luweitest Posted September 14, 2021 Share Posted September 14, 2021 I have a simple batch file in "SendTo" folder to add a context menu verifying signature: "C:\Program Files\GnuPG\bin\gpg.exe" --verify %1 pause "pause" line allows showing the verifying result before the cmd window closes. It always works fine to GnuPG 2.2.27, then begins with 2.2.28, the "pause" command lost effect. The cmd window of verifying result splashes away quickly. I tested in a Windows 7 machine, it works fine. So my bug report https://dev.gnupg.org/T5560 is doomed to be "wontfix" as a Windows XP issue. What could be the cause of it? I tried the releases of GnuPG from: https://www.gnupg.org/ftp/gcrypt/binary/ Link to comment Share on other sites More sharing options...
jaclaz Posted September 14, 2021 Share Posted September 14, 2021 It is strange. Anything after the gpg command is ignored, it ignores even redirection to a file. A way out is: cmd.exe /k gpg --verify %1 but you will have to close the command window with the mouse on the right top cross button or type exit on command line (which becomes without prompt). This is ugly but it works like your current one: pause | cmd.exe /k gpg --verify %1 only you won't have the Press any key prompt, still by pressing any key the cmd window will close. This: @echo off prompt Press any key to continue ...&&pause | cmd.exe /k gpg --verify %1 should emulate your current behaviour. jaclaz 1 Link to comment Share on other sites More sharing options...
Tripredacus Posted September 14, 2021 Share Posted September 14, 2021 IIRC running any file as .bat or .cmd is supposed to run as cmd /k by default. I have seen instances where pause is "ignored" but it occurs in these situations: - nested batch where one has an exit and one has a pause. - some programs (apparently) send an exit code to CMD causing the window to close. (exit code sent normally) - some programs exit in a way that is not expected and causes CMD to close before the pause happens. (exit code sent because of a crash) For this third option, because it is impossible to know whether or not the pause is actually even being read by the system, I would put in something between the program line and the pause. Something that can give proof that the next line in the .cmd is being executed such as copying a file from one dir to another, or launching another program like calc.exe. Then if not only the first line is executed, but then the second, you will know that the .cmd is actually running as expected and not being closed by whatever is in the first line. Note: I exclusively use .cmd and not .bat, know there is a difference but not sure if relevant. Link to comment Share on other sites More sharing options...
jaclaz Posted September 14, 2021 Share Posted September 14, 2021 @Trip I already tested specifically the mentioned program and nothing is parsed after the gpg --verify <filename> command, hence the workaround via pipe. jaclaz 1 Link to comment Share on other sites More sharing options...
RainyShadow Posted September 14, 2021 Share Posted September 14, 2021 Not revelant to this specific case, but i place shortcuts in "Send To"and similar places instead of the batch file itself. Usually you get extra settings this way. Link to comment Share on other sites More sharing options...
luweitest Posted September 15, 2021 Author Share Posted September 15, 2021 Thanks @jaclaz,the pipe operation pause|"C:\Program Files\GnuPG\bin\gpg.exe" --verify "%1" does the job (without cmd.exe /k). And confirmation to @Tripredacus, gpg just terminates the batch, regardless what command is followed. Link to comment Share on other sites More sharing options...
luweitest Posted September 16, 2021 Author Share Posted September 16, 2021 (edited) Today I also tried rename verify.bat to verify.cmd, or put shortcut in "SendTo", no change. And I learned a new way to do this instead of using "SendTo" : add context menu to a specific file type, thus saved a click, or even two clicks if set as default operation. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.sig] @="Signature" [HKEY_CLASSES_ROOT\Signature\shell] @="Verify" [HKEY_CLASSES_ROOT\Signature\shell\Verify\command] @="cmd /k \"\"C:\\Program Files\\GnuPG\\bin\\gpg.exe\" --verify \"%1\"\"" This way I have to use "cmd /k"; pipe operation "pause|..." couldn't work (it seems windows do not recognize "pause" as a way to open file). Anyway this partially workarounds the problem. I still believe gnupg 2.2.28 do break something, yet the developers seems not even interested to acknowledge it. Edited September 16, 2021 by luweitest Link to comment Share on other sites More sharing options...
Mr.Scienceman2000 Posted September 16, 2021 Share Posted September 16, 2021 (edited) 3 hours ago, luweitest said: Anyway this partially workarounds the problem. I still believe gnupg 2.2.28 do break something, yet the developers seems not even interested to acknowledge it. I really hope I am wrong but likely this will break stuff on me since I use gnupg to pgp encrypt and sign my emails under XP. If they do not care xp related issue may mean plan and drop xp support "in benefit of user" and if gnupg drops support no more pgp on xp. I need test upgrade it and see if anything else broke related encryption or signing. Edited September 16, 2021 by Mr.Scienceman2000 Link to comment Share on other sites More sharing options...
luweitest Posted September 16, 2021 Author Share Posted September 16, 2021 (edited) Well maybe in their opinion it's not gnupg breaking things but windows xp's bug in batch processing, since windows 7 could handle it. Who knows. Anyway, gnupg could still be used on xp, if no bat|cmd file is concerned. Edit: oops, just find the latest gnupg 2.3.2 cannot decrypt (gpg-agent cannot start; though encryption works). 2.3.1 is the last one now. Edited September 16, 2021 by luweitest Link to comment Share on other sites More sharing options...
jaclaz Posted September 16, 2021 Share Posted September 16, 2021 For the Registry association (has to be tested) probably something *like* cmd /c pause | ... might work, you first open a command prompt, and when already in it you inject via pipe the pause to the pgp.exe. jaclaz 1 Link to comment Share on other sites More sharing options...
luweitest Posted September 17, 2021 Author Share Posted September 17, 2021 13 hours ago, jaclaz said: For the Registry association (has to be tested) probably something *like* cmd /c pause | ... might work, you first open a command prompt, and when already in it you inject via pipe the pause to the pgp.exe. jaclaz Yes! works with: @="cmd /c \"pause|\"C:\\Program Files\\GnuPG\\bin\\gpg.exe\" --verify \"%1\"\"" Link to comment Share on other sites More sharing options...
jaclaz Posted September 17, 2021 Share Posted September 17, 2021 14 hours ago, luweitest said: Yes! works with: @="cmd /c \"pause|\"C:\\Program Files\\GnuPG\\bin\\gpg.exe\" --verify \"%1\"\"" Good. jaclaz Link to comment Share on other sites More sharing options...
Mathwiz Posted September 20, 2021 Share Posted September 20, 2021 (edited) A couple of years ago, I wrote a batch file to download & install @roytam1's browser builds. Surprisingly, it still works - the only thing I had to change was the set domain= line because he had to change his hosting domain name again. One of its features was to verify the signature of the downloaded file using gpg. Needless to say, this throws a big monkey wrench into that feature - there's a lot more to do after verifying the signature than just pausing so you can see the results! I'll give the cmd /c trick a try. Hopefully it will crash just the second invocation of cmd.exe, allowing the first (the one running the batch file) to continue. Might look a bit ugly, but as long as it works.... Edit: Well, looks like it's a moot point anyway; Roytam1 stopped uploading gpg signatures about a year ago. Edit 2: Here's what happened: His SSD crashed. Edited September 20, 2021 by Mathwiz Link to comment Share on other sites More sharing options...
luweitest Posted September 29, 2021 Author Share Posted September 29, 2021 Hopefully @roytam1 could recreate another key; I do have concerns about his special identity as a HKer. Link to comment Share on other sites More sharing options...
Mathwiz Posted October 3, 2021 Share Posted October 3, 2021 Yes, that's what he'd have to do: create a new key pair, publish his new public key, and start signing his builds with his new key. Probably not practical to recover the old private key from a crashed SSD; data recovery services are expensive, and there'd be no guarantee of getting it back anyway. And I'm not sure how HK's new government would react to one of its citizens publishing a public key, since it could be used to send him encrypted messages. May not be worth the potential trouble. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now