From: Ian Kelling <iank@fsf.org>
Date: Wed, 17 Oct 2018 02:07:28 +0000 (-0400)
Subject: fixup and improve script, update keyring
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=227fa583bfa2e357c4242a55f0efc2383f7ac289;p=fsf-keyring.git

fixup and improve script, update keyring
---

diff --git a/fsf-keyring.gpg b/fsf-keyring.gpg
index 59d1601..64e6cc5 100644
Binary files a/fsf-keyring.gpg and b/fsf-keyring.gpg differ
diff --git a/fsf-keyring.sh b/fsf-keyring.sh
index 1593f19..3693923 100755
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -1,16 +1,35 @@
-#!/bin/bash
+#!/bin/bash -l
 
 set -e
 set -x
 
-#gpg --keyserver pgp.mit.edu --refresh-keys
+refresh-gpg-key() {
+
+  key=$1
+
+  error=999
+  for keyserver in pgp.mit.edu pool.sks-keyservers.net keyring.debian.org; do
+    set +e
+    cmd="gpg --keyserver $keyserver --recv-keys $key"
+    # keyservers are not very reliable, so retry
+    for x in {1..3}; do
+      $cmd &>/dev/null
+      ret=$?
+      if (( ret == 0 )); then break; fi
+      sleep 1
+    done
+    set -e
+    error=$(( ret < error ? ret : error )) # use lowest return
+  done
+
+  return $error
+}
 
 KEYS+="67819B343B2AB70DED9320872C6464AF2A8E4C02 " #rms
 KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
 KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
 KEYS+="CEA951DB865D0D257BB0A14DCEB69E6F9B36C195 " #andrew
 KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald
-KEYS+="6F460BCE44EC76B3A80289E47A95AF6BDAF44061 " #georgia
 KEYS+="EF6643D6E1F115D1A9B7D59C92D16583E1E7C532 " #jeanne
 KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt
 KEYS+="05EF1D2FFE61747D1FC827C37FAC7D26472F4409 " #ruben
@@ -24,9 +43,12 @@ KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
 rm -f /tmp/keys.asc ./fsf-keyring.gpg
 
 for KEY in $KEYS ; do
-    echo $KEY
-    gpg --export --armor $KEY >> /tmp/keys.asc
+  refresh-gpg-key $KEY
+  gpg --export --armor $KEY >> /tmp/keys.asc
 done
 
-gpg --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
-gpg --sign -a ./fsf-keyring.gpg
+# TODO: this doesn't work with gpg2. i dunno what the equivalent is, likely just exporting
+# all the keys.
+gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc
+gpg --sign ./fsf-keyring.gpg
+mv fsf-keyring.gpg.gpg fsf-keyring.gpg