0

To update signatures in /boot I'd like to use find (GNU findutils) 4.6.0.

I know I can just loop and check if the signature matches with gpg, but I'd like to know how to use find with -newer in the same directory and use the currently matched pattern somehow to test if file.img is not newer than file.img.sig. Can this be easily done?

i.e. something like:

sigs=(`find /boot -type f -iname '*.sig'`)
for sig in ${sigs[@]}; do
  file=${sig%*.sig}
  find /boot -type f -name "$file" -newer /boot -type f -name "$sig"
done
Bart
  • 247
  • 1
    what about -newer "$sig" ? But your first line as well as your for loop declaration will not work ... Also looping over find result with a for-loop is not what you should do... – pLumo Apr 08 '19 at 14:10
  • Indeed I was wondering if it were possible without shell expansion or for loop, using only find. (I did not test the above, it was meant to illustrate.) – Bart Apr 08 '19 at 14:12

1 Answers1

2

Loops with find results can often be replaced by find -exec:

Try something like this,

find /boot -type f -iname '*.sig' \
    -exec sh -c 'find /boot -name "${1%.sig} -newer "$1"' sh {} \;
pLumo
  • 22,565
  • thanks. To prevent warnings -name should be -path though. – Bart Apr 08 '19 at 18:09
  • +1 Can you explain the bit about the numbered positional parameter $1, which if I read yr one-liner well represents individual files put out by by find /boot -type f -iname '*.sig' ? --- But then I am not sure I understand the last bit _ {} \;. --- man find on GNU findutils 4.6.0 was not terribly helpful in that respect. – Cbhihe Apr 09 '19 at 09:21
  • You're right, the {} will be the first argument "$1" inside sh -c. This should be done like this to avoid code injection vulnerability by passing {} directly to the sh script. See this for more details. Note, I changed _to sh ... – pLumo Apr 09 '19 at 09:27