From 3e96a8f10f5b1a92bcb9b46ca28c08ae82e178ed Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Mon, 10 Jun 2013 14:18:32 +0200 Subject: [PATCH] Import all keys before cleaning them up --- update-keys | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/update-keys b/update-keys index ca60170..2747c1c 100755 --- a/update-keys +++ b/update-keys @@ -39,12 +39,13 @@ ${GPG} --import-ownertrust < archlinux-trusted 2>/dev/null while read -ra data; do keyid="${data[0]}" - username="${data[@]:1}" ${GPG} --recv-keys ${keyid} &>/dev/null +done < packager-keyids +while read -ra data; do + keyid="${data[0]}" + username="${data[@]:1}" printf 'clean\nquit\ny\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} - FD=$(mktemp) - exec 4>"${FD}" if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then echo "key is not fully trusted: ${keyid} ${username}" else @@ -58,8 +59,6 @@ while read -ra data; do ${GPG} --recv-keys ${keyid} &>/dev/null printf 'clean\nquit\ny\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} - FD=$(mktemp) - exec 4>"${FD}" if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then ${GPG} --armor --no-emit-version --output packager-revoked/${username}.asc --export ${keyid} echo "${keyid}" >> archlinux-revoked