update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export
This has the same effect, but causes only the exported version of the key to be cleaned. Cleaning the internal copy doesn't matter. Signed-off-by: Christian Hesse <mail@eworm.de>
This commit is contained in:
Eli Schwartz
Christian Hesse
parent
44f69d009f
commit
cca61ee733
@ -15,7 +15,7 @@ quiet
|
||||
batch
|
||||
no-tty
|
||||
no-permission-warning
|
||||
export-options no-export-attributes
|
||||
export-options no-export-attributes,export-clean
|
||||
keyserver ${KEYSERVER}
|
||||
__EOF__
|
||||
|
||||
@ -65,7 +65,6 @@ done < master-keyids
|
||||
while read -ra data; do
|
||||
keyid="${data[0]}"
|
||||
username="${data[1]}"
|
||||
printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
|
||||
"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
|
||||
echo "${keyid}" >> archlinux-revoked
|
||||
done < master-revoked-keyids
|
||||
@ -74,7 +73,6 @@ done < master-revoked-keyids
|
||||
while read -ra data; do
|
||||
keyid="${data[0]}"
|
||||
username="${data[@]:1}"
|
||||
printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
|
||||
if ! "${GPG[@]}" --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
|
||||
echo "key is not fully trusted: ${keyid} ${username}"
|
||||
else
|
||||
@ -86,7 +84,6 @@ done < packager-keyids
|
||||
while read -ra data; do
|
||||
keyid="${data[0]}"
|
||||
username="${data[1]}"
|
||||
printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
|
||||
"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
|
||||
echo "${keyid}" >> archlinux-revoked
|
||||
done < packager-revoked-keyids
|
||||
|
||||
Loading…
Reference in New Issue
Block a user