blob: ce29e974ab1794e5b2558090e3b5dc719eda7017 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/bin/bash
GPG='gpg --homedir /var/cache/kernelKeys/.gnupg --keyserver hkp://keys.gnupg.net'
if [ $# -eq 1 ] && [[ "$1" == *".sign" ]]
then
curl "$1" | \
${GPG} --verify - "$0" 2>&1 | \
grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \
sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|'
exit 0
fi
[ $# -eq 1 ] && lvl=$1 || lvl=2
${GPG} --check-trustdb
ignoreKeys="$(cat "$(dirname "$(readlink -f "$0")")/ignore-keys")"
signatures="$(
curl 'https://kernel.org/' 2>/dev/null | \
tr '"' '\n' | \
grep '\.sign$'
)"
alteKeyIds=""
for ((i=0; i<$lvl; i++))
do
if [ ${i} -eq 0 ]
then
keyIds="$(
echo "${signatures}" | \
parallel -j0 "$0" "{}" \; 2> /dev/null | \
sort -u
)"
else
keyIds="$(
${GPG} --list-sigs --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb ${alteKeyIds} | \
grep '^sig:' | \
cut -d: -f 5 | \
sed 's|^|0x|' | \
sort -u
)"
fi
echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys."
bekannteKeyIds="$(
${GPG} --list-keys --fast-list-mode --fixed-list-mode --with-colons --no-auto-check-trustdb | \
grep '^pub:' | \
cut -d: -f 5 | \
sed 's|^|0x|' | \
sort -u
)"
alleKeyIds="$(
(
echo "${keyIds}"
echo "${bekannteKeyIds}"
) | \
sort -u
)"
neueKeyIds="$(
(
echo "${alleKeyIds}"
echo "${bekannteKeyIds}"
for k in "${ignoreKeys[@]}"
do
echo "${k}"
echo "${k}"
done
) | \
sort | \
uniq -u
)"
echo "new keys: $(echo "${neueKeyIds}" | wc -l)"
echo "${neueKeyIds}" | \
xargs -n50 ${GPG} --recv-keys --no-auto-check-trustdb
err=$?
if [ ${err} -ne 0 ]
then
for s in ${neueKeyIds}
do
${GPG} -q --recv-keys --no-auto-check-trustdb "${s}" || echo "${s}"
done
exit ${err}
fi
alteKeyIds="${keyIds}"
done
echo "checking trustdb ..."
${GPG} --check-trustdb
echo "... done"
|
