From b5cbe0068cb0a0c1b664168f55e777401317d96f Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Wed, 18 May 2016 10:29:46 +0200
Subject: separaten Schlüsselbund verwenden
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 download-missing-kernel-keys | 49 ++++++++++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 20 deletions(-)

diff --git a/download-missing-kernel-keys b/download-missing-kernel-keys
index 6c213ee..5771386 100755
--- a/download-missing-kernel-keys
+++ b/download-missing-kernel-keys
@@ -1,9 +1,11 @@
 #!/bin/bash
 
-if [ $# -eq 1 ] && [[ "$1" == *".kernel.org/"* ]]
+GPG='gpg --homedir /var/cache/kernelKeys/.gnupg --keyserver hkp://keys.gnupg.net'
+
+if [ $# -eq 1 ] && [[ "$1" == *".sign" ]]
 then
   curl "$1" | \
-    gpg --verify - "$0" 2>&1 | \
+    ${GPG} --verify - "$0" 2>&1 | \
     grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \
     sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|'
   exit 0
@@ -11,32 +13,37 @@ fi
 
 [ $# -eq 1 ] && lvl=$1 || lvl=2
 
+${GPG} --check-trustdb
+
 signatures="$(
   curl 'https://kernel.org/' 2>/dev/null | \
     tr '"' '\n' | \
     grep '\.sign$'
 )"
 
-gpg --check-trustdb
-
-alteKeyIds="$(
-  echo "${signatures}" | \
-    parallel -j0 "$0" "{}" \; 2> /dev/null | \
-    sort -u
-)"
+alteKeyIds=""
 
 for ((i=0; i<$lvl; i++))
 do
-  keyIds="$(
-    gpg --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \
-      grep '^sig:' | \
-      cut -d: -f 5 | \
-      sed 's|^|0x|' | \
-      sort -u
-  )"
+  if [ ${i} -eq 0 ]
+  then
+    keyIds="$(
+      echo "${signatures}" | \
+        parallel -j0 "$0" "{}" \; 2> /dev/null | \
+        sort -u
+    )"
+  else
+    keyIds="$(
+      ${GPG} --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \
+        grep '^sig:' | \
+        cut -d: -f 5 | \
+        sed 's|^|0x|' | \
+        sort -u
+    )"
+  fi
   echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys."
   bekannteKeyIds="$(
-    gpg --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \
+    ${GPG} --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \
       grep '^pub:' | \
       cut -d: -f 5 | \
       sed 's|^|0x|' | \
@@ -92,15 +99,17 @@ do
       uniq -u
   )"
 
+  echo "new keys: $(echo "${neueKeyIds}" | wc -l)"
+
   echo "${neueKeyIds}" | \
-    xargs -n50 gpg --recv-keys --no-auto-check-trustdb
+    xargs -n50 ${GPG} --recv-keys --no-auto-check-trustdb
   err=$?
 
   if [ ${err} -ne 0 ]
   then
     for s in ${neueKeyIds}
     do
-      gpg -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}"
+      ${GPG} -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}"
     done
     exit ${err}
   fi
@@ -109,5 +118,5 @@ do
 done
 
 echo "checking trustdb ..."
-gpg --check-trustdb
+${GPG} --check-trustdb
 echo "... done"
-- 
cgit v1.2.3-54-g00ecf