diff options
| author | Erich Eckner <git@eckner.net> | 2016-05-18 10:29:46 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2016-05-18 10:29:46 +0200 |
| commit | b5cbe0068cb0a0c1b664168f55e777401317d96f (patch) | |
| tree | 157126643ac8afa8805646edb6a26e2a987dc4d6 | |
| parent | e3f1ec0e6db36b175c02092afc2600f825f14a5f (diff) | |
| download | kernelKeys-b5cbe0068cb0a0c1b664168f55e777401317d96f.tar.xz | |
separaten Schlüsselbund verwenden
| -rwxr-xr-x | download-missing-kernel-keys | 49 |
1 files changed, 29 insertions, 20 deletions
diff --git a/download-missing-kernel-keys b/download-missing-kernel-keys index 6c213ee..5771386 100755 --- a/download-missing-kernel-keys +++ b/download-missing-kernel-keys @@ -1,9 +1,11 @@ #!/bin/bash -if [ $# -eq 1 ] && [[ "$1" == *".kernel.org/"* ]] +GPG='gpg --homedir /var/cache/kernelKeys/.gnupg --keyserver hkp://keys.gnupg.net' + +if [ $# -eq 1 ] && [[ "$1" == *".sign" ]] then curl "$1" | \ - gpg --verify - "$0" 2>&1 | \ + ${GPG} --verify - "$0" 2>&1 | \ grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \ sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|' exit 0 @@ -11,32 +13,37 @@ fi [ $# -eq 1 ] && lvl=$1 || lvl=2 +${GPG} --check-trustdb + signatures="$( curl 'https://kernel.org/' 2>/dev/null | \ tr '"' '\n' | \ grep '\.sign$' )" -gpg --check-trustdb - -alteKeyIds="$( - echo "${signatures}" | \ - parallel -j0 "$0" "{}" \; 2> /dev/null | \ - sort -u -)" +alteKeyIds="" for ((i=0; i<$lvl; i++)) do - keyIds="$( - gpg --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \ - grep '^sig:' | \ - cut -d: -f 5 | \ - sed 's|^|0x|' | \ - sort -u - )" + if [ ${i} -eq 0 ] + then + keyIds="$( + echo "${signatures}" | \ + parallel -j0 "$0" "{}" \; 2> /dev/null | \ + sort -u + )" + else + keyIds="$( + ${GPG} --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \ + grep '^sig:' | \ + cut -d: -f 5 | \ + sed 's|^|0x|' | \ + sort -u + )" + fi echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys." bekannteKeyIds="$( - gpg --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \ + ${GPG} --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \ grep '^pub:' | \ cut -d: -f 5 | \ sed 's|^|0x|' | \ @@ -92,15 +99,17 @@ do uniq -u )" + echo "new keys: $(echo "${neueKeyIds}" | wc -l)" + echo "${neueKeyIds}" | \ - xargs -n50 gpg --recv-keys --no-auto-check-trustdb + xargs -n50 ${GPG} --recv-keys --no-auto-check-trustdb err=$? if [ ${err} -ne 0 ] then for s in ${neueKeyIds} do - gpg -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}" + ${GPG} -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}" done exit ${err} fi @@ -109,5 +118,5 @@ do done echo "checking trustdb ..." -gpg --check-trustdb +${GPG} --check-trustdb echo "... done" |