diff options
Diffstat (limited to '')
| -rwxr-xr-x | scripts/pull-updates | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/scripts/pull-updates b/scripts/pull-updates new file mode 100755 index 0000000..1d49e08 --- /dev/null +++ b/scripts/pull-updates @@ -0,0 +1,90 @@ +#!/bin/sh + +if [ -z "$1" ]; then + echo "Usage: pull-updates keyring [dir | keyring]" >&2 + exit 1 +fi + +# avoid gnupg touching ~/.gnupg +GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX) +export GNUPGHOME +cat > "$GNUPGHOME"/gpg.conf <<EOF +keyid-format 0xlong +import-options import-clean,merge-only +export-options export-clean,no-export-attributes +no-auto-check-trustdb +no-autostart +quiet +EOF +trap cleanup exit +cleanup () { + rm -rf "$GNUPGHOME" +} + +if [ ! -e output/keyrings/debian-keyring.gpg ]; then + echo "Keyrings don't appear to be built. Run make?" + exit 1 +fi + +# Build a set of keyrings +cat output/keyrings/debian-keyring.gpg output/keyrings/debian-nonupload.gpg \ + output/keyrings/debian-maintainers.gpg > $GNUPGHOME/pubring.gpg + +mkdir updates/ +if [ ! -z "$2" -a -d "$2" ]; then + # Old style with directory as second parameter + scripts/explode-keyring $1 updates +else + # New style. Keyrings all the way. + touch update-keyring.gpg + echo Exploding keyrings + for keyring in $*; do + scripts/explode-keyring $keyring updates + cd updates + for i in 0x*; do + if [ ! -e ../debian-*-gpg/$i ]; then + echo $i no longer exists, removing. + rm $i + elif cmp -s $i ../debian-*-gpg/$i; then + echo $i matches old key version, removing. + rm $i + fi + done + cat 0x* >> ../update-keyring.gpg + rm 0x* + cd .. + done + echo Importing updates + gpg --import update-keyring.gpg + echo Exploding keyring + for key in $(gpg --list-keys --with-colons < update-keyring.gpg | awk -F: '/^pub/ {print $5}'); do + gpg --export 0x$key > updates/0x$key + done + rm update-keyring.gpg +fi + +cd updates +for i in 0x*; do + if [ ! -e ../debian-*-gpg/$i ]; then + echo $i no longer exists, removing. + rm $i + elif cmp -s $i ../debian-*-gpg/$i; then + echo $i matches old key version, removing. + rm $i + fi +done + +echo Updated keys are: +ls + +cd .. + +for i in updates/0x*; do + if [ -f $i ]; then + scripts/update-key --no-clean $i \ + $(dirname debian-*-gpg/$(basename $i)) + rm $i + fi +done + +rmdir updates/ |