#!/bin/bash GPG='gpg --homedir /var/cache/kernelKeys/.gnupg --keyserver hkp://keys.gnupg.net' if [ $# -eq 1 ] && [[ "$1" == *".sign" ]] then curl "$1" | \ ${GPG} --verify - "$0" 2>&1 | \ grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \ sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|' exit 0 fi [ $# -eq 1 ] && lvl=$1 || lvl=2 ${GPG} --check-trustdb ignoreKeys="$(cat "$(dirname "$(readlink -f "$0")")/ignore-keys")" signatures="$( curl 'https://kernel.org/' 2>/dev/null | \ tr '"' '\n' | \ grep '\.sign$' )" alteKeyIds="" for ((i=0; i<$lvl; i++)) do if [ ${i} -eq 0 ] then keyIds="$( echo "${signatures}" | \ parallel -j0 "$0" "{}" \; 2> /dev/null | \ sort -u )" else keyIds="$( ${GPG} --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \ grep '^sig:' | \ cut -d: -f 5 | \ sed 's|^|0x|' | \ sort -u )" fi echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys." bekannteKeyIds="$( ${GPG} --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \ grep '^pub:' | \ cut -d: -f 5 | \ sed 's|^|0x|' | \ sort -u )" alleKeyIds="$( ( echo "${keyIds}" echo "${bekannteKeyIds}" ) | \ sort -u )" neueKeyIds="$( ( echo "${alleKeyIds}" echo "${bekannteKeyIds}" for k in "${ignoreKeys[@]}" do echo "${k}" echo "${k}" done ) | \ sort | \ uniq -u )" echo "new keys: $(echo "${neueKeyIds}" | wc -l)" echo "${neueKeyIds}" | \ xargs -n50 ${GPG} --recv-keys --no-auto-check-trustdb err=$? if [ ${err} -ne 0 ] then for s in ${neueKeyIds} do ${GPG} -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}" done exit ${err} fi alteKeyIds="${keyIds}" done echo "checking trustdb ..." ${GPG} --check-trustdb echo "... done"