#!/bin/bash export LANG=C TMPDIR=$(mktemp -d) trap "rm -rf '${TMPDIR}'" EXIT KEYSERVER='hkp://pgp.mit.edu' GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}" pushd "$(dirname "$0")" >/dev/null $GPG --gen-key </dev/null printf 'minimize\nquit\ny\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} ${GPG} --yes --lsign-key ${keyid} &>/dev/null ${GPG} --armor --no-emit-version --export ${keyid} >> master/${username}.asc echo "${keyid}:4:" >> archlinuxarm-trusted done < master-keyids ${GPG} --import-ownertrust < archlinuxarm-trusted 2>/dev/null while read -ra data; do keyid="${data[0]}" ${GPG} --recv-keys ${keyid} &>/dev/null done < packager-keyids while read -ra data; do keyid="${data[0]}" username="${data[@]:1}" printf 'clean\nquit\ny\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then echo "key is not fully trusted: ${keyid} ${username}" else ${GPG} --armor --no-emit-version --export ${keyid} >> packager/${username}.asc fi done < packager-keyids # uncomment when we have keys to revoke #while read -ra data; do # keyid="${data[0]}" # username="${data[1]}" # ${GPG} --recv-keys ${keyid} &>/dev/null # printf 'clean\nquit\ny\n' | \ # ${GPG} --command-fd 0 --edit-key ${keyid} # if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then # ${GPG} --armor --no-emit-version --export ${keyid} >> packager-revoked/${username}.asc # echo "${keyid}" >> archlinuxarm-revoked # else # echo "key is still fully trusted: ${keyid} ${username}" # fi #done < packager-revoked-keyids cat master/*.asc packager/*.asc packager-revoked/*.asc > archlinuxarm.gpg popd >/dev/null