diff options
Diffstat (limited to 'parabola-keyring/update-keys')
-rwxr-xr-x | parabola-keyring/update-keys | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/parabola-keyring/update-keys b/parabola-keyring/update-keys index 235e620..5765ae4 100755 --- a/parabola-keyring/update-keys +++ b/parabola-keyring/update-keys @@ -3,7 +3,7 @@ export LANG=C TMPDIR=$(mktemp -d) -trap "rm -rf '${TMPDIR}'" EXIT +#trap "rm -rf '${TMPDIR}'" EXIT KEYSERVER='hkp://pool.sks-keyservers.net' GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}" @@ -29,15 +29,29 @@ while read -ra data; do keyid="${data[0]}" username="${data[@]:1}" ${GPG} --recv-keys ${keyid} &>/dev/null - printf 'clean\nquit\ny\n' | \ + printf 'lsign\ny\ny\nsave\ny\n' | \ + ${GPG} --command-fd 0 --edit-key ${keyid} + echo "${keyid}:4:" | tee -a parabola-trusted +done < packager-keyids +${GPG} --import-ownertrust < parabola-trusted 2>/dev/null + +while read -ra data; do + keyid="${data[0]}" + username="${data[@]:1}" + printf 'clean\nquit\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} FD=$(mktemp) exec 4>"${FD}" - ${GPG} --yes --lsign-key ${keyid} &>/dev/null - ${GPG} --armor --output packager/${username}.asc --export ${keyid} - echo "${keyid}:4:" >> parabola-trusted + if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then + echo "key is not fully trusted: ${keyid} ${username}" + else + ${GPG} --armor --output packager/${username}.asc --export ${keyid} + fi done < packager-keyids cat packager/*.asc > parabola.gpg popd >/dev/null + +echo $TMPDIR +rm /tmp/tmp.* |