| | 1 | #!/bin/bash |
| | 2 | |
| | 3 | # Usage: $0 [-r] |
| | 4 | # -r means dont refresh keys from keyservers |
| | 5 | # |
| | 6 | # See https://gluestick.office.fsf.org/checklists/person/crypto-keys/ for |
| | 7 | # upload command. |
| | 8 | |
| | 9 | shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 |
| | 10 | set -eE -o pipefail |
| | 11 | trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR |
| | 12 | |
| | 13 | refresh-gpg-key() { |
| | 14 | |
| | 15 | key=$1 |
| | 16 | |
| | 17 | error=999 |
| | 18 | for keyserver in keyring.debian.org keyserver.ubuntu.com pool.sks-keyservers.net; do |
| | 19 | set +e |
| | 20 | cmd="gpg --keyserver $keyserver --recv-keys $key" |
| | 21 | # keyservers are not very reliable, so retry |
| | 22 | for x in {1..3}; do |
| | 23 | $cmd &>/dev/null |
| | 24 | ret=$? |
| | 25 | if (( ret == 0 )); then |
| | 26 | break; fi |
| | 27 | sleep 1 |
| | 28 | done |
| | 29 | set -e |
| | 30 | error=$(( ret < error ? ret : error )) # use lowest return |
| | 31 | done |
| | 32 | |
| | 33 | return $error |
| | 34 | } |
| | 35 | |
| | 36 | refresh=true |
| | 37 | if [[ $1 == -r ]]; then |
| | 38 | refresh=false |
| | 39 | fi |
| | 40 | |
| | 41 | KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns |
| | 42 | KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh |
| | 43 | KEYS+="22DD43AF4C1F68C7AF784F1A7F861E72F9682D6F " #andrew |
| | 44 | KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald |
| | 45 | KEYS+="8556112E9B88B1A8B3E3631B58A39239D50484E8 " #jeanne |
| | 46 | KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt |
| | 47 | KEYS+="318C679D94F17700CC847DE646A70073E4E50D4E " #ruben |
| | 48 | KEYS+="0CCB3494C13CCD8F6EC73AA06DA6B7D151C7643E " #dana |
| | 49 | KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian |
| | 50 | KEYS+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt |
| | 51 | KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth |
| | 52 | KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael |
| | 53 | KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe |
| | 54 | KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf |
| | 55 | KEYS+="D86097B5E291BA771FA64D357014A6BE08494155 " #odile |
| | 56 | KEYS+="A8CAA4A2EB655D07BA1F367BC338CAA4FA700A3A" # oliva |
| | 57 | |
| | 58 | |
| | 59 | rm -f /tmp/keys.asc ./fsf-keyring.gpg |
| | 60 | |
| | 61 | for KEY in $KEYS ; do |
| | 62 | if $refresh; then |
| | 63 | refresh-gpg-key $KEY |
| | 64 | fi |
| | 65 | done |
| | 66 | |
| | 67 | gpg2 --armor --export $KEYS > fsf-keyring.gpg |
| | 68 | |
| | 69 | echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:" |
| | 70 | echo |
| | 71 | echo "ls -lh fsf-keyring.gpg" |
| | 72 | echo |
| | 73 | echo "Press [enter] to continue." |
| | 74 | echo |
| | 75 | read |
| | 76 | gpg2 --armor --sign ./fsf-keyring.gpg |
| | 77 | mv fsf-keyring.gpg.asc fsf-keyring.gpg |
| | 78 | rm -f fsf-keyring.gpg~ |
projects / fsf-keyring.git / blame_incremental