summaryrefslogtreecommitdiff
path: root/export-pkgbuild-keys.in
blob: f392f4cac818485608545639627d32bfd16bde7f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/bin/bash
#
# SPDX-License-Identifier: GPL-3.0-or-later

m4_include(lib/common.sh)

usage() {
	cat <<- _EOF_
		Usage: ${BASH_SOURCE[0]##*/}

		Export the PGP keys from a PKGBUILDs validpgpkeys array into the keys/pgp/
		subdirectory. Useful for distributing packager validated source signing
		keys alongside PKGBUILDs.

		OPTIONS
		    -h, --help      Show this help text
_EOF_
}

# option checking
while (( $# )); do
	case $1 in
		-h|--help)
			usage
			exit 0
			;;
		*)
			die "invalid argument: %s" "$1"
			;;
	esac
done

if [[ ! -f PKGBUILD ]]; then
	die "This must be run a directory containing a PKGBUILD."
fi

mapfile -t validpgpkeys < <(
	# shellcheck source=PKGBUILD.proto
	. ./PKGBUILD
	printf "%s\n" "${validpgpkeys[@]}"
)

if (( ${#validpgpkeys[@]} == 0 )); then
	exit 0
fi

mkdir -p keys/pgp
error=0

for key in "${validpgpkeys[@]}"; do
	gpg --output "keys/pgp/$key.asc.tmp" --armor --export --export-options export-minimal "$key" 2>/dev/null

	# gpg does not give a non-zero return value if it fails to export...
	if [[ -f keys/pgp/$key.asc.tmp ]]; then
		mv "keys/pgp/$key.asc.tmp" "keys/pgp/$key.asc"
	else
		if [[ -f keys/pgp/$key.asc ]]; then
			warning "Failed to update key: $key"
		else
			error "Key unavailable: $key"
			error=1
		fi
	fi
done

if (( error )); then
	die "Failed to export all \'validpgpkeys\' entries."
fi