summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-09-03 09:06:11 +0200
committerErich Eckner <git@eckner.net>2019-09-03 09:06:11 +0200
commit41adc0565ae4736af844194bd46f42e8ba3d740a (patch)
tree93a525ab921b9dbfbe0c604935217065a3a01eaa
parent1bc44686aad61f0df02e1d82c34329db5611046e (diff)
downloaddevops-41adc0565ae4736af844194bd46f42e8ba3d740a.tar.xz
scrub-for-gpg-keys: add command line switches to disable key sources
-rwxr-xr-xscrub-for-gpg-keys163
1 files changed, 111 insertions, 52 deletions
diff --git a/scrub-for-gpg-keys b/scrub-for-gpg-keys
index 703078c..d4d6f69 100755
--- a/scrub-for-gpg-keys
+++ b/scrub-for-gpg-keys
@@ -1,54 +1,110 @@
#!/bin/bash
-parabola_keyring_version=$(
- curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \
- | sed '
- s@^.*<a href="parabola-keyring-\([0-9.]\+\)\.tar\.gz">.*$@\1@
- t
- d
- ' \
- | sort -V \
- | tail -n1
-)
-parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz"
+archlinux=true
+archlinux_arm=true
+archlinux_git=true
+local=false
+parabola=true
+wishlist=true
-archlinuxarm_keyring=$(
- curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \
- | sed '
- s@^.*<a href="archlinuxarm-keyring-\([0-9.]\+-[0-9]\+\)-any\.pkg\.tar\.xz">.*$@\1@
- t
- d
- ' \
- | sort -V \
- | tail -n1 \
- | sed '
- s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@
- '
-)
+while [ $# -gt 0 ]; do
-{
- {
- find \
- /usr/src/archlinux/{packages,community}/ \
- /usr/src/archlinux32/packages/ \
- ~/eigeneSkripte/archPackages/ \
- -type f -name PKGBUILD \
- -exec sed -n '
- /^\s*validpgpkeys=.*)/p
- /^\s*validpgpkeys=[^)]\+$/,/)/p
- ' {} + 2>/dev/null \
+ case "x$1" in
+ 'x-l')
+ local=true
+ ;;
+ 'x--no-archlinux')
+ archlinux=false
+ ;;
+ 'x--no-archlinux-arm')
+ archlinux_arm=false
+ ;;
+ 'x--no-archlinux-git')
+ archlinux_git=false
+ ;;
+ 'x--no-parabola')
+ parabola=false
+ ;;
+ 'x--no-wishlist')
+ wishlist=false
+ ;;
+ *)
+ >&2 printf 'unknown parameter %s\n' "$1"
+ >&2 printf 'known parameters:\n'
+ >&2 printf ' -%s %s\n' \
+ 'l' 'update local keyring'
+ >&2 printf ' --no-%s\n do not update keys from/mentioned in\n %s\n' \
+ 'archlinux' 'locally running archlinux keyring' \
+ 'archlinux-arm' 'archlinuxarm keyring package' \
+ 'archlinux-git' 'archlinux sources (PKGBUILDs) git repository' \
+ 'parabola' 'parabola keyring package sources' \
+ 'wishlist' 'our keyserver'"'"'s wishlist'
+ exit 1
+ ;;
+ esac
+ shift
+
+done
+
+if ${parabola}; then
+ parabola_keyring_version=$(
+ curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \
+ | sed '
+ s@^.*<a href="parabola-keyring-\([0-9.]\+\)\.tar\.gz">.*$@\1@
+ t
+ d
+ ' \
+ | sort -V \
+ | tail -n1
+ )
+ parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz"
+fi
+
+if ${archlinux_arm}; then
+ archlinuxarm_keyring=$(
+ curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \
| sed '
- s/#.*$//
- s/^\s*validpgpkeys=(//
- s/).*$//
+ s@^.*<a href="archlinuxarm-keyring-\([0-9.]\+-[0-9]\+\)-any\.pkg\.tar\.xz">.*$@\1@
+ t
+ d
' \
- | tr -d '" \t'"'"
+ | sort -V \
+ | tail -n1 \
+ | sed '
+ s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@
+ '
+ )
+fi
+
+{
+ {
+ if ${archlinux_git}; then
+ find \
+ /usr/src/archlinux/{packages,community}/ \
+ /usr/src/archlinux32/packages/ \
+ ~/eigeneSkripte/archPackages/ \
+ -type f -name PKGBUILD \
+ -exec sed -n '
+ /^\s*validpgpkeys=.*)/p
+ /^\s*validpgpkeys=[^)]\+$/,/)/p
+ ' {} + 2>/dev/null \
+ | sed '
+ s/#.*$//
+ s/^\s*validpgpkeys=(//
+ s/).*$//
+ ' \
+ | tr -d '" \t'"'"
+ fi
curl -Ss 'https://archlinux32.org/key-wishlist'
{
- curl -Ss "${archlinuxarm_keyring}" \
- | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked}
- curl -Ss "${parabola_keyring}" \
- | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked}
+ if ${archlinux_arm}; then
+ curl -Ss "${archlinuxarm_keyring}" \
+ | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked}
+ fi
+ if ${parabola}; then
+ curl -Ss "${parabola_keyring}" \
+ | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked}
+ fi
} \
| cut -d: -f1
} \
@@ -66,17 +122,20 @@ archlinuxarm_keyring=$(
fi
printf '%s\n' "${key}"
done
- gpg --homedir /etc/pacman.d/gnupg -a --export
- curl -Ss "${archlinuxarm_keyring}" \
- | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg
- curl -Ss "${parabola_keyring}" \
- | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg
+ if ${archlinux}; then
+ gpg --homedir /etc/pacman.d/gnupg -a --export
+ fi
+ if ${archlinux_arm}; then
+ curl -Ss "${archlinuxarm_keyring}" \
+ | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg
+ fi
+ if ${parabola}; then
+ curl -Ss "${parabola_keyring}" \
+ | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg
+ fi
} \
-| if [ "x$1" = 'x-l' ]; then
+| if ${local}; then
sudo su http -s /bin/bash -c 'gpg --import'
-elif [ $# -ne 0 ]; then
- >&2 echo 'only valid parameter is "-l"'
- exit 1
else
ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'"
fi