From 3d688b2d0aa547e80dc25c98a3bd39bb57eaaecb Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Fri, 22 Jan 2021 09:50:31 +0100
Subject: bin/update-gpg-keys new: refresh local-keyring keys and keys in mysql
 from each other and archlinux32.org/keys.php and wkd

---
 bin/update-gpg-keys | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100755 bin/update-gpg-keys

(limited to 'bin/update-gpg-keys')

diff --git a/bin/update-gpg-keys b/bin/update-gpg-keys
new file mode 100755
index 0000000..7e42291
--- /dev/null
+++ b/bin/update-gpg-keys
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# shellcheck source=../lib/load-configuration
+. "${0%/*}/../lib/load-configuration"
+
+if [ $# -ne 0 ]; then
+  >&2 echo 'error: No arguments expected, but some were given.'
+  exit 1
+fi
+
+# shellcheck disable=SC2016
+{
+  printf 'SELECT'
+  printf ' `gpg_keys`.`fingerprint`,'
+  printf 'replace(to_base64(`gpg_keys`.`public_key`),"\\n","")'
+  printf ' FROM `gpg_keys`'
+} \
+| mysql_run_query \
+| while read -r fingerprint public_key; do
+  printf '%s\n' "${public_key}" \
+  | base64 -d \
+  | gpg --import \
+  >/dev/null 2>&1
+  gpg --quiet --locate-keys "${fingerprint}" \
+  >/dev/null 2>&1 \
+  || true
+  curl -Ss 'https://archlinux32.org/keys.php?k='"${fingerprint}" \
+  | gpg --import --quiet \
+  >/dev/null 2>&1 \
+  || true
+  printf 'UPDATE `gpg_keys`'
+  printf ' SET `gpg_keys`.`public_key`=from_base64("%s")' \
+    "$(
+      gpg -a --export "${fingerprint}" \
+      | base64 -w0
+    )"
+  printf ' WHERE `gpg_keys`.`fingerprint`="%s";\n' \
+    "${fingerprint}"
+done \
+| mysql_run_query
-- 
cgit v1.2.3