#!/bin/bash export LANG=C TMPDIR=$(mktemp -d) trap "rm -rf '${TMPDIR}'" EXIT KEYSERVER='hkp://keys.gnupg.net' GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}" pushd "$(dirname "$0")" >/dev/null $GPG --gen-key </dev/null printf 'minimize\nquit\ny\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} printf 'y\ny\n' | \ ${GPG} --command-fd 0 --lsign-key ${keyid} &>/dev/null ${GPG} --armor --output master/${username}.asc --export ${keyid} echo "${keyid}:4:" >> archlinux-trusted done < master-keyids ${GPG} --import-ownertrust < archlinux-trusted while read -ra data; do keyid="${data[0]}" username="${data[@]:1}" ${GPG} --recv-keys ${keyid} &>/dev/null printf 'clean\nquit\ny\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} FD=$(mktemp) exec 4>"${FD}" if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then echo "key is not fully trusted: ${keyid} ${username}" else ${GPG} --armor --output packager/${username}.asc --export ${keyid} fi done < packager-keyids cat master/*.asc packager/*.asc > archlinux.gpg for s in archlinux{.gpg,-trusted,-revoked}; do if ! ${GPG} --verify ${s}.sig; then rm -f ${s}.sig gpg --detach-sign --use-agent ${s} fi done popd >/dev/null