projects / fsf-keyring.git / blob
? search:


32db3fa0819358ef1c19c0942030811e81a27316
[fsf-keyring.git] / fsf-keyring.sh
1 #!/bin/bash
2
3 # Usage: $0 [-r]
4 # -r means dont refresh keys from keyservers
5 #
6 # See https://gluestick.office.fsf.org/checklists/person/crypto-keys/ for
7 # upload command.
8
9 shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
10 set -eE -o pipefail
11 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
12
13 refresh-gpg-key() {
14
15 key=$1
16
17 error=999
18 for keyserver in keyring.debian.org keyserver.ubuntu.com pgp.mit.edu; do
19 echo "Trying $keyserver..."
20 set +e
21 cmd="gpg --keyserver $keyserver --recv-keys $key"
22 # Keyservers are not very reliable, so retry a few times.
23 for x in {1..3}; do
24 $cmd &>/dev/null
25 ret=$?
26 if (( ret == 0 )); then
27 break; fi
28 sleep 1
29 done
30 set -e
31 error=$(( ret < error ? ret : error )) # use lowest return
32 done
33
34 return $error
35 }
36
37 refresh=true
38 if [[ $1 == -r ]]; then
39 refresh=false
40 fi
41
42 KEYS+="67819B343B2AB70DED9320872C6464AF2A8E4C02 " #rms
43 KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
44 KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
45 KEYS+="1487E002421112A3B6C76B545FA66D3CA7518DBF " #andrew
46 KEYS+="8556112E9B88B1A8B3E3631B58A39239D50484E8 " #jeanne
47 KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian
48 KEYS+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt
49 KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
50 KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
51 KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
52 KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
53 KEYS+="5BE81180271798C6B4866C54598E4925C518D5DC " #davis
54 KEYS+="2E0ECE75F8162B407D666767879738E6D6440D57 " #devinu
55 KEYS+="D86097B5E291BA771FA64D357014A6BE08494155" #odile
56
57 rm -f /tmp/keys.asc ./fsf-keyring.gpg
58
59 for KEY in $KEYS ; do
60 if $refresh; then
61 echo "Key: $KEY"
62 refresh-gpg-key $KEY
63 fi
64 done
65
66 gpg2 --armor --export $KEYS > fsf-keyring.gpg
67
68 echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
69 echo
70 echo "ls -lh fsf-keyring.gpg"
71 echo
72 echo "Press [enter] to continue."
73 echo
74 read
75 gpg2 --armor --sign ./fsf-keyring.gpg
76 mv fsf-keyring.gpg.asc fsf-keyring.gpg
77 rm -f fsf-keyring.gpg~
Unnamed repository; edit this file 'description' to name the repository.