summaryrefslogtreecommitdiffstats
path: root/scripts/move-key
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/move-key')
-rwxr-xr-xscripts/move-key145
1 files changed, 145 insertions, 0 deletions
diff --git a/scripts/move-key b/scripts/move-key
new file mode 100755
index 0000000..2c52c93
--- /dev/null
+++ b/scripts/move-key
@@ -0,0 +1,145 @@
+#!/bin/sh
+
+# Copyright (c) 2013 Gunnar Wolf <gwolf@debian.org>,
+# Based on 2008 Jonathan McDowell <noodles@earth.li>
+# GNU GPL; v2 or later
+# Moves an existing key to another keyring directory
+
+set -e
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+ echo "Usage: move-key keyid dir" >&2
+ exit 1
+fi
+
+key=$1
+destdir=$(readlink -f $2)
+
+# avoid gnupg touching ~/.gnupg
+GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
+export GNUPGHOME
+trap cleanup exit
+cleanup () {
+ rm -rf "$GNUPGHOME"
+}
+
+keyfp="<fixme>"
+if [ $(echo -n $key|wc -c) -eq 16 ]; then
+ key='0x'$(echo $key|tr a-z A-Z)
+elif [ $(echo -n $key|wc -c) -eq 40 ] ; then
+ keyfp=$key
+ key='0x'$(echo -n $key | cut -b 25-)
+fi
+
+if [ ! -d "$destdir" ] || echo "$destdir"|grep -q -- '-gpg/?$'; then
+ echo "Error: $destdir is not a valid keyring directory" >& 2
+ exit 1
+fi
+
+for dir in *-gpg/; do
+ if [ -f $dir/$key ]; then
+ keyfile=$(readlink -f "$dir/$key")
+ srcdir=$(readlink -f $dir)
+ break
+ fi
+done
+
+if [ "$srcdir" = "$destdir" ]; then
+ echo "Source and destination directories are the same: $srcdir" >& 2
+ exit 1
+fi
+
+if [ -z "$keyfile" ]; then
+ echo "Requested key '$key' not found"
+ exit 1
+fi
+
+keyuser=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $keyfile| grep '^pub' | cut -d : -f 10)
+
+echo ""
+echo "About to move key $key ($keyuser)"
+echo " FROM $srcdir"
+echo " TO $destdir"
+echo "Are you sure you want to update this key? (y/n)"
+read n
+
+if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
+ add_to_keyid=""
+ echo -n "Enter full name of new key's owner: "
+ read name
+ echo -n 'RT issue ID this change closes, if any: '
+ read rtid
+
+ if ( echo $destdir | egrep -q 'debian-keyring-gpg/?$' ); then
+ log="Add new DD key $key ($name) (RT #$rtid)"
+ add_to_keyid=yes
+ dest=DD
+ action=add
+ elif ( echo $destdir | egrep -q 'debian-nonupload-gpg/?$' ); then
+ log="Add new nonuploading key $key ($name) (RT #$rtid)"
+ add_to_keyid=yes
+ dest=DN
+ action=add
+ elif ( echo $destdir | egrep -q 'debian-maintainer-gpg/?$' ); then
+ log="Add new DM key $key ($name) (RT #$rtid)"
+ dest=DM
+ action=add
+ elif ( echo $destdir | egrep -q 'emeritus-keyring-gpg/?$' ); then
+ log="Move $key to emeritus ($name) (RT #$rtid)"
+ action=remove
+ fi
+
+ git mv $keyfile $destdir
+ VERSION=$(head -1 debian/changelog | awk '{print $2}' | sed 's/[\(\)]//g')
+ RELEASE=$(head -1 debian/changelog | awk '{print $3}' | sed 's/;$//')
+ case $RELEASE in
+ UNRELEASED)
+ dch --multimaint-merge -D UNRELEASED -a "$log"
+ ;;
+ unstable)
+ NEWVER=$(date +%Y.%m.xx)
+ if [ "$VERSION" = "$NEWVER" ]
+ then
+ echo '* Warning: New version and previous released version are'
+ echo " the same: $VERSION. This should not be so!"
+ echo ' Check debian/changelog'
+ fi
+ dch -D UNRELEASED -v $NEWVER "$log"
+ ;;
+ *)
+ echo "Last release $VERSION for unknown distribution «$RELEASE»."
+ echo "Not calling dch, do it manually."
+ ;;
+ esac
+ git add debian/changelog
+
+ if [ ! -z "$add_to_keyid" ]; then
+ if oldkey=$(grep $key keyids); then
+ echo "Key already present in the keyids file:"
+ echo $oldkey
+ else
+ echo -n "Enter Debian login of new key: "
+ read login
+ echo "$key $name <$login>" >> keyids
+ sort keyids > keyids.$$ && mv keyids.$$ keyids
+ git add keyids
+ fi
+ fi
+
+ cat > git-commit-template <<EOF
+$log
+
+Action: $action
+Subject: $name
+Username: $login
+Role: $dest
+Key: $keyfp
+Key-type:
+RT-Ticket: $rtid
+Request-signed-by:
+Details:
+Notes: Move from <src> keyring
+EOF
+else
+ echo "Not moving key."
+fi