diff options
Diffstat (limited to 'src/export-pkgbuild-keys.in')
-rw-r--r-- | src/export-pkgbuild-keys.in | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/src/export-pkgbuild-keys.in b/src/export-pkgbuild-keys.in new file mode 100644 index 0000000..8697b3d --- /dev/null +++ b/src/export-pkgbuild-keys.in @@ -0,0 +1,75 @@ +#!/bin/bash +# +# SPDX-License-Identifier: GPL-3.0-or-later + +m4_include(lib/common.sh) + +usage() { + cat <<- _EOF_ + Usage: ${BASH_SOURCE[0]##*/} + + Export the PGP keys from a PKGBUILDs validpgpkeys array into the keys/pgp/ + subdirectory. Useful for distributing packager validated source signing + keys alongside PKGBUILDs. + + OPTIONS + -h, --help Show this help text +_EOF_ +} + +# option checking +while (( $# )); do + case $1 in + -h|--help) + usage + exit 0 + ;; + *) + die "invalid argument: %s" "$1" + ;; + esac +done + +if [[ ! -f PKGBUILD ]]; then + die "This must be run a directory containing a PKGBUILD." +fi + +mapfile -t validpgpkeys < <( + # shellcheck source=PKGBUILD.proto + . ./PKGBUILD + if (( ${#validpgpkeys[@]} )); then + printf "%s\n" "${validpgpkeys[@]}" + fi +) + +msg "Exporting ${#validpgpkeys[@]} PGP keys..." +if (( ${#validpgpkeys[@]} == 0 )); then + exit 0 +fi + +trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT +TEMPDIR=$(mktemp -d --tmpdir export-pkgbuild-keys.XXXXXXXXXX) + +mkdir -p keys/pgp +error=0 + +for key in "${validpgpkeys[@]}"; do + gpg --output "$TEMPDIR/$key.asc" --armor --export --export-options export-minimal "$key" 2>/dev/null + + # gpg does not give a non-zero return value if it fails to export... + if [[ -f $TEMPDIR/$key.asc ]]; then + msg2 "Exported $key" + mv "$TEMPDIR/$key.asc" "keys/pgp/$key.asc" + else + if [[ -f keys/pgp/$key.asc ]]; then + warning "Failed to update key: $key" + else + error "Key unavailable: $key" + error=1 + fi + fi +done + +if (( error )); then + die "Failed to export all \'validpgpkeys\' entries." +fi |