diff options
author | Erich Eckner <git@eckner.net> | 2019-09-03 09:06:11 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-03 09:06:11 +0200 |
commit | 41adc0565ae4736af844194bd46f42e8ba3d740a (patch) | |
tree | 93a525ab921b9dbfbe0c604935217065a3a01eaa | |
parent | 1bc44686aad61f0df02e1d82c34329db5611046e (diff) | |
download | devops-41adc0565ae4736af844194bd46f42e8ba3d740a.tar.xz |
scrub-for-gpg-keys: add command line switches to disable key sources
-rwxr-xr-x | scrub-for-gpg-keys | 163 |
1 files changed, 111 insertions, 52 deletions
diff --git a/scrub-for-gpg-keys b/scrub-for-gpg-keys index 703078c..d4d6f69 100755 --- a/scrub-for-gpg-keys +++ b/scrub-for-gpg-keys @@ -1,54 +1,110 @@ #!/bin/bash -parabola_keyring_version=$( - curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \ - | sed ' - s@^.*<a href="parabola-keyring-\([0-9.]\+\)\.tar\.gz">.*$@\1@ - t - d - ' \ - | sort -V \ - | tail -n1 -) -parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz" +archlinux=true +archlinux_arm=true +archlinux_git=true +local=false +parabola=true +wishlist=true -archlinuxarm_keyring=$( - curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \ - | sed ' - s@^.*<a href="archlinuxarm-keyring-\([0-9.]\+-[0-9]\+\)-any\.pkg\.tar\.xz">.*$@\1@ - t - d - ' \ - | sort -V \ - | tail -n1 \ - | sed ' - s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@ - ' -) +while [ $# -gt 0 ]; do -{ - { - find \ - /usr/src/archlinux/{packages,community}/ \ - /usr/src/archlinux32/packages/ \ - ~/eigeneSkripte/archPackages/ \ - -type f -name PKGBUILD \ - -exec sed -n ' - /^\s*validpgpkeys=.*)/p - /^\s*validpgpkeys=[^)]\+$/,/)/p - ' {} + 2>/dev/null \ + case "x$1" in + 'x-l') + local=true + ;; + 'x--no-archlinux') + archlinux=false + ;; + 'x--no-archlinux-arm') + archlinux_arm=false + ;; + 'x--no-archlinux-git') + archlinux_git=false + ;; + 'x--no-parabola') + parabola=false + ;; + 'x--no-wishlist') + wishlist=false + ;; + *) + >&2 printf 'unknown parameter %s\n' "$1" + >&2 printf 'known parameters:\n' + >&2 printf ' -%s %s\n' \ + 'l' 'update local keyring' + >&2 printf ' --no-%s\n do not update keys from/mentioned in\n %s\n' \ + 'archlinux' 'locally running archlinux keyring' \ + 'archlinux-arm' 'archlinuxarm keyring package' \ + 'archlinux-git' 'archlinux sources (PKGBUILDs) git repository' \ + 'parabola' 'parabola keyring package sources' \ + 'wishlist' 'our keyserver'"'"'s wishlist' + exit 1 + ;; + esac + shift + +done + +if ${parabola}; then + parabola_keyring_version=$( + curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \ + | sed ' + s@^.*<a href="parabola-keyring-\([0-9.]\+\)\.tar\.gz">.*$@\1@ + t + d + ' \ + | sort -V \ + | tail -n1 + ) + parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz" +fi + +if ${archlinux_arm}; then + archlinuxarm_keyring=$( + curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \ | sed ' - s/#.*$// - s/^\s*validpgpkeys=(// - s/).*$// + s@^.*<a href="archlinuxarm-keyring-\([0-9.]\+-[0-9]\+\)-any\.pkg\.tar\.xz">.*$@\1@ + t + d ' \ - | tr -d '" \t'"'" + | sort -V \ + | tail -n1 \ + | sed ' + s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@ + ' + ) +fi + +{ + { + if ${archlinux_git}; then + find \ + /usr/src/archlinux/{packages,community}/ \ + /usr/src/archlinux32/packages/ \ + ~/eigeneSkripte/archPackages/ \ + -type f -name PKGBUILD \ + -exec sed -n ' + /^\s*validpgpkeys=.*)/p + /^\s*validpgpkeys=[^)]\+$/,/)/p + ' {} + 2>/dev/null \ + | sed ' + s/#.*$// + s/^\s*validpgpkeys=(// + s/).*$// + ' \ + | tr -d '" \t'"'" + fi curl -Ss 'https://archlinux32.org/key-wishlist' { - curl -Ss "${archlinuxarm_keyring}" \ - | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked} - curl -Ss "${parabola_keyring}" \ - | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked} + if ${archlinux_arm}; then + curl -Ss "${archlinuxarm_keyring}" \ + | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked} + fi + if ${parabola}; then + curl -Ss "${parabola_keyring}" \ + | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked} + fi } \ | cut -d: -f1 } \ @@ -66,17 +122,20 @@ archlinuxarm_keyring=$( fi printf '%s\n' "${key}" done - gpg --homedir /etc/pacman.d/gnupg -a --export - curl -Ss "${archlinuxarm_keyring}" \ - | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg - curl -Ss "${parabola_keyring}" \ - | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg + if ${archlinux}; then + gpg --homedir /etc/pacman.d/gnupg -a --export + fi + if ${archlinux_arm}; then + curl -Ss "${archlinuxarm_keyring}" \ + | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg + fi + if ${parabola}; then + curl -Ss "${parabola_keyring}" \ + | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg + fi } \ -| if [ "x$1" = 'x-l' ]; then +| if ${local}; then sudo su http -s /bin/bash -c 'gpg --import' -elif [ $# -ne 0 ]; then - >&2 echo 'only valid parameter is "-l"' - exit 1 else ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'" fi |