Rework the update process
* use --refresh-keys if key is available, not --recv-keys * refresh/receive in one go
This commit is contained in:
parent
a48a66dfd6
commit
0e79570527
32
update-keys
32
update-keys
@ -30,37 +30,42 @@ ${GPG} --import < archlinux.gpg
|
|||||||
rm -rf master{,-revoked} packager{,-revoked} archlinux-{trusted,revoked}
|
rm -rf master{,-revoked} packager{,-revoked} archlinux-{trusted,revoked}
|
||||||
mkdir master packager master-revoked packager-revoked
|
mkdir master packager master-revoked packager-revoked
|
||||||
|
|
||||||
|
# refresh/receive all keys
|
||||||
while read -ra data; do
|
while read -ra data; do
|
||||||
keyid="${data[0]}"
|
keyid="${data[0]}"
|
||||||
username="${data[@]:1}"
|
username="${data[@]:1}"
|
||||||
|
if ${GPG} --list-keys ${keyid} >/dev/null &>/dev/null; then
|
||||||
|
${GPG} --refresh-keys ${keyid} &>/dev/null
|
||||||
|
else
|
||||||
${GPG} --recv-keys ${keyid} &>/dev/null
|
${GPG} --recv-keys ${keyid} &>/dev/null
|
||||||
printf 'minimize\nquit\ny\n' | \
|
fi
|
||||||
${GPG} --command-fd 0 --edit-key ${keyid}
|
done < <(cat master-keyids master-revoked-keyids packager-keyids packager-revoked-keyids)
|
||||||
|
|
||||||
|
# master-keyids
|
||||||
|
while read -ra data; do
|
||||||
|
keyid="${data[0]}"
|
||||||
|
username="${data[@]:1}"
|
||||||
|
printf 'minimize\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid}
|
||||||
${GPG} --yes --lsign-key ${keyid} &>/dev/null
|
${GPG} --yes --lsign-key ${keyid} &>/dev/null
|
||||||
${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc
|
${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc
|
||||||
echo "${keyid}:4:" >> archlinux-trusted
|
echo "${keyid}:4:" >> archlinux-trusted
|
||||||
done < master-keyids
|
done < master-keyids
|
||||||
${GPG} --import-ownertrust < archlinux-trusted 2>/dev/null
|
${GPG} --import-ownertrust < archlinux-trusted 2>/dev/null
|
||||||
|
|
||||||
|
# master-revoked-keyids
|
||||||
while read -ra data; do
|
while read -ra data; do
|
||||||
keyid="${data[0]}"
|
keyid="${data[0]}"
|
||||||
username="${data[1]}"
|
username="${data[1]}"
|
||||||
${GPG} --recv-keys ${keyid} &>/dev/null
|
printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid}
|
||||||
printf 'clean\nquit\ny\n' | \
|
|
||||||
${GPG} --command-fd 0 --edit-key ${keyid}
|
|
||||||
${GPG} --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
|
${GPG} --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
|
||||||
echo "${keyid}" >> archlinux-revoked
|
echo "${keyid}" >> archlinux-revoked
|
||||||
done < master-revoked-keyids
|
done < master-revoked-keyids
|
||||||
|
|
||||||
while read -ra data; do
|
# packager-keyids
|
||||||
keyid="${data[0]}"
|
|
||||||
${GPG} --recv-keys ${keyid} &>/dev/null
|
|
||||||
done < packager-keyids
|
|
||||||
while read -ra data; do
|
while read -ra data; do
|
||||||
keyid="${data[0]}"
|
keyid="${data[0]}"
|
||||||
username="${data[@]:1}"
|
username="${data[@]:1}"
|
||||||
printf 'clean\nquit\ny\n' | \
|
printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid}
|
||||||
${GPG} --command-fd 0 --edit-key ${keyid}
|
|
||||||
if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
|
if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
|
||||||
echo "key is not fully trusted: ${keyid} ${username}"
|
echo "key is not fully trusted: ${keyid} ${username}"
|
||||||
else
|
else
|
||||||
@ -68,12 +73,11 @@ while read -ra data; do
|
|||||||
fi
|
fi
|
||||||
done < packager-keyids
|
done < packager-keyids
|
||||||
|
|
||||||
|
# packager-revoked-keyids
|
||||||
while read -ra data; do
|
while read -ra data; do
|
||||||
keyid="${data[0]}"
|
keyid="${data[0]}"
|
||||||
username="${data[1]}"
|
username="${data[1]}"
|
||||||
${GPG} --recv-keys ${keyid} &>/dev/null
|
printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid}
|
||||||
printf 'clean\nquit\ny\n' | \
|
|
||||||
${GPG} --command-fd 0 --edit-key ${keyid}
|
|
||||||
${GPG} --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
|
${GPG} --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
|
||||||
echo "${keyid}" >> archlinux-revoked
|
echo "${keyid}" >> archlinux-revoked
|
||||||
done < packager-revoked-keyids
|
done < packager-revoked-keyids
|
||||||
|
Loading…
Reference in New Issue
Block a user