update-keys: move armor to gpg.conf

This option only affects --export, and we always use armored keys.

Signed-off-by: Christian Hesse <mail@eworm.de>
This commit is contained in:
Eli Schwartz 2019-08-05 17:30:35 -04:00 committed by Christian Hesse
parent cca61ee733
commit c4264b6784

View File

@ -17,6 +17,8 @@ no-tty
no-permission-warning no-permission-warning
export-options no-export-attributes,export-clean export-options no-export-attributes,export-clean
keyserver ${KEYSERVER} keyserver ${KEYSERVER}
armor
no-emit-version
__EOF__ __EOF__
pushd "$(dirname "$0")" >/dev/null pushd "$(dirname "$0")" >/dev/null
@ -56,7 +58,7 @@ while read -ra data; do
username="${data[@]:1}" username="${data[@]:1}"
printf 'minimize\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid} printf 'minimize\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
"${GPG[@]}" --yes --lsign-key ${keyid} &>/dev/null "${GPG[@]}" --yes --lsign-key ${keyid} &>/dev/null
"${GPG[@]}" --armor --no-emit-version --export ${keyid} >> master/${username}.asc "${GPG[@]}" --export ${keyid} >> master/${username}.asc
echo "${keyid}:4:" >> archlinux-trusted echo "${keyid}:4:" >> archlinux-trusted
done < master-keyids done < master-keyids
"${GPG[@]}" --import-ownertrust < archlinux-trusted 2>/dev/null "${GPG[@]}" --import-ownertrust < archlinux-trusted 2>/dev/null
@ -65,7 +67,7 @@ done < master-keyids
while read -ra data; do while read -ra data; do
keyid="${data[0]}" keyid="${data[0]}"
username="${data[1]}" username="${data[1]}"
"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc "${GPG[@]}" --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
echo "${keyid}" >> archlinux-revoked echo "${keyid}" >> archlinux-revoked
done < master-revoked-keyids done < master-revoked-keyids
@ -76,7 +78,7 @@ while read -ra data; do
if ! "${GPG[@]}" --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then if ! "${GPG[@]}" --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
echo "key is not fully trusted: ${keyid} ${username}" echo "key is not fully trusted: ${keyid} ${username}"
else else
"${GPG[@]}" --armor --no-emit-version --export ${keyid} >> packager/${username}.asc "${GPG[@]}" --export ${keyid} >> packager/${username}.asc
fi fi
done < packager-keyids done < packager-keyids
@ -84,7 +86,7 @@ done < packager-keyids
while read -ra data; do while read -ra data; do
keyid="${data[0]}" keyid="${data[0]}"
username="${data[1]}" username="${data[1]}"
"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc "${GPG[@]}" --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
echo "${keyid}" >> archlinux-revoked echo "${keyid}" >> archlinux-revoked
done < packager-revoked-keyids done < packager-revoked-keyids