。
在这种情况下,我需要导入公钥,通过首先检查RSA密钥输出,然后运行:来获得Good Signature上的匹配
gpg --receive-keys <RSA KEY>
rsa_key=$(gpg $ASC_FILE 2>&1 | grep RSA | awk '{print $5}')
gpg --receive-keys $rsa_key
VERIFIED=$(gpg --verify $driver_asc $driver_filename 2>&1 | grep 'Good signature')
if [[ $VERIFIED ]]; then
echo "gpg keys verified. Installing..."
else
echo "gpg key cannot be verifed. Aborting installations"
exit 1
fi