4 # -r means dont refresh keys from keyservers
6 # See https://gluestick.office.fsf.org/checklists/person/crypto-keys/ for
9 shopt -s inherit_errexit
2>/dev
/null ||
: # ignore fail in bash < 4.4
11 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
13 dos_attack_bytes
=1000000
20 # johns is the only one in keyring.debian.org at this time.
21 for keyserver
in keyring.debian.org keyserver.ubuntu.com pgp.mit.edu
; do
22 echo "Trying $keyserver..."
24 cmd
="gpg --keyserver $keyserver --recv-keys $key"
25 # Keyservers are not very reliable, so retry a few times.
29 if (( ret
== 0 )); then
34 error
=$
(( ret
< error ? ret
: error
)) # use lowest return
41 if (( "$(stat -c %s "$1")" > "$dos_attack_bytes" )) ; then
42 echo -e "\n\nerror: keyring is very large. did we get a signature DoS attack?\n\n"
48 if [[ $1 == -r ]]; then
52 KEYS
+="67819B343B2AB70DED9320872C6464AF2A8E4C02 " #rms
53 KEYS
+="A4626CBAFF376039D2D7554497BA9CE761A0963B " #johns
54 KEYS
+="759C0A4A39A02A079712FB5061B826E87A80C8D6 " #johnh
55 KEYS
+="8556112E9B88B1A8B3E3631B58A39239D50484E8 " #jeanne
56 KEYS
+="B125F60B7B287FF6A2B7DF8F170AF0E2954295DF " #ian
57 KEYS
+="36C9950D2F68254ED89C7C03F9C13A10581AB853 " #craigt
58 KEYS
+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
59 KEYS
+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
60 KEYS
+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
61 KEYS
+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
62 KEYS
+="2E0ECE75F8162B407D666767879738E6D6440D57 " #devinu
63 KEYS
+="005D03724A11C08A5A353D2C906DB6E398AA6CF6 " #miriam
64 KEYS
+="2D1304056F4F061DADEAE299A2C76C5425EF14E8 " #dawn
65 KEYS
+="476B712A9FA8788EDA2089F78B656B4E5A98CE74 " #anouk
66 KEYS
+="2985A29A7ECF1679063A4D5659EB02F5619B3C7E " #krzyzstof
67 KEYS
+="D86097B5E291BA771FA64D357014A6BE08494155" #odile
69 if [[ -e fsf-keyring.gpg
]] ; then
70 check-sig-dos fsf-keyring.gpg
71 gpg
--import fsf-keyring.gpg
73 gpg
--armor --export $KEYS > fsf-keyring.gpg
79 refresh-gpg-key
$KEY ||
(echo "unable to download $KEY" >&2 ; exit 1)
83 gpg
--export $KEYS > key-export
84 check-sig-dos key-export
85 mv key-export fsf-keyring.gpg
88 rm -f fsf-keyring.gpg.asc .
/fsf-keyring.gpg~ key-export
90 echo -e "You will now sign the keyring. Prepare your GPG password.\n"
91 read -p "Press any key to continue..." -n1 -s
92 gpg
--armor --detach-sign .
/fsf-keyring.gpg