fsf-keyring.sh

   1 #!/bin/bash
   2
   3 # Usage: $0 [-r]
   4 # -r means dont refresh keys from keyservers
   5 #
   6 # See https://gluestick.office.fsf.org/checklists/person/crypto-keys/ for
   7 # upload command.
   8
   9 shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
  10 set -eE -o pipefail
  11 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
  12
  13 refresh-gpg-key() {
  14
  15   key=$1
  16
  17   error=999
  18   for keyserver in keyring.debian.org keyserver.ubuntu.com pool.sks-keyservers.net; do
  19     set +e
  20     cmd="gpg --keyserver $keyserver --recv-keys $key"
  21     # keyservers are not very reliable, so retry
  22     for x in {1..3}; do
  23       $cmd &>/dev/null
  24       ret=$?
  25       if (( ret == 0 )); then
  26         break; fi
  27       sleep 1
  28     done
  29     set -e
  30     error=$(( ret < error ? ret : error )) # use lowest return
  31   done
  32
  33   return $error
  34 }
  35
  36 refresh=true
  37 if [[ $1 == -r ]]; then
  38   refresh=false
  39 fi
  40
  41 KEYS+="67819B343B2AB70DED9320872C6464AF2A8E4C02 " #rms
  42 KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
  43 KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
  44 KEYS+="22DD43AF4C1F68C7AF784F1A7F861E72F9682D6F " #andrew
  45 KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald
  46 KEYS+="8556112E9B88B1A8B3E3631B58A39239D50484E8 " #jeanne
  47 KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt
  48 KEYS+="318C679D94F17700CC847DE646A70073E4E50D4E " #ruben
  49 KEYS+="0CCB3494C13CCD8F6EC73AA06DA6B7D151C7643E " #dana
  50 KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian
  51 KEYS+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt
  52 KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
  53 KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
  54 KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
  55 KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
  56 KEYS+="D86097B5E291BA771FA64D357014A6BE08494155"  #odile
  57
  58
  59 rm -f /tmp/keys.asc ./fsf-keyring.gpg
  60
  61 for KEY in $KEYS ; do
  62   if $refresh; then
  63     echo
  64     refresh-gpg-key $KEY
  65   fi
  66 done
  67
  68 gpg2 --armor --export $KEYS > fsf-keyring.gpg
  69
  70 echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
  71 echo
  72 echo "ls -lh fsf-keyring.gpg"
  73 echo
  74 echo "Press [enter] to continue."
  75 echo
  76 read
  77 gpg2 --armor --sign ./fsf-keyring.gpg
  78 mv fsf-keyring.gpg.asc fsf-keyring.gpg
  79 rm -f fsf-keyring.gpg~