fsf-keyring.sh

   1 #!/bin/bash
   2
   3 # Usage: $0 [-r]
   4 # -r means dont refresh keys from keyservers
   5
   6 set -e
   7 set -x
   8
   9 refresh-gpg-key() {
  10
  11   key=$1
  12
  13   error=999
  14   for keyserver in keyring.debian.org keys.gnupg.net keyserver.ubuntu.com pool.sks-keyservers.net; do
  15     set +e
  16     cmd="gpg --keyserver $keyserver --recv-keys $key"
  17     # keyservers are not very reliable, so retry
  18     for x in {1..3}; do
  19       $cmd &>/dev/null
  20       ret=$?
  21       if (( ret == 0 )); then break; fi
  22       sleep 1
  23     done
  24     set -e
  25     error=$(( ret < error ? ret : error )) # use lowest return
  26   done
  27
  28   return $error
  29 }
  30
  31 refresh=true
  32 if [[ $1 == -r ]]; then
  33   refresh=false
  34 fi
  35
  36 KEYS+="67819B343B2AB70DED9320872C6464AF2A8E4C02 " #rms
  37 KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
  38 KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
  39 KEYS+="CEA951DB865D0D257BB0A14DCEB69E6F9B36C195 " #andrew
  40 KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald
  41 KEYS+="EF6643D6E1F115D1A9B7D59C92D16583E1E7C532 " #jeanne
  42 KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt
  43 KEYS+="318C679D94F17700CC847DE646A70073E4E50D4E " #ruben
  44 KEYS+="0CCB3494C13CCD8F6EC73AA06DA6B7D151C7643E " #dana
  45 KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian
  46 KEYS+="ECE5B5BF952A3AEA92C137F9C9230A4849ACE0DB " #molly
  47 KEYS+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt
  48 KEYS+="E9A271C071964891AA57663D9EA33414F5852F4E " #mako
  49 KEYS+="A2F4F1966D9E35C673EC30D5B6F1D83E9ACD9EBB " #bkuhn
  50 KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
  51 KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
  52 KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
  53 KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
  54 KEYS+="A8CAA4A2EB655D07BA1F367BC338CAA4FA700A3A" # oliva
  55
  56
  57 rm -f /tmp/keys.asc ./fsf-keyring.gpg
  58
  59 for KEY in $KEYS ; do
  60   if $refresh; then
  61     refresh-gpg-key $KEY
  62   fi
  63   gpg --export --armor $KEY >> /tmp/keys.asc
  64 done
  65
  66 # note: this doesn't work with gpg2. i dunno what the equivalent is in
  67 # gpg2, likely just exporting all the keys.
  68 command gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
  69 echo
  70 echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
  71 echo
  72 echo "gpg2 --no-default-keyring --keyring=./fsf-keyring.gpg --list-sigs | less"
  73 echo
  74 echo "Press [enter] to continue."
  75 echo
  76 read
  77 gpg --sign ./fsf-keyring.gpg
  78 mv fsf-keyring.gpg.gpg fsf-keyring.gpg
  79 rm fsf-keyring.gpg~