From b5cbe0068cb0a0c1b664168f55e777401317d96f Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Wed, 18 May 2016 10:29:46 +0200 Subject: separaten Schlüsselbund verwenden MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- download-missing-kernel-keys | 49 ++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 20 deletions(-) (limited to 'download-missing-kernel-keys') diff --git a/download-missing-kernel-keys b/download-missing-kernel-keys index 6c213ee..5771386 100755 --- a/download-missing-kernel-keys +++ b/download-missing-kernel-keys @@ -1,9 +1,11 @@ #!/bin/bash -if [ $# -eq 1 ] && [[ "$1" == *".kernel.org/"* ]] +GPG='gpg --homedir /var/cache/kernelKeys/.gnupg --keyserver hkp://keys.gnupg.net' + +if [ $# -eq 1 ] && [[ "$1" == *".sign" ]] then curl "$1" | \ - gpg --verify - "$0" 2>&1 | \ + ${GPG} --verify - "$0" 2>&1 | \ grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \ sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|' exit 0 @@ -11,32 +13,37 @@ fi [ $# -eq 1 ] && lvl=$1 || lvl=2 +${GPG} --check-trustdb + signatures="$( curl 'https://kernel.org/' 2>/dev/null | \ tr '"' '\n' | \ grep '\.sign$' )" -gpg --check-trustdb - -alteKeyIds="$( - echo "${signatures}" | \ - parallel -j0 "$0" "{}" \; 2> /dev/null | \ - sort -u -)" +alteKeyIds="" for ((i=0; i<$lvl; i++)) do - keyIds="$( - gpg --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \ - grep '^sig:' | \ - cut -d: -f 5 | \ - sed 's|^|0x|' | \ - sort -u - )" + if [ ${i} -eq 0 ] + then + keyIds="$( + echo "${signatures}" | \ + parallel -j0 "$0" "{}" \; 2> /dev/null | \ + sort -u + )" + else + keyIds="$( + ${GPG} --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \ + grep '^sig:' | \ + cut -d: -f 5 | \ + sed 's|^|0x|' | \ + sort -u + )" + fi echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys." bekannteKeyIds="$( - gpg --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \ + ${GPG} --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \ grep '^pub:' | \ cut -d: -f 5 | \ sed 's|^|0x|' | \ @@ -92,15 +99,17 @@ do uniq -u )" + echo "new keys: $(echo "${neueKeyIds}" | wc -l)" + echo "${neueKeyIds}" | \ - xargs -n50 gpg --recv-keys --no-auto-check-trustdb + xargs -n50 ${GPG} --recv-keys --no-auto-check-trustdb err=$? if [ ${err} -ne 0 ] then for s in ${neueKeyIds} do - gpg -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}" + ${GPG} -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}" done exit ${err} fi @@ -109,5 +118,5 @@ do done echo "checking trustdb ..." -gpg --check-trustdb +${GPG} --check-trustdb echo "... done" -- cgit v1.2.3-70-g09d2