summaryrefslogtreecommitdiff
path: root/bin/update-gpg-keys
blob: fe6dfe388abba25c607214c3b376dc14a7ef62ba (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/sh

# shellcheck source=../lib/load-configuration
. "${0%/*}/../lib/load-configuration"

if [ $# -ne 0 ]; then
  >&2 echo 'error: No arguments expected, but some were given.'
  exit 1
fi

# shellcheck disable=SC2016
{
  printf 'SELECT'
  printf ' `gpg_keys`.`fingerprint`,'
  printf 'replace(to_base64(`gpg_keys`.`public_key`),"\\n","")'
  printf ' FROM `gpg_keys`'
} \
| mysql_run_query \
| while read -r fingerprint public_key; do
  printf '%s\n' "${public_key}" \
  | base64 -d \
  | gpg --import \
  >/dev/null 2>&1
  gpg --quiet --locate-keys "${fingerprint}" \
  >/dev/null 2>&1 \
  || true
  curl -Ss 'https://archlinux32.org/keys.php?k='"${fingerprint}" \
  | gpg --import --quiet \
  >/dev/null 2>&1 \
  || true
  printf 'UPDATE `gpg_keys`'
  printf ' SET `gpg_keys`.`public_key`=from_base64("%s")' \
    "$(
      gpg -a --export "${fingerprint}" \
      | base64 -w0
    )"
  printf ' WHERE `gpg_keys`.`fingerprint`="%s";\n' \
    "${fingerprint}"
done \
| mysql_run_query

# shellcheck disable=SC2016
{
  printf 'SELECT `gpg_keys`.`fingerprint`'
  printf ' FROM `gpg_keys`;\n'
} \
| mysql_run_query \
| xargs -r gpg -a --export \
| curl -T - 'https://archlinux32.org/keys.php'