#!/bin/bash if [ $# -eq 1 ] && [[ "$1" == *".kernel.org/"* ]] then curl "$1" | \ gpg --verify - "$0" 2>&1 | \ grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \ sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|' exit 0 fi [ $# -eq 1 ] && lvl=$1 || lvl=2 signatures="$( curl 'https://kernel.org/' 2>/dev/null | \ tr '"' '\n' | \ grep '\.sign$' )" alteKeyIds="$( echo "${signatures}" | \ parallel -j0 "$0" "{}" \; 2> /dev/null | \ sort -u )" for ((i=0; i<$lvl; i++)) do keyIds="$( gpg --list-sigs --fast-list-mode --fixed-list-mode --with-colons ${alteKeyIds} | \ grep '^sig:' | \ cut -d: -f 5 | \ sed 's|^|0x|' | \ sort -u )" echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys." alleKeyIds="$( ( echo "${keyIds}" echo "${alteKeyIds}" ) | \ sort -u )" ( echo "${alleKeyIds}" echo "${alteKeyIds}" ) | \ sort | \ uniq -u | \ xargs -n50 gpg --recv-keys --no-auto-check-trustdb alteKeyIds="${alleKeyIds}" done echo "checking trustdb ..." gpg --check-trustdb echo "... done"