archlinuxarm-keyring/update-keys

#!/bin/bash

export LANG=C

TMPDIR=$(mktemp -d)
trap "rm -rf '${TMPDIR}'" EXIT

KEYSERVER='hkp://pgp.mit.edu'
GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}"

pushd "$(dirname "$0")" >/dev/null

$GPG --gen-key <<EOF
%echo Generating Arch Linux ARM Keyring keychain master key...
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Arch Linux ARM Keyring Keychain Master Key
Name-Email: archlinuxarm-keyring@localhost
Expire-Date: 0
%commit
%echo Done
EOF

rm -rf master packager packager-revoked archlinuxarm-trusted archlinuxarm-revoked
mkdir master packager packager-revoked

while read -ra data; do
	keyid="${data[0]}"
	username="${data[@]:1}"
	${GPG} --recv-keys ${keyid} &>/dev/null
	printf 'minimize\nquit\ny\n' | \
		${GPG} --command-fd 0 --edit-key ${keyid}
	${GPG} --yes --lsign-key ${keyid} &>/dev/null
	${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc
	echo "${keyid}:4:" >> archlinuxarm-trusted
done < master-keyids
${GPG} --import-ownertrust < archlinuxarm-trusted 2>/dev/null

while read -ra data; do
	keyid="${data[0]}"
	${GPG} --recv-keys ${keyid} &>/dev/null
done < packager-keyids
while read -ra data; do
	keyid="${data[0]}"
	username="${data[@]:1}"
	printf 'clean\nquit\ny\n' | \
		${GPG} --command-fd 0 --edit-key ${keyid}
	if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
		echo "key is not fully trusted: ${keyid} ${username}"
	else
		${GPG} --armor --no-emit-version --export ${keyid} >> packager/${username}.asc
	fi
done < packager-keyids

# uncomment when we have keys to revoke

#while read -ra data; do
#	keyid="${data[0]}"
#	username="${data[1]}"
#	${GPG} --recv-keys ${keyid} &>/dev/null
#	printf 'clean\nquit\ny\n' | \
#		${GPG} --command-fd 0 --edit-key ${keyid}
#	if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
#		${GPG} --armor --no-emit-version --export ${keyid} >> packager-revoked/${username}.asc
#		echo "${keyid}" >> archlinuxarm-revoked
#	else
#		echo "key is still fully trusted: ${keyid} ${username}"
#	fi
#done < packager-revoked-keyids

cat master/*.asc packager/*.asc packager-revoked/*.asc > archlinuxarm.gpg

popd >/dev/null
Initial commit 2014-01-19 00:26:29 +00:00			`#!/bin/bash`

			`export LANG=C`

			`TMPDIR=$(mktemp -d)`
			`trap "rm -rf '${TMPDIR}'" EXIT`

			`KEYSERVER='hkp://pgp.mit.edu'`
			`GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}"`

			`pushd "$(dirname "$0")" >/dev/null`

			`$GPG --gen-key <<EOF`
			`%echo Generating Arch Linux ARM Keyring keychain master key...`
			`Key-Type: RSA`
			`Key-Length: 1024`
			`Key-Usage: sign`
			`Name-Real: Arch Linux ARM Keyring Keychain Master Key`
			`Name-Email: archlinuxarm-keyring@localhost`
			`Expire-Date: 0`
			`%commit`
			`%echo Done`
			`EOF`

			`rm -rf master packager packager-revoked archlinuxarm-trusted archlinuxarm-revoked`
			`mkdir master packager packager-revoked`

			`while read -ra data; do`
			`keyid="${data[0]}"`
			`username="${data[@]:1}"`
			`${GPG} --recv-keys ${keyid} &>/dev/null`
			`printf 'minimize\nquit\ny\n' \| \`
			`${GPG} --command-fd 0 --edit-key ${keyid}`
			`${GPG} --yes --lsign-key ${keyid} &>/dev/null`
			`${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc`
			`echo "${keyid}:4:" >> archlinuxarm-trusted`
			`done < master-keyids`
			`${GPG} --import-ownertrust < archlinuxarm-trusted 2>/dev/null`

			`while read -ra data; do`
			`keyid="${data[0]}"`
			`${GPG} --recv-keys ${keyid} &>/dev/null`
			`done < packager-keyids`
			`while read -ra data; do`
			`keyid="${data[0]}"`
			`username="${data[@]:1}"`
			`printf 'clean\nquit\ny\n' \| \`
			`${GPG} --command-fd 0 --edit-key ${keyid}`
			`if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null \| grep -q '^pub:f:'; then`
			`echo "key is not fully trusted: ${keyid} ${username}"`
			`else`
			`${GPG} --armor --no-emit-version --export ${keyid} >> packager/${username}.asc`
			`fi`
			`done < packager-keyids`

			`# uncomment when we have keys to revoke`

			`#while read -ra data; do`
			`# keyid="${data[0]}"`
			`# username="${data[1]}"`
			`# ${GPG} --recv-keys ${keyid} &>/dev/null`
			`# printf 'clean\nquit\ny\n' \| \`
			`# ${GPG} --command-fd 0 --edit-key ${keyid}`
			`# if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null \| grep -q '^pub:f:'; then`
			`# ${GPG} --armor --no-emit-version --export ${keyid} >> packager-revoked/${username}.asc`
			`# echo "${keyid}" >> archlinuxarm-revoked`
			`# else`
			`# echo "key is still fully trusted: ${keyid} ${username}"`
			`# fi`
			`#done < packager-revoked-keyids`

			`cat master/.asc packager/.asc packager-revoked/*.asc > archlinuxarm.gpg`

			`popd >/dev/null`