diff options
author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-03-25 17:16:54 -0300 |
---|---|---|
committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-03-25 17:16:54 -0300 |
commit | e9f436a3716aa603d9e6affa84cf20520da349a4 (patch) | |
tree | f516618ed319924152123953f97bb5a1327bca36 /parabola-keyring/update-keys | |
parent | ddad7a19fde6561c19eca6ad69927b8f6f87e2c6 (diff) |
Fixing the Parabola WoT
Some commands from the master-keys processing were missing and thus generated
an incomplete WoT, since some signatures where removed.
Also, $GPG wasn't locally signing keys with multiple IDs, because it makes two
questions and $GPG was expecting one. This is still happening on pacman-key
and the fix is going to be applied on pacman 4.1.
Diffstat (limited to 'parabola-keyring/update-keys')
-rwxr-xr-x | parabola-keyring/update-keys | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/parabola-keyring/update-keys b/parabola-keyring/update-keys index 235e620..5765ae4 100755 --- a/parabola-keyring/update-keys +++ b/parabola-keyring/update-keys @@ -3,7 +3,7 @@ export LANG=C TMPDIR=$(mktemp -d) -trap "rm -rf '${TMPDIR}'" EXIT +#trap "rm -rf '${TMPDIR}'" EXIT KEYSERVER='hkp://pool.sks-keyservers.net' GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}" @@ -29,15 +29,29 @@ while read -ra data; do keyid="${data[0]}" username="${data[@]:1}" ${GPG} --recv-keys ${keyid} &>/dev/null - printf 'clean\nquit\ny\n' | \ + printf 'lsign\ny\ny\nsave\ny\n' | \ + ${GPG} --command-fd 0 --edit-key ${keyid} + echo "${keyid}:4:" | tee -a parabola-trusted +done < packager-keyids +${GPG} --import-ownertrust < parabola-trusted 2>/dev/null + +while read -ra data; do + keyid="${data[0]}" + username="${data[@]:1}" + printf 'clean\nquit\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} FD=$(mktemp) exec 4>"${FD}" - ${GPG} --yes --lsign-key ${keyid} &>/dev/null - ${GPG} --armor --output packager/${username}.asc --export ${keyid} - echo "${keyid}:4:" >> parabola-trusted + if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then + echo "key is not fully trusted: ${keyid} ${username}" + else + ${GPG} --armor --output packager/${username}.asc --export ${keyid} + fi done < packager-keyids cat packager/*.asc > parabola.gpg popd >/dev/null + +echo $TMPDIR +rm /tmp/tmp.* |