summaryrefslogtreecommitdiff
path: root/scrub-for-gpg-keys
blob: 703078cf140c6592b9856532dde8898f52b2c4f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash

parabola_keyring_version=$(
  curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \
  | sed '
    s@^.*<a href="parabola-keyring-\([0-9.]\+\)\.tar\.gz">.*$@\1@
    t
    d
  ' \
  | sort -V \
  | tail -n1
)
parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz"

archlinuxarm_keyring=$(
  curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \
  | sed '
    s@^.*<a href="archlinuxarm-keyring-\([0-9.]\+-[0-9]\+\)-any\.pkg\.tar\.xz">.*$@\1@
    t
    d
  ' \
  | sort -V \
  | tail -n1 \
  | sed '
    s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@
  '
)

{
  {
    find \
      /usr/src/archlinux/{packages,community}/ \
      /usr/src/archlinux32/packages/ \
      ~/eigeneSkripte/archPackages/ \
      -type f -name PKGBUILD \
      -exec sed -n '
        /^\s*validpgpkeys=.*)/p
        /^\s*validpgpkeys=[^)]\+$/,/)/p
      ' {} + 2>/dev/null \
    | sed '
      s/#.*$//
      s/^\s*validpgpkeys=(//
      s/).*$//
    ' \
    | tr -d '" \t'"'"
    curl -Ss 'https://archlinux32.org/key-wishlist'
    {
      curl -Ss "${archlinuxarm_keyring}" \
      | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked}
      curl -Ss "${parabola_keyring}" \
      | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked}
    } \
    | cut -d: -f1
  } \
  | sort -u \
  | grep -x '[0-9a-fA-F]\{16,40\}' \
  | while read -r key_id; do
    key=$(gpg -a --export "${key_id}" 2>/dev/null)
    if [ -z "${key}" ]; then
      /usr/src/skripte/gpg-safe-import/gpg-safe-import --recv-keys "${key_id}"
      key=$(gpg -a --export "${key_id}" 2>/dev/null)
    fi
    if [ -z "${key}" ]; then
      >&2 printf 'wish-list key "%s" is unknown\n' "${key_id}"
      continue
    fi
    printf '%s\n' "${key}"
  done
  gpg --homedir /etc/pacman.d/gnupg -a --export
  curl -Ss "${archlinuxarm_keyring}" \
  | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg
  curl -Ss "${parabola_keyring}" \
  | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg
} \
| if [ "x$1" = 'x-l' ]; then
  sudo su http -s /bin/bash -c 'gpg --import'
elif [ $# -ne 0 ]; then
  >&2 echo 'only valid parameter is "-l"'
  exit 1
else
  ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'"
fi