diff options
Diffstat (limited to 'scripts/move-key')
-rwxr-xr-x | scripts/move-key | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/scripts/move-key b/scripts/move-key new file mode 100755 index 0000000..2c52c93 --- /dev/null +++ b/scripts/move-key @@ -0,0 +1,145 @@ +#!/bin/sh + +# Copyright (c) 2013 Gunnar Wolf <gwolf@debian.org>, +# Based on 2008 Jonathan McDowell <noodles@earth.li> +# GNU GPL; v2 or later +# Moves an existing key to another keyring directory + +set -e + +if [ -z "$1" ] || [ -z "$2" ]; then + echo "Usage: move-key keyid dir" >&2 + exit 1 +fi + +key=$1 +destdir=$(readlink -f $2) + +# avoid gnupg touching ~/.gnupg +GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX) +export GNUPGHOME +trap cleanup exit +cleanup () { + rm -rf "$GNUPGHOME" +} + +keyfp="<fixme>" +if [ $(echo -n $key|wc -c) -eq 16 ]; then + key='0x'$(echo $key|tr a-z A-Z) +elif [ $(echo -n $key|wc -c) -eq 40 ] ; then + keyfp=$key + key='0x'$(echo -n $key | cut -b 25-) +fi + +if [ ! -d "$destdir" ] || echo "$destdir"|grep -q -- '-gpg/?$'; then + echo "Error: $destdir is not a valid keyring directory" >& 2 + exit 1 +fi + +for dir in *-gpg/; do + if [ -f $dir/$key ]; then + keyfile=$(readlink -f "$dir/$key") + srcdir=$(readlink -f $dir) + break + fi +done + +if [ "$srcdir" = "$destdir" ]; then + echo "Source and destination directories are the same: $srcdir" >& 2 + exit 1 +fi + +if [ -z "$keyfile" ]; then + echo "Requested key '$key' not found" + exit 1 +fi + +keyuser=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $keyfile| grep '^pub' | cut -d : -f 10) + +echo "" +echo "About to move key $key ($keyuser)" +echo " FROM $srcdir" +echo " TO $destdir" +echo "Are you sure you want to update this key? (y/n)" +read n + +if [ "x$n" = "xy" -o "x$n" = "xY" ]; then + add_to_keyid="" + echo -n "Enter full name of new key's owner: " + read name + echo -n 'RT issue ID this change closes, if any: ' + read rtid + + if ( echo $destdir | egrep -q 'debian-keyring-gpg/?$' ); then + log="Add new DD key $key ($name) (RT #$rtid)" + add_to_keyid=yes + dest=DD + action=add + elif ( echo $destdir | egrep -q 'debian-nonupload-gpg/?$' ); then + log="Add new nonuploading key $key ($name) (RT #$rtid)" + add_to_keyid=yes + dest=DN + action=add + elif ( echo $destdir | egrep -q 'debian-maintainer-gpg/?$' ); then + log="Add new DM key $key ($name) (RT #$rtid)" + dest=DM + action=add + elif ( echo $destdir | egrep -q 'emeritus-keyring-gpg/?$' ); then + log="Move $key to emeritus ($name) (RT #$rtid)" + action=remove + fi + + git mv $keyfile $destdir + VERSION=$(head -1 debian/changelog | awk '{print $2}' | sed 's/[\(\)]//g') + RELEASE=$(head -1 debian/changelog | awk '{print $3}' | sed 's/;$//') + case $RELEASE in + UNRELEASED) + dch --multimaint-merge -D UNRELEASED -a "$log" + ;; + unstable) + NEWVER=$(date +%Y.%m.xx) + if [ "$VERSION" = "$NEWVER" ] + then + echo '* Warning: New version and previous released version are' + echo " the same: $VERSION. This should not be so!" + echo ' Check debian/changelog' + fi + dch -D UNRELEASED -v $NEWVER "$log" + ;; + *) + echo "Last release $VERSION for unknown distribution «$RELEASE»." + echo "Not calling dch, do it manually." + ;; + esac + git add debian/changelog + + if [ ! -z "$add_to_keyid" ]; then + if oldkey=$(grep $key keyids); then + echo "Key already present in the keyids file:" + echo $oldkey + else + echo -n "Enter Debian login of new key: " + read login + echo "$key $name <$login>" >> keyids + sort keyids > keyids.$$ && mv keyids.$$ keyids + git add keyids + fi + fi + + cat > git-commit-template <<EOF +$log + +Action: $action +Subject: $name +Username: $login +Role: $dest +Key: $keyfp +Key-type: +RT-Ticket: $rtid +Request-signed-by: +Details: +Notes: Move from <src> keyring +EOF +else + echo "Not moving key." +fi |