f2101938ba
The update script creates key files for master keys and all developers with fully trusted keys.
53 lines
1.3 KiB
Bash
Executable File
53 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
export LANG=C
|
|
|
|
TMPDIR=$(mktemp -d)
|
|
trap "rm -rf '${TMPDIR}'" EXIT
|
|
|
|
KEYSERVER='pgp.mit.edu'
|
|
GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}"
|
|
|
|
pushd "$(dirname "$0")" >/dev/null
|
|
|
|
$GPG --gen-key <<EOF
|
|
%echo Generating Arch Linux Keyring keychain master key...
|
|
Key-Type: RSA
|
|
Key-Length: 2048
|
|
Key-Usage: sign
|
|
Name-Real: Arch Linux Keyring Keychain Master Key
|
|
Name-Email: archlinux-keyring@localhost
|
|
Expire-Date: 0
|
|
%commit
|
|
%echo Done
|
|
EOF
|
|
|
|
rm -rf master packager
|
|
mkdir master packager
|
|
|
|
while read -ra data; do
|
|
keyid="${data[0]}"
|
|
username="${data[@]:1}"
|
|
${GPG} --recv-keys ${keyid} &>/dev/null
|
|
printf 'y\ny\n' | \
|
|
${GPG} --command-fd 0 --lsign-key ${keyid} &>/dev/null
|
|
printf 'trust\n3\nquit\n' | \
|
|
${GPG} --command-fd 0 --edit-key ${keyid} &>/dev/null
|
|
${GPG} --armor --output master/${username}.asc --export ${keyid}
|
|
done < master-keyids
|
|
|
|
while read -ra data; do
|
|
keyid="${data[0]}"
|
|
username="${data[@]:1}"
|
|
${GPG} --recv-keys ${keyid} &>/dev/null
|
|
FD=$(mktemp)
|
|
exec 4>"${FD}"
|
|
if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
|
|
echo "key is not fully trusted: ${keyid} ${username}"
|
|
else
|
|
${GPG} --armor --output packager/${username}.asc --export ${keyid}
|
|
fi
|
|
done < packager-keyids
|
|
|
|
popd >/dev/null
|