updated fsf keyring file
[fsf-keyring.git] / fsf-keyring.sh
CommitLineData
3fc145d4 1#!/bin/bash
3e4c32c3 2
725b460c
IK
3# Usage: $0 [-r]
4# -r means dont refresh keys from keyservers
d27f8055
IK
5#
6# See https://gluestick.office.fsf.org/checklists/person/crypto-keys/ for
7# upload command.
725b460c 8
e9702c48
IK
9shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
10set -eE -o pipefail
11trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
3e4c32c3 12
227fa583
IK
13refresh-gpg-key() {
14
15 key=$1
16
17 error=999
5aa63901 18 for keyserver in keyring.debian.org keyserver.ubuntu.com pool.sks-keyservers.net; do
227fa583
IK
19 set +e
20 cmd="gpg --keyserver $keyserver --recv-keys $key"
21 # keyservers are not very reliable, so retry
22 for x in {1..3}; do
23 $cmd &>/dev/null
24 ret=$?
55a1be4b
IK
25 if (( ret == 0 )); then
26 break; fi
227fa583
IK
27 sleep 1
28 done
29 set -e
30 error=$(( ret < error ? ret : error )) # use lowest return
31 done
32
33 return $error
34}
3e4c32c3 35
e72d434b
IK
36refresh=true
37if [[ $1 == -r ]]; then
38 refresh=false
39fi
40
3e4c32c3
IK
41KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
42KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
5c18cac2 43KEYS+="22DD43AF4C1F68C7AF784F1A7F861E72F9682D6F " #andrew
3e4c32c3 44KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald
403f4f95 45KEYS+="8556112E9B88B1A8B3E3631B58A39239D50484E8 " #jeanne
3e4c32c3 46KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt
34ae62db 47KEYS+="318C679D94F17700CC847DE646A70073E4E50D4E " #ruben
3e4c32c3
IK
48KEYS+="0CCB3494C13CCD8F6EC73AA06DA6B7D151C7643E " #dana
49KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian
f4caeebe 50KEYS+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt
3e4c32c3 51KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
06ea525c 52KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
47309b71 53KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
7c4333a9 54KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
eae33465 55KEYS+="D86097B5E291BA771FA64D357014A6BE08494155 " #odile
725b460c 56KEYS+="A8CAA4A2EB655D07BA1F367BC338CAA4FA700A3A" # oliva
7c4333a9 57
3e4c32c3
IK
58
59rm -f /tmp/keys.asc ./fsf-keyring.gpg
60
61for KEY in $KEYS ; do
e72d434b
IK
62 if $refresh; then
63 refresh-gpg-key $KEY
64 fi
3e4c32c3
IK
65done
66
7f8b8bae 67gpg2 --armor --export $KEYS > fsf-keyring.gpg
55a1be4b 68
77b92854
AE
69echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
70echo
9aebde55 71echo "ls -lh fsf-keyring.gpg"
77b92854
AE
72echo
73echo "Press [enter] to continue."
74echo
75read
7f8b8bae
IK
76gpg2 --armor --sign ./fsf-keyring.gpg
77mv fsf-keyring.gpg.asc fsf-keyring.gpg
55a1be4b 78rm -f fsf-keyring.gpg~