summaryrefslogtreecommitdiffstats
path: root/scripts/update-key
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:19:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:19:41 +0000
commita27c8b00ebf173659f22f53ce65679e94e7dfb1b (patch)
tree02c68ec259348b63c6328896aa73265eb7b3d730 /scripts/update-key
parentInitial commit. (diff)
downloaddebian-keyring-upstream.tar.xz
debian-keyring-upstream.zip
Adding upstream version 2022.12.24.upstream/2022.12.24upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'scripts/update-key')
-rwxr-xr-xscripts/update-key95
1 files changed, 95 insertions, 0 deletions
diff --git a/scripts/update-key b/scripts/update-key
new file mode 100755
index 0000000..5ca2a9c
--- /dev/null
+++ b/scripts/update-key
@@ -0,0 +1,95 @@
+#!/bin/sh
+
+# Copyright (c) 2008 Jonathan McDowell <noodles@earth.li>
+# GNU GPL; v2 or later
+# Updates an existing key in a keyring dir
+
+set -e
+
+if [ "x$1" = "x--no-clean" ]; then
+ NOCLEAN=1
+ shift
+else
+ NOCLEAN=0
+fi
+
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+ echo "Usage: update-key keyfile dir" >&2
+ exit 1
+fi
+
+# avoid gnupg touching ~/.gnupg
+GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
+export GNUPGHOME
+cat > "$GNUPGHOME"/gpg.conf <<EOF
+keyid-format 0xlong
+no-auto-check-trustdb
+no-autostart
+EOF
+
+if [ "$NOCLEAN" = "0" ]; then
+ echo "import-options import-clean" >> "$GNUPGHOME"/gpg.conf
+ echo "export-options export-clean,no-export-attributes" >> "$GNUPGHOME"/gpg.conf
+ cat output/keyrings/debian-keyring.gpg \
+ output/keyrings/debian-nonupload.gpg \
+ output/keyrings/debian-maintainers.gpg > $GNUPGHOME/pubring.gpg
+fi
+
+trap cleanup exit
+cleanup () {
+ rm -rf "$GNUPGHOME"
+}
+
+keyfile=$(readlink -f "$1") # gpg works better with absolute keyring paths
+keydir="$2"
+
+basename=$(basename "$keyfile")
+date=`date -R`
+
+keyid=$(gpg --quiet --with-colons < $keyfile | grep '^pub' | head -n 1 | cut -d : -f 5)
+name=$(gpg --quiet --with-colons < $keyfile | grep '^uid' | head -n 1 | cut -d : -f 10 | sed -e 's/ <.*//')
+
+if [ ! -e $keydir/0x$keyid ]; then
+ echo "0x$keyid isn't already in $keydir - new key or error."
+ exit 1
+fi
+
+gpg --quiet --import $keydir/0x$keyid
+summary=$(gpg --import $keyfile 2>&1 | \
+ scripts/parse-gpg-update 0x$keyid "$name")
+gpg --export $keyid > $GNUPGHOME/0x$keyid
+
+case "$summary" in
+ *:*)
+ # Something changed
+ ;;
+ *)
+ # Nothing changed, exit
+ echo "No changes to $summary"
+ exit
+esac
+
+if cmp -s $GNUPGHOME/0x$keyid $keydir/0x$keyid; then
+ echo "No changes to 0x$keyid"
+ exit
+fi
+
+echo "Running gpg-diff:"
+(
+ echo $summary
+ echo
+ scripts/gpg-diff $keydir/0x$keyid $GNUPGHOME/0x$keyid
+) | sensible-pager
+
+echo "Are you sure you want to update this key? (y/n)"
+read n
+
+if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
+ mv $GNUPGHOME/0x$keyid $keydir/0x$keyid
+ git add $keydir/0x$keyid
+ echo "Updated key."
+ echo $summary >> update.log
+else
+ echo "Not updating key."
+fi