CondorCORE/condorcore-keyring
CondorCORE/condorcore-keyring
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update-keys: switch to keyserver keyserver.ubuntu.com

Browse Source 
As the SKS infrastructure is offline for good, we need to switch to
keyserver.ubuntu.com for the time being.

The Ubuntu keyservers to not support EC keys, thus we have to ignore
failure when refreshing keys.
This commit is contained in:
Christian Hesse 2021-08-02 13:06:47 +02:00
parent 0ee9781b80
commit 9cbe1e1414
No known key found for this signature in database
GPG Key ID: 54EDC91609BC9183
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
update-keys
View File

@ -9,7 +9,7 @@ export LANG=C
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
trap "rm -rf '${TMPDIR}'" EXIT trap "rm -rf '${TMPDIR}'" EXIT
KEYSERVER='hkp://pool.sks-keyservers.net' KEYSERVER='hkps://keyserver.ubuntu.com'
GPG=(gpg --homedir "${TMPDIR}") GPG=(gpg --homedir "${TMPDIR}")
cat << __EOF__ > "${TMPDIR}"/gpg.conf cat << __EOF__ > "${TMPDIR}"/gpg.conf
@ -49,7 +49,9 @@ while read -ra data; do
keyid="${data[0]}" keyid="${data[0]}"
username="${data[@]:1}" username="${data[@]:1}"
if "${GPG[@]}" --list-keys ${keyid} >/dev/null &>/dev/null; then if "${GPG[@]}" --list-keys ${keyid} >/dev/null &>/dev/null; then
"${GPG[@]}" --refresh-keys ${keyid} &>/dev/null # Ignore refresh failure; Ubuntu keyserver lacks support for EC keys
# TODO: Remove the "|| true" when the above is no longer an issue
"${GPG[@]}" --refresh-keys ${keyid} &>/dev/null || true
else else
"${GPG[@]}" --recv-keys ${keyid} &>/dev/null "${GPG[@]}" --recv-keys ${keyid} &>/dev/null
fi fi