Page MenuHome GnuPG
Create Task
Maniphest T714

Meaningful RETURN values
Closed, ResolvedPublic
Actions

Description

This is a wishlist request to provide more meaningful error return codes instead
of the catch-all "2". As mentioned in other bug reports, GnuPG currently does
not indicate severity or even class of error by its return code. For scripting
environments, this requires the developer to parse and interpret the stderr
messages to figure out how bad things really are. It would be far more
expedient and robust for these environments if gnupg and friends would actually
give more meaningful returns.

For example, I have been trying to use the gnupg.vim script for
encrypting/decrypting files in vim itself. It turns out that one of the files
had been tampered with in one form or another, but not so much as to prevent the
document from being able to be decrypted. The author of the gnupg.vim script
made a reasonable assumption, that if the decryption call to gpg exited with an
error, than the message could not be decrypted -- or flawed and should not be
worked on. Although it was valuable to know that the file had been meddled
with, it was not helpful not to be prevented from working on or salvaging the
file. Had gpg had more sane and meaningful return values, this error in
scripting may not have happened, the author would have more flexibility on how
his script were to act when presented with an error condition. It is evident
that the author of the script didn't consider this, and the error lies in his
court. However, I consider this a design flaw on gnupg's part and would love to
see it remedied.

Event Timeline

chewie added projects: Feature Request, gnupg.Oct 17 2006, 11:47 PM
chewie added a subscriber: chewie.
werner added a subscriber: werner.Oct 18 2006, 1:07 PM

Return codes are not a good way to return non-boolean status information. In
particular not with a complicated tool like gpg. There are often several things
to consider when deciding whether a verification worked out. Packing this all
into an 8 bit (or well better just 7 bit) vector is not easy.

Gnupg's aproach is different: By using the information returned via
"--status-fd N" a script can get all required information and process them
according to its own rules. There is one exception: gpgv is designed to make
signature verification easy - there you can rely on the return value.

If you want a tool returning error codes, you might want to write a wrapper
based on the gpgme library. gpgme's machinery parses all status information
returned by gpg and offers them in easy to access structures. There are even
flags deduced from theses structures to give a brief overview. For example a
flag named "green" indicates that a signature is valid even if there are
circumstances that some parties might not want to rely on such a signature (e.g.
the key has meanwhile expired). So what these flags do, is to apply a common
interpretation of gpg's output.

chewie added a comment.Oct 18 2006, 5:28 PM

Thanks for the info. I'll look more deeply into the --status-fd approach as
well as gpgme. I understand the desire to stay away from maintaining
application-specific error tables and serializing conditions into meaningful
return values, but to the shell script writer, the bread-and-butter of UNIX
environments, it is invaluable. Again, thanks for your info.

werner closed this task as Resolved.Dec 5 2006, 11:07 AM
werner claimed this task.
dkg added a subscriber: dkg.Mar 20 2019, 11:10 PM

werner wrote:

There is one exception: gpgv is designed to make signature verification easy - there you can rely on the return value.

however, gpgv(1) says:

RETURN VALUE

The program returns 0 if everything is fine, 1 if at least  one  signa‐
ture was bad, and other error codes for fatal errors.

however, with gpgv, and its curated keyring approach, most people just want to know whether *any signature* was good, not whether at least one signature was bad (e.g. if a new developer makes an additional signature on top of an existing developer's signature, and the verifier doesn't know who the new developer is, that doesn't invalidate the old developer's signature).

So it's not possible to use gpgv's return code safely in this context.

See https://bugs.debian.org/925148 for an example.

chewie removed a subscriber: chewie.Mar 21 2019, 7:05 AM