{"id":16615148,"url":"https://github.com/owl4ce/gpger","last_synced_at":"2026-04-27T22:31:46.127Z","repository":{"id":114049166,"uuid":"475668546","full_name":"owl4ce/gpger","owner":"owl4ce","description":"GnuPG – Recursive Signer","archived":false,"fork":false,"pushed_at":"2023-05-16T02:59:37.000Z","size":7,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T00:17:43.471Z","etag":null,"topics":["digest","gpg","integrity","linux","pgp","posix","shasum","shell","shell-script"],"latest_commit_sha":null,"homepage":"https://github.com/owl4ce/gpger.git","language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/owl4ce.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-30T00:52:21.000Z","updated_at":"2024-03-29T16:33:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"6ba72711-e5b9-41cd-93f5-7e9907884900","html_url":"https://github.com/owl4ce/gpger","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/owl4ce/gpger","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owl4ce%2Fgpger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owl4ce%2Fgpger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owl4ce%2Fgpger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owl4ce%2Fgpger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/owl4ce","download_url":"https://codeload.github.com/owl4ce/gpger/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owl4ce%2Fgpger/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32358509,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"ssl_error","status_checked_at":"2026-04-27T20:07:00.910Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["digest","gpg","integrity","linux","pgp","posix","shasum","shell","shell-script"],"created_at":"2024-10-12T02:08:46.390Z","updated_at":"2026-04-27T22:31:46.107Z","avatar_url":"https://github.com/owl4ce.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"justify\"\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n```css\n‌‌‌‌‬‬‬‍‌‌‌‌‌‬‌‌ _‌‌‌‌‌‌‬_, ‌‌‌‌‌‌‌  _   ‌‌‌‌‌‌‬__,  _  ‌‌‌‌‌‌‬ ,_‌‌‌‌‌‬‌‌  ‌‌‌‌‍‬‌‌‌‌‍‍    ‌‌‌‌‍‬‌  ‌‌‌‌‌‍‌  ‌‌‌‌‍‬‌  ‌‌‌‌‍‬‍‍\n/  | |/ \\_/  |‌‌‌‌‌‬‌‌ |/‌‌‌‌‌‌  /  | ‌‌‌‌‍‬‌‍ [G]nu[‌‌‌‌‍‬‌PG]\n\\_/|‌‌‌‌‍‍‌/|‌‌‌‌‍‬‍‍__‌‌‌‌‍‌‬/ \\‌‌‌‌‍‬‬_/|/‌‌‌‌‍‬‌‍‌‌‌‌‍‍‌|‌‌‌‌‍‬‍‍__/‌‌‌‌‌‬‍   |_‌‌‌‌‍‌/  ‌‌‌‌‍‬‍‍ ‌‌‌‌‌‍ ‌‌‌‌‍‬‍‍     \n ‌‌‌‌‍‬‬ /|‌‌‌‌‍‌‌‌/‌‌‌‌‍‌‌|      /‌‌‌‌‍‬‍|    ‌‌‌‌‌‬‬ ‌‌‌‌‍‬‍  ‌‌‌‌‍‬‍‍         ‌‌‌‌‌‬    \n  \\|\\|      \\|  Recursive Sign[er]\n```\n\n\u003c/div\u003e\n\n## \u003csamp\u003eDEPENDENCIES\u003c/samp\u003e \u003cimg alt=\"\" align=\"right\" src=\"https://badges.pufler.dev/visits/owl4ce/gpger?style=flat-square\u0026label=\u0026color=000000\u0026logo=github\u0026logoColor=white\u0026labelColor=000000\"/\u003e\n\n`sh` ( `coreutils` or `busybox` or `toybox` ) `gpg`\n\n## \u003csamp\u003eINSTALLATION\u003c/samp\u003e\n\n```sh\n💲 curl -s https://raw.githubusercontent.com/owl4ce/gpger/main/gpger \\\n| install -m755 - ~/.local/bin/gpger # $PATH\n```\n\n## \u003csamp\u003eUSAGE\u003c/samp\u003e\n\n```sh\n💲 gpger -h\n```\n\n```sh\n* Simplify life with GnuPG Recursive Signer\n\nUSAGE\n  gpger [options]\n\nOPTIONS\n  -s /path/to/your_files\t[  sign  ]\n  -v /path/to/your_files\t[ verify ]\n  -h\t\t\t\t[  help  ]\n\nENVIRONMENT\n  GPGER_SHA_BITS\t\tSet the SHA bits to be used.\n\t\t\t\t1/224/256/384/512. Default 256.\n\nhttps://github.com/owl4ce/gpger\n```\n\nRecursive example:\n\n```sh\n💲 # For `bash`, enable globstar (**) first.\n💲 shopt -s globstar\n```\n\n```sh\n💲 GPGER_SHA_BITS=512 gpger -s **/*\n```\n\n```sh\n-x- Signing 'archiveexample.tar.xz' with detached signature file ...\ngpg: using pgp trust model\ngpg: writing to 'archiveexample.tar.sign'\ngpg: RSA/SHA512 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n\n-x- Signing 'xyz.zip' with detached signature file ...\ngpg: using pgp trust model\ngpg: writing to 'xyz.zip.sign'\ngpg: RSA/SHA512 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n\n-x- Compute and signing files\\' digest with SHA512 ...\ngpg: using pgp trust model\ngpg: writing to 'sha512sums.asc'\ngpg: RSA/SHA512 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n\nEverything is OK.\n```\n\n```sh\n💲 GPGER_SHA_BITS=512 gpger -v **/*\n```\n\n```sh\n-x- Verifying 'archiveexample.tar.xz' with detached signature file ...\ngpg: armor header: Comment: This signature is for the .tar version of the archive\ngpg: Signature made Thu Mar 31 23:25:07 2022 WIB\ngpg:                using RSA key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ngpg: using pgp trust model\ngpg: Good signature from \"xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\" [ultimate]\ngpg: binary signature, digest algorithm SHA512, key algorithm rsa4096\n\n-x- Verifying 'xyz.zip' with detached signature file ...\ngpg: armor header: Comment: This signature is for the .zip version of the archive\ngpg: Signature made Thu Mar 31 23:25:07 2022 WIB\ngpg:                using RSA key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ngpg: using pgp trust model\ngpg: Good signature from \"xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\" [ultimate]\ngpg: binary signature, digest algorithm SHA512, key algorithm rsa4096\n\n-x- Verifying signed files\\' digest with SHA512 ...\ngpg: armor header: Hash: SHA512\ngpg: armor header: Version: GnuPG v2.2.34 (GNU/Linux)\ngpg: original file name=''\ngpg: Signature made Thu Mar 31 23:25:07 2022 WIB\ngpg:                using RSA key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ngpg: using pgp trust model\ngpg: Good signature from \"xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\" [ultimate]\ngpg: textmode signature, digest algorithm SHA512, key algorithm rsa4096\n\n-x- Checking SHA512 files\\' digest ...\narchiveexample.tar.xz: OK\nklmnopqrstuvw/xyz.zip: OK\n\nEverything is OK.\n```\n\n```sh\n💲 # Disable globstar (**) if unnecessary.\n💲 shopt -u globstar\n```\n\n## \u003csamp\u003eKNOWN RECURSIVE ISSUE\u003c/samp\u003e\n\nSorts the first file found in globs, it will be terminated if the first found is a file from subdirectory.\n\nAlphabetically, it's shell specific, find out ...\n\nReproduce the issue:\n\n```sh\n💲 printf '%s\\n' dir/**/*\n```\n\n```sh\ndir/archives\ndir/archives/Gladient_JfD.tar.xz\ndir/cherry-blossoms_FHD.jpg\ndir/fonts\ndir/fonts/Feather.ttf\ndir/fonts/Material.ttf\n```\n\n```sh\n💲 gpger -s dir/**/*\n```\n\n```sh\n-x- Signing 'Gladient_JfD.tar.xz' with detached signature file ...\ngpg: using pgp trust model\ngpg: writing to 'Gladient_JfD.tar.sign'\ngpg: RSA/SHA256 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n\n-x- Compute and signing files\\' digest with SHA256 ...\nsha256sum: dir/cherry-blossoms_FHD.jpg: No such file or directory\nsha256sum: dir/fonts/Feather.ttf: No such file or directory\nsha256sum: dir/fonts/Material.ttf: No such file or directory\nTerminated\ngpg: using pgp trust model\ngpg: writing to 'sha256sums.asc'\ngpg: RSA/SHA256 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n```\n\nCurrent resolution:\n\n```sh\n💲 unset _; gpger -s dir/cherry-blossoms_FHD.jpg dir/[\\!$_]**/*\n```\n\n```sh\n-x- Signing 'Gladient_JfD.tar.xz' with detached signature file ...\ngpg: using pgp trust model\ngpg: writing to 'Gladient_JfD.tar.sign'\ngpg: RSA/SHA256 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n\n-x- Compute and signing files\\' digest with SHA256 ...\ngpg: using pgp trust model\ngpg: writing to 'sha256sums.asc'\ngpg: RSA/SHA256 signature from: \"xxxxxxxxxxxxxxxx xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\"\n\nEverything is OK.\n```\n\n```sh\n💲 unset _; gpger -v dir/cherry-blossoms_FHD.jpg dir/[\\!$_]**/*\n```\n\n```sh\n-x- Verifying 'Gladient_JfD.tar.xz' with detached signature file ...\ngpg: armor header: Comment: This signature is for the .tar version of the archive\ngpg: Signature made Thu Mar 31 23:19:36 2022 WIB\ngpg:                using RSA key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ngpg: using pgp trust model\ngpg: Good signature from \"xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\" [ultimate]\ngpg: binary signature, digest algorithm SHA256, key algorithm rsa4096\n\n-x- Verifying signed files\\' digest with SHA256 ...\ngpg: armor header: Hash: SHA256\ngpg: armor header: Version: GnuPG v2.2.34 (GNU/Linux)\ngpg: original file name=''\ngpg: Signature made Thu Mar 31 23:19:37 2022 WIB\ngpg:                using RSA key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ngpg: using pgp trust model\ngpg: Good signature from \"xxxxx xxxx (xxxxxx) \u003cxxxxxxxxxxxxxxx@xx.xx\u003e\" [ultimate]\ngpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096\n\n-x- Checking SHA256 files\\' digest ...\ncherry-blossoms_FHD.jpg: OK\narchives/Gladient_JfD.tar.xz: OK\nfonts/Feather.ttf: OK\nfonts/Material.ttf: OK\n\nEverything is OK.\n```\n\nAfter the options, then input the file path that takes precedence before the files from subdirectory\nand exclude the same file in globstar (\\*\\*) by making use of **$_** to not duplicate, so **shasum**\nwill be done there [dir] as the root directory. Remember that the `dir` directory is the same as\nthe demo in [usage](#usage), the difference is that we don't enter it as current directory.\nApart from that, for non-recursive (\\*) and for recursive (\\*\\*/\\*) with first file\nfound not from subdirectory no problem at all. Also, see https://shattered.io.\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowl4ce%2Fgpger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowl4ce%2Fgpger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowl4ce%2Fgpger/lists"}