From 30a51c450efdeea9b5a59ce3400f5b5fe06d5180 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Sat, 18 Jan 2014 17:26:29 -0700 Subject: Initial commit --- update-keys | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100755 update-keys (limited to 'update-keys') diff --git a/update-keys b/update-keys new file mode 100755 index 0000000..0c44544 --- /dev/null +++ b/update-keys @@ -0,0 +1,74 @@ +#!/bin/bash + +export LANG=C + +TMPDIR=$(mktemp -d) +trap "rm -rf '${TMPDIR}'" EXIT + +KEYSERVER='hkp://pgp.mit.edu' +GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}" + +pushd "$(dirname "$0")" >/dev/null + +$GPG --gen-key </dev/null + printf 'minimize\nquit\ny\n' | \ + ${GPG} --command-fd 0 --edit-key ${keyid} + ${GPG} --yes --lsign-key ${keyid} &>/dev/null + ${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc + echo "${keyid}:4:" >> archlinuxarm-trusted +done < master-keyids +${GPG} --import-ownertrust < archlinuxarm-trusted 2>/dev/null + +while read -ra data; do + keyid="${data[0]}" + ${GPG} --recv-keys ${keyid} &>/dev/null +done < packager-keyids +while read -ra data; do + keyid="${data[0]}" + username="${data[@]:1}" + printf 'clean\nquit\ny\n' | \ + ${GPG} --command-fd 0 --edit-key ${keyid} + if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then + echo "key is not fully trusted: ${keyid} ${username}" + else + ${GPG} --armor --no-emit-version --export ${keyid} >> packager/${username}.asc + fi +done < packager-keyids + +# uncomment when we have keys to revoke + +#while read -ra data; do +# keyid="${data[0]}" +# username="${data[1]}" +# ${GPG} --recv-keys ${keyid} &>/dev/null +# printf 'clean\nquit\ny\n' | \ +# ${GPG} --command-fd 0 --edit-key ${keyid} +# if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then +# ${GPG} --armor --no-emit-version --export ${keyid} >> packager-revoked/${username}.asc +# echo "${keyid}" >> archlinuxarm-revoked +# else +# echo "key is still fully trusted: ${keyid} ${username}" +# fi +#done < packager-revoked-keyids + +cat master/*.asc packager/*.asc packager-revoked/*.asc > archlinuxarm.gpg + +popd >/dev/null -- cgit v1.2.3-70-g09d2