index : archlinux32-keyring | |
Archlinux32 pacman keyring | gitolite user |
summaryrefslogtreecommitdiff |
author | Erich Eckner <git@eckner.net> | 2017-05-15 23:18:56 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2017-05-15 23:18:56 +0200 |
commit | c0b9f9e0b63edd4b6416511f114dfc1e725b9483 (patch) | |
tree | 6335b67f0cf5308adab9953c0115bb0ae68e7373 | |
parent | 8f18922c54268aa9a1a0ffba3ed0f3482571b632 (diff) |
-rw-r--r-- | archlinux32-revoked | 0 | ||||
-rwxr-xr-x | update-keys | 37 |
diff --git a/archlinux32-revoked b/archlinux32-revoked new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/archlinux32-revoked diff --git a/update-keys b/update-keys index 89051f7..fd2a716 100755 --- a/update-keys +++ b/update-keys @@ -48,35 +48,28 @@ while read -ra data; do ${GPG} --command-fd 0 --edit-key ${keyid} if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then echo "key is not fully trusted: ${keyid} ${username}" - ${GPG} --list-keys --with-colons ${keyid} - echo - ${GPG} --list-sigs ${keyid} - while read -r a b; do - echo - ${GPG} --list-keys --with-colons ${a} - done < master-keyids else ${GPG} --armor --no-emit-version --export ${keyid} >> packager/${username}.asc fi done < packager-keyids -# uncomment when we have keys to revoke +touch archlinux32-revoked -#while read -ra data; do -# keyid="${data[0]}" -# username="${data[1]}" -# ${GPG} --recv-keys ${keyid} &>/dev/null -# printf 'clean\nquit\ny\n' | \ -# ${GPG} --command-fd 0 --edit-key ${keyid} -# if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then -# ${GPG} --armor --no-emit-version --export ${keyid} >> packager-revoked/${username}.asc -# echo "${keyid}" >> archlinux32-revoked -# else -# echo "key is still fully trusted: ${keyid} ${username}" -# fi -#done < packager-revoked-keyids +while read -ra data; do + keyid="${data[0]}" + username="${data[1]}" + ${GPG} --recv-keys ${keyid} &>/dev/null + printf 'clean\nquit\ny\n' | \ + ${GPG} --command-fd 0 --edit-key ${keyid} + if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then + ${GPG} --armor --no-emit-version --export ${keyid} >> packager-revoked/${username}.asc + echo "${keyid}" >> archlinux32-revoked + else + echo "key is still fully trusted: ${keyid} ${username}" + fi +done < packager-revoked-keyids -#cat master/*.asc packager/*.asc packager-revoked/*.asc > archlinux32.gpg +# cat master/*.asc packager/*.asc packager-revoked/*.asc > archlinux32.gpg cat master/*.asc packager/*.asc > archlinux32.gpg |