condorcore-keyring/update-keys

84 lines
2.5 KiB
Plaintext
Raw Normal View History

#!/bin/bash
set -e
export LANG=C
TMPDIR=$(mktemp -d)
trap "rm -rf '${TMPDIR}'" EXIT
KEYSERVER='hkp://pool.sks-keyservers.net'
GPG="gpg --quiet --batch --no-tty --no-permission-warning --export-options no-export-attributes --keyserver "${KEYSERVER}" --homedir ${TMPDIR}"
pushd "$(dirname "$0")" >/dev/null
$GPG --gen-key <<EOF
%echo Generating Arch Linux Keyring keychain master key...
Key-Type: RSA
2012-03-31 10:40:22 -06:00
Key-Length: 1024
Key-Usage: sign
Name-Real: Arch Linux Keyring Keychain Master Key
Name-Email: archlinux-keyring@localhost
Expire-Date: 0
2015-02-07 03:28:34 -06:00
%no-protection
%commit
%echo Done
EOF
${GPG} --import < archlinux.gpg
rm -rf master{,-revoked} packager{,-revoked} archlinux-{trusted,revoked}
mkdir master packager master-revoked packager-revoked
while read -ra data; do
keyid="${data[0]}"
username="${data[@]:1}"
${GPG} --recv-keys ${keyid} &>/dev/null
printf 'minimize\nquit\ny\n' | \
${GPG} --command-fd 0 --edit-key ${keyid}
2012-03-31 10:40:22 -06:00
${GPG} --yes --lsign-key ${keyid} &>/dev/null
2013-09-26 15:55:57 -05:00
${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc
echo "${keyid}:4:" >> archlinux-trusted
done < master-keyids
2012-03-31 10:40:22 -06:00
${GPG} --import-ownertrust < archlinux-trusted 2>/dev/null
while read -ra data; do
keyid="${data[0]}"
username="${data[1]}"
${GPG} --recv-keys ${keyid} &>/dev/null
printf 'clean\nquit\ny\n' | \
${GPG} --command-fd 0 --edit-key ${keyid}
2017-10-17 07:01:23 -05:00
${GPG} --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
echo "${keyid}" >> archlinux-revoked
done < master-revoked-keyids
while read -ra data; do
keyid="${data[0]}"
${GPG} --recv-keys ${keyid} &>/dev/null
done < packager-keyids
while read -ra data; do
keyid="${data[0]}"
username="${data[@]:1}"
printf 'clean\nquit\ny\n' | \
${GPG} --command-fd 0 --edit-key ${keyid}
if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
echo "key is not fully trusted: ${keyid} ${username}"
else
2013-09-26 15:55:57 -05:00
${GPG} --armor --no-emit-version --export ${keyid} >> packager/${username}.asc
fi
done < packager-keyids
while read -ra data; do
keyid="${data[0]}"
username="${data[1]}"
${GPG} --recv-keys ${keyid} &>/dev/null
printf 'clean\nquit\ny\n' | \
${GPG} --command-fd 0 --edit-key ${keyid}
2017-10-17 07:01:23 -05:00
${GPG} --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
echo "${keyid}" >> archlinux-revoked
done < packager-revoked-keyids
cat master/*.asc master-revoked/*.asc packager/*.asc packager-revoked/*.asc > archlinux.gpg
popd >/dev/null