projects / fsf-keyring.git / blame
| Commit | Line | Data |
|---|---|---|
| 3fc145d4 | 1 | #!/bin/bash |
| 3e4c32c3 | 2 | |
| 725b460c IK |
3 | # Usage: $0 [-r] |
| 4 | # -r means dont refresh keys from keyservers | |
| 5 | ||
| e9702c48 IK |
6 | shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 |
| 7 | set -eE -o pipefail | |
| 8 | trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR | |
| 3e4c32c3 | 9 | |
| 227fa583 IK |
10 | refresh-gpg-key() { |
| 11 | ||
| 12 | key=$1 | |
| 13 | ||
| 14 | error=999 | |
| 90c145b5 | 15 | for keyserver in keyring.debian.org keys.gnupg.net keyserver.ubuntu.com pool.sks-keyservers.net; do |
| 227fa583 IK |
16 | set +e |
| 17 | cmd="gpg --keyserver $keyserver --recv-keys $key" | |
| 18 | # keyservers are not very reliable, so retry | |
| 19 | for x in {1..3}; do | |
| 20 | $cmd &>/dev/null | |
| 21 | ret=$? | |
| 22 | if (( ret == 0 )); then break; fi | |
| 23 | sleep 1 | |
| 24 | done | |
| 25 | set -e | |
| 26 | error=$(( ret < error ? ret : error )) # use lowest return | |
| 27 | done | |
| 28 | ||
| 29 | return $error | |
| 30 | } | |
| 3e4c32c3 | 31 | |
| e72d434b IK |
32 | refresh=true |
| 33 | if [[ $1 == -r ]]; then | |
| 34 | refresh=false | |
| 35 | fi | |
| 36 | ||
| 3e4c32c3 IK |
37 | KEYS+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns |
| 38 | KEYS+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh | |
| 39 | KEYS+="CEA951DB865D0D257BB0A14DCEB69E6F9B36C195 " #andrew | |
| 40 | KEYS+="13A0851D6307FC54FCCB81BA2C1008316F3E89B7 " #donald | |
| 3e4c32c3 IK |
41 | KEYS+="EF6643D6E1F115D1A9B7D59C92D16583E1E7C532 " #jeanne |
| 42 | KEYS+="04C45B4E3AF05E9EB140FD148B10E9C6407BD6E1 " #matt | |
| 34ae62db | 43 | KEYS+="318C679D94F17700CC847DE646A70073E4E50D4E " #ruben |
| 3e4c32c3 IK |
44 | KEYS+="0CCB3494C13CCD8F6EC73AA06DA6B7D151C7643E " #dana |
| 45 | KEYS+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian | |
| 46 | KEYS+="ECE5B5BF952A3AEA92C137F9C9230A4849ACE0DB " #molly | |
| f4caeebe | 47 | KEYS+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt |
| 3e4c32c3 | 48 | KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth |
| 06ea525c | 49 | KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael |
| 47309b71 | 50 | KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe |
| 7c4333a9 | 51 | KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf |
| 725b460c | 52 | KEYS+="A8CAA4A2EB655D07BA1F367BC338CAA4FA700A3A" # oliva |
| 7c4333a9 | 53 | |
| 3e4c32c3 IK |
54 | |
| 55 | rm -f /tmp/keys.asc ./fsf-keyring.gpg | |
| 56 | ||
| 57 | for KEY in $KEYS ; do | |
| e72d434b IK |
58 | if $refresh; then |
| 59 | refresh-gpg-key $KEY | |
| 60 | fi | |
| e9702c48 | 61 | gpg2 --export --armor $KEY >> /tmp/keys.asc |
| 3e4c32c3 IK |
62 | done |
| 63 | ||
| f4caeebe IK |
64 | # note: this doesn't work with gpg2. i dunno what the equivalent is in |
| 65 | # gpg2, likely just exporting all the keys. | |
| 66 | command gpg --trust-model always --no-default-keyring --keyring ./fsf-keyring.gpg --import /tmp/keys.asc | |
| 77b92854 AE |
67 | echo |
| 68 | echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:" | |
| 69 | echo | |
| 70 | echo "gpg2 --no-default-keyring --keyring=./fsf-keyring.gpg --list-sigs | less" | |
| 71 | echo | |
| 72 | echo "Press [enter] to continue." | |
| 73 | echo | |
| 74 | read | |
| e9702c48 | 75 | gpg2 --sign ./fsf-keyring.gpg |
| 227fa583 | 76 | mv fsf-keyring.gpg.gpg fsf-keyring.gpg |
| 47309b71 | 77 | rm fsf-keyring.gpg~ |