2012-02-12 10:04:59 -06:00
|
|
|
#!/bin/bash
|
|
|
|
|
2012-02-12 15:42:01 -06:00
|
|
|
export LANG=C
|
|
|
|
|
2012-02-12 10:04:59 -06:00
|
|
|
TMPDIR=$(mktemp -d)
|
|
|
|
trap "rm -rf '${TMPDIR}'" EXIT
|
|
|
|
|
2012-02-20 06:03:43 -06:00
|
|
|
KEYSERVER='hkp://pgp.mit.edu'
|
2012-02-12 15:42:01 -06:00
|
|
|
GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}"
|
2012-02-12 10:04:59 -06:00
|
|
|
|
|
|
|
pushd "$(dirname "$0")" >/dev/null
|
2012-02-12 15:42:01 -06:00
|
|
|
|
|
|
|
$GPG --gen-key <<EOF
|
|
|
|
%echo Generating Arch Linux Keyring keychain master key...
|
|
|
|
Key-Type: RSA
|
|
|
|
Key-Length: 2048
|
|
|
|
Key-Usage: sign
|
|
|
|
Name-Real: Arch Linux Keyring Keychain Master Key
|
|
|
|
Name-Email: archlinux-keyring@localhost
|
|
|
|
Expire-Date: 0
|
|
|
|
%commit
|
|
|
|
%echo Done
|
|
|
|
EOF
|
|
|
|
|
|
|
|
rm -rf master packager
|
|
|
|
mkdir master packager
|
|
|
|
|
|
|
|
while read -ra data; do
|
|
|
|
keyid="${data[0]}"
|
|
|
|
username="${data[@]:1}"
|
|
|
|
${GPG} --recv-keys ${keyid} &>/dev/null
|
|
|
|
printf 'y\ny\n' | \
|
|
|
|
${GPG} --command-fd 0 --lsign-key ${keyid} &>/dev/null
|
|
|
|
${GPG} --armor --output master/${username}.asc --export ${keyid}
|
2012-02-20 06:03:25 -06:00
|
|
|
echo "${keyid}:4:" >> master/ownertrust.txt
|
2012-02-12 15:42:01 -06:00
|
|
|
done < master-keyids
|
2012-02-20 06:03:25 -06:00
|
|
|
${GPG} --import-ownertrust < master/ownertrust.txt
|
2012-02-12 15:42:01 -06:00
|
|
|
|
|
|
|
while read -ra data; do
|
|
|
|
keyid="${data[0]}"
|
|
|
|
username="${data[@]:1}"
|
|
|
|
${GPG} --recv-keys ${keyid} &>/dev/null
|
|
|
|
FD=$(mktemp)
|
|
|
|
exec 4>"${FD}"
|
|
|
|
if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
|
|
|
|
echo "key is not fully trusted: ${keyid} ${username}"
|
|
|
|
else
|
|
|
|
${GPG} --armor --output packager/${username}.asc --export ${keyid}
|
|
|
|
fi
|
|
|
|
done < packager-keyids
|
|
|
|
|
2012-02-12 10:04:59 -06:00
|
|
|
popd >/dev/null
|