-#!/bin/bash
+#!/bin/bash -l
set -e
set -x
-#gpg --keyserver pgp.mit.edu --refresh-keys
+refresh-gpg-key() {
+
+ key=$1
+
+ error=999
+ for keyserver in pgp.mit.edu pool.sks-keyservers.net keyring.debian.org; do
+ set +e
+ cmd="gpg --keyserver $keyserver --recv-keys $key"
+ # keyservers are not very reliable, so retry
+ for x in {1..3}; do
+ $cmd &>/dev/null
+ ret=$?
+ if (( ret == 0 )); then break; fi
+ sleep 1
+ done
+ set -e
+ error=$(( ret < error ? ret : error )) # use lowest return
+ done
+
+ return $error
+}
KEYS+="67819B343B2AB70DED9320872C6464AF2A8E4C02 " #rms
KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
KEYS+="CEA951DB865D0D257BB0A14DCEB69E6F9B36C195 " #andrew
KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald
-KEYS+="6F460BCE44EC76B3A80289E47A95AF6BDAF44061 " #georgia
KEYS+="EF6643D6E1F115D1A9B7D59C92D16583E1E7C532 " #jeanne
KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt
KEYS+="05EF1D2FFE61747D1FC827C37FAC7D26472F4409 " #ruben
rm -f /tmp/keys.asc ./fsf-keyring.gpg
for KEY in $KEYS ; do
- echo $KEY
- gpg --export --armor $KEY >> /tmp/keys.asc
+ refresh-gpg-key $KEY
+ gpg --export --armor $KEY >> /tmp/keys.asc
done
-gpg --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
-gpg --sign -a ./fsf-keyring.gpg
+# TODO: this doesn't work with gpg2. i dunno what the equivalent is, likely just exporting
+# all the keys.
+gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
+gpg --sign ./fsf-keyring.gpg
+mv fsf-keyring.gpg.gpg fsf-keyring.gpg
projects / fsf-keyring.git / commitdiff