From cca61ee733ea1b6a915062b649d8ccedb1371701 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 5 Aug 2019 17:25:45 -0400 Subject: [PATCH] update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export This has the same effect, but causes only the exported version of the key to be cleaned. Cleaning the internal copy doesn't matter. Signed-off-by: Christian Hesse --- update-keys | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/update-keys b/update-keys index a4c5898..3157e91 100755 --- a/update-keys +++ b/update-keys @@ -15,7 +15,7 @@ quiet batch no-tty no-permission-warning -export-options no-export-attributes +export-options no-export-attributes,export-clean keyserver ${KEYSERVER} __EOF__ @@ -65,7 +65,6 @@ done < master-keyids while read -ra data; do keyid="${data[0]}" username="${data[1]}" - printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid} "${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc echo "${keyid}" >> archlinux-revoked done < master-revoked-keyids @@ -74,7 +73,6 @@ done < master-revoked-keyids while read -ra data; do keyid="${data[0]}" username="${data[@]:1}" - printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid} if ! "${GPG[@]}" --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then echo "key is not fully trusted: ${keyid} ${username}" else @@ -86,7 +84,6 @@ done < packager-keyids while read -ra data; do keyid="${data[0]}" username="${data[1]}" - printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid} "${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc echo "${keyid}" >> archlinux-revoked done < packager-revoked-keyids