From ba0a8e203ac3a90f0660e71034e55809943a6319 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 25 Feb 2020 11:36:11 +0100
Subject: bin/generate-key-graph: compress information - do not duplicate
 packager keys for each master keyring

---
 bin/generate-key-graph | 59 ++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 48 insertions(+), 11 deletions(-)

diff --git a/bin/generate-key-graph b/bin/generate-key-graph
index 17e6bd1..6dae873 100755
--- a/bin/generate-key-graph
+++ b/bin/generate-key-graph
@@ -67,10 +67,31 @@ expiration_color() {
   printf 'digraph "key-graph" {\n'
   printf 'rankdir=LR;\n'
 
+  mkdir "${tmp_dir}/gnupg"
+  while read -r s _; do
+    printf '%s\n' "${s}" \
+    | base64 -w0 -d
+  done \
+  <"${tmp_dir}/packager-keys" \
+  | ${GPG} --import
+  while read -r _ fp; do
+    printf '"%s"[label="packager key %s\\n%s",color="#0000ff",fontcolor="%s"];\n' \
+      "${fp}" \
+      "${fp:0:8}" \
+      "$(get_user_info "${fp}")" \
+      "$(expiration_color "${fp}")"
+  done \
+  <"${tmp_dir}/packager-keys"
+
+  rm -rf --one-file-system "${tmp_dir}/gnupg"
+
   find "${tmp_dir}" -type f -name 'archlinux32-*.pkg.tar*' \
   | while read -r keyring_package; do
     mkdir "${tmp_dir}/gnupg"
 
+    kpf="${keyring_package##*/}"
+    kpf="${kpf%.pkg.tar*}"
+
     {
       while read -r s _; do
         printf '%s\n' "${s}" \
@@ -88,32 +109,48 @@ expiration_color() {
       | cut -d: -f1
     )
 
-    while read -r _ fp; do
-      printf '"%s-%s"[label="packager key %s\\n%s",color="#0000ff",fontcolor="%s"];\n' \
-        "${keyring_package##*/}" \
-        "${fp}" \
-        "${fp:0:8}" \
-        "$(get_user_info "${fp}")" \
-        "$(expiration_color "${fp}")"
-    done \
-    <"${tmp_dir}/packager-keys"
+    printf 'subgraph "cluster %s" {\n' \
+      "${kpf}"
+    printf 'label="%s";\n' \
+      "${kpf}"
 
     bsdtar -Oxf "${keyring_package}" usr/share/pacman/keyrings/archlinux32-trusted \
     | while IFS=: read -r fp _; do
       printf '"%s-%s"[label="master key %s\\n%s",color="#00ff00",fontcolor="%s"];\n' \
-        "${keyring_package##*/}" \
+        "${kpf}" \
         "${fp}" \
         "${fp:0:8}" \
         "$(get_user_info "${fp}")" \
         "$(expiration_color "${fp}")"
     done
+
+    printf '}\n'
+
     for key_id in ${all_keys}; do
       ${GPG} --list-sigs --with-colons "0x${key_id}" \
       | grep -wF "${all_keys}" \
       | grep '^sig:' \
       | cut -d : -f 13 \
       | grep -vxF "${key_id}" \
-      | sed 's/^\S\+$/"'"${keyring_package##*/}"'-\0" -> "'"${keyring_package##*/}"'-'"${key_id}"'";/'
+      | while read -r sig; do
+        if cut -f2 \
+        < "${tmp_dir}/packager-keys" \
+        | grep -qxF "${sig}"; then
+          print_sig="${sig}"
+        else
+          print_sig="${kpf}-${sig}"
+        fi
+        if cut -f2 \
+        < "${tmp_dir}/packager-keys" \
+        | grep -qxF "${key_id}"; then
+          print_key="${key_id}"
+        else
+          print_key="${kpf}-${key_id}"
+        fi
+        printf '"%s" -> "%s";\n' \
+          "${print_sig}" \
+          "${print_key}"
+      done
     done \
     | sort -u
 
-- 
cgit v1.2.3