update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export

This has the same effect, but causes only the exported version of the
key to be cleaned. Cleaning the internal copy doesn't matter.

Signed-off-by: Christian Hesse <mail@eworm.de>

update-keys

@@ -15,7 +15,7 @@ quiet
 batch
 no-tty
 no-permission-warning
-export-options no-export-attributes
+export-options no-export-attributes,export-clean
 keyserver ${KEYSERVER}
 __EOF__
 
@@ -65,7 +65,6 @@ done < master-keyids
 while read -ra data; do
 	keyid="${data[0]}"
 	username="${data[1]}"
-	printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
 	"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
 	echo "${keyid}" >> archlinux-revoked
 done < master-revoked-keyids
@@ -74,7 +73,6 @@ done < master-revoked-keyids
 while read -ra data; do
 	keyid="${data[0]}"
 	username="${data[@]:1}"
-	printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
 	if ! "${GPG[@]}" --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
 		echo "key is not fully trusted: ${keyid} ${username}"
 	else
@@ -86,7 +84,6 @@ done < packager-keyids
 while read -ra data; do
 	keyid="${data[0]}"
 	username="${data[1]}"
-	printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
 	"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
 	echo "${keyid}" >> archlinux-revoked
 done < packager-revoked-keyids