summaryrefslogtreecommitdiff
path: root/download-missing-kernel-keys
blob: 06048ecfbe2fba8538988e5d259de69a5a5c59b0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash

if [ $# -eq 1 ] && [[ "$1" == *".kernel.org/"* ]]
then
  curl "$1" | \
    gpg --verify - "$0" 2>&1 | \
    grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \
    sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|'
  exit 0
fi

[ $# -eq 1 ] && lvl=$1 || lvl=2

signatures="$(
  curl 'https://kernel.org/' 2>/dev/null | \
    tr '"' '\n' | \
    grep '\.sign$'
)"

alteKeyIds="$(
  echo "${signatures}" | \
    parallel -j0 "$0" "{}" \; 2> /dev/null | \
    sort -u
)"

for ((i=0; i<$lvl; i++))
do
  keyIds="$(
    gpg --list-sigs --fast-list-mode --fixed-list-mode --with-colons ${alteKeyIds} | \
      grep '^sig:' | \
      cut -d: -f 5 | \
      sed 's|^|0x|' | \
      sort -u
  )"
  echo "stage ${i}:" $(echo "${alteKeyIds}" | wc -l) "keys ->" $(echo "${keyIds}" | wc -l) "keys."
  alleKeyIds="$(
    (
      echo "${keyIds}"
      echo "${alteKeyIds}"
    ) | \
      sort -u
  )"

  (
    echo "${alleKeyIds}"
    echo "${alteKeyIds}"
  ) | \
    sort | \
    uniq -u | \
    xargs -n50 gpg --recv-keys --no-auto-check-trustdb

  alteKeyIds="${alleKeyIds}"
done

echo "checking trustdb ..."
gpg --check-trustdb
echo "... done"