#!/bin/bash -l
+# Usage: $0 [-r]
+# -r means dont refresh keys from keyservers
+
set -e
set -x
key=$1
error=999
- for keyserver in pgp.mit.edu pool.sks-keyservers.net keyring.debian.org; do
+ for keyserver in keyring.debian.org keys.gnupg.net keyserver.ubuntu.com pool.sks-keyservers.net; do
set +e
cmd="gpg --keyserver $keyserver --recv-keys $key"
# keyservers are not very reliable, so retry
KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald
KEYS+="EF6643D6E1F115D1A9B7D59C92D16583E1E7C532 " #jeanne
KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt
-KEYS+="05EF1D2FFE61747D1FC827C37FAC7D26472F4409 " #ruben
+KEYS+="318C679D94F17700CC847DE646A70073E4E50D4E " #ruben
KEYS+="0CCB3494C13CCD8F6EC73AA06DA6B7D151C7643E " #dana
KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian
KEYS+="ECE5B5BF952A3AEA92C137F9C9230A4849ACE0DB " #molly
KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
+KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
+KEYS+="A8CAA4A2EB655D07BA1F367BC338CAA4FA700A3A" # oliva
+
rm -f /tmp/keys.asc ./fsf-keyring.gpg
# note: this doesn't work with gpg2. i dunno what the equivalent is in
# gpg2, likely just exporting all the keys.
command gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
+echo
+echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
+echo
+echo "gpg2 --no-default-keyring --keyring=./fsf-keyring.gpg --list-sigs | less"
+echo
+echo "Press [enter] to continue."
+echo
+read
gpg --sign ./fsf-keyring.gpg
mv fsf-keyring.gpg.gpg fsf-keyring.gpg
rm fsf-keyring.gpg~