scrub-for-gpg-keys


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

#!/bin/bash

tmp_dir=$(mktemp -d)
trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
mkfifo "${tmp_dir}/key-fifo"

if [ "x$1" = 'x-l' ]; then
  sudo su http -s /bin/bash -c 'gpg --import' \
  < "${tmp_dir}/key-fifo" &
elif [ $# -ne 0 ]; then
  >&2 echo 'only valid parameter is "-l"'
  exit 1
else
  ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'" \
  < "${tmp_dir}/key-fifo" &
fi

{
  find \
    /usr/src/archlinux/{packages,community}/ \
    /usr/src/archlinux32/packages/ \
    ~/eigeneSkripte/archPackages/ \
    -type f -name PKGBUILD \
    -exec sed -n '
      /^\s*validpgpkeys=.*)/p
      /^\s*validpgpkeys=[^)]\+$/,/)/p
    ' {} + 2>/dev/null \
  | sed '
    s/#.*$//
    s/^\s*validpgpkeys=(//
    s/).*$//
  ' \
  | tr -d '" \t'"'"
  curl -Ss 'https://archlinux32.org/key-wishlist'
} \
| sort -u \
| grep -x '[0-9a-fA-F]\{16,40\}' \
| while read -r key_id; do
  key=$(gpg -a --export "${key_id}" 2>/dev/null)
  if [ -z "${key}" ]; then
    /usr/src/skripte/gpg-safe-import/gpg-safe-import --recv-keys "${key_id}"
    key=$(gpg -a --export "${key_id}" 2>/dev/null)
  fi
  if [ -z "${key}" ]; then
    >&2 printf 'wish-list key "%s" is unknown\n' "${key_id}"
    continue
  fi
  printf '%s\n' "${key}"
done \
> "${tmp_dir}/key-fifo"

rm "${tmp_dir}/key-fifo"