scrub-for-gpg-keys new

1 files changed, 52 insertions, 0 deletions

diff --git a/scrub-for-gpg-keys b/scrub-for-gpg-keys
new file mode 100755
index 0000000..2e760c7
--- /dev/null
+++ b/scrub-for-gpg-keys
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+tmp_dir=$(mktemp -d)
+trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
+mkfifo "${tmp_dir}/key-fifo"
+
+if [ "x$1" = 'x-l' ]; then
+  sudo su http -s /bin/bash -c 'gpg --import' \
+  < "${tmp_dir}/key-fifo" &
+elif [ $# -ne 0 ]; then
+  >&2 echo 'only valid parameter is "-l"'
+  exit 1
+else
+  ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'" \
+  < "${tmp_dir}/key-fifo" &
+fi
+
+{
+  find \
+    /usr/src/archlinux/{packages,community}/ \
+    /usr/src/archlinux32/packages/ \
+    ~/eigeneSkripte/archPackages/ \
+    -type f -name PKGBUILD \
+    -exec sed -n '
+      /^\s*validpgpkeys=.*)/p
+      /^\s*validpgpkeys=[^)]\+$/,/)/p
+    ' {} + 2>/dev/null \
+  | sed '
+    s/#.*$//
+    s/^\s*validpgpkeys=(//
+    s/).*$//
+  ' \
+  | tr -d '" \t'"'"
+  curl -Ss 'https://archlinux32.org/key-wishlist'
+} \
+| sort -u \
+| grep -x '[0-9a-fA-F]\{16,40\}' \
+| while read -r key_id; do
+  key=$(gpg -a --export "${key_id}" 2>/dev/null)
+  if [ -z "${key}" ]; then
+    /usr/src/skripte/gpg-safe-import/gpg-safe-import --recv-keys "${key_id}"
+    key=$(gpg -a --export "${key_id}" 2>/dev/null)
+  fi
+  if [ -z "${key}" ]; then
+    >&2 printf 'wish-list key "%s" is unknown\n' "${key_id}"
+    continue
+  fi
+  printf '%s\n' "${key}"
+done \
+> "${tmp_dir}/key-fifo"
+
+rm "${tmp_dir}/key-fifo"