scrub-for-gpg-keys


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

#!/bin/bash


{
  {
    find \
      /usr/src/archlinux/{packages,community}/ \
      /usr/src/archlinux32/packages/ \
      ~/eigeneSkripte/archPackages/ \
      -type f -name PKGBUILD \
      -exec sed -n '
        /^\s*validpgpkeys=.*)/p
        /^\s*validpgpkeys=[^)]\+$/,/)/p
      ' {} + 2>/dev/null \
    | sed '
      s/#.*$//
      s/^\s*validpgpkeys=(//
      s/).*$//
    ' \
    | tr -d '" \t'"'"
    curl -Ss 'https://archlinux32.org/key-wishlist'
  } \
  | sort -u \
  | grep -x '[0-9a-fA-F]\{16,40\}' \
  | while read -r key_id; do
    key=$(gpg -a --export "${key_id}" 2>/dev/null)
    if [ -z "${key}" ]; then
      /usr/src/skripte/gpg-safe-import/gpg-safe-import --recv-keys "${key_id}"
      key=$(gpg -a --export "${key_id}" 2>/dev/null)
    fi
    if [ -z "${key}" ]; then
      >&2 printf 'wish-list key "%s" is unknown\n' "${key_id}"
      continue
    fi
    printf '%s\n' "${key}"
  done
  gpg --homedir /etc/pacman.d/gnupg -a --export
} \
| if [ "x$1" = 'x-l' ]; then
  sudo su http -s /bin/bash -c 'gpg --import'
elif [ $# -ne 0 ]; then
  >&2 echo 'only valid parameter is "-l"'
  exit 1
else
  ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'"
fi