diff options
Diffstat (limited to 'scripts/update-key')
-rwxr-xr-x | scripts/update-key | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/scripts/update-key b/scripts/update-key new file mode 100755 index 0000000..5ca2a9c --- /dev/null +++ b/scripts/update-key @@ -0,0 +1,95 @@ +#!/bin/sh + +# Copyright (c) 2008 Jonathan McDowell <noodles@earth.li> +# GNU GPL; v2 or later +# Updates an existing key in a keyring dir + +set -e + +if [ "x$1" = "x--no-clean" ]; then + NOCLEAN=1 + shift +else + NOCLEAN=0 +fi + + +if [ -z "$1" ] || [ -z "$2" ]; then + echo "Usage: update-key keyfile dir" >&2 + exit 1 +fi + +# avoid gnupg touching ~/.gnupg +GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX) +export GNUPGHOME +cat > "$GNUPGHOME"/gpg.conf <<EOF +keyid-format 0xlong +no-auto-check-trustdb +no-autostart +EOF + +if [ "$NOCLEAN" = "0" ]; then + echo "import-options import-clean" >> "$GNUPGHOME"/gpg.conf + echo "export-options export-clean,no-export-attributes" >> "$GNUPGHOME"/gpg.conf + cat output/keyrings/debian-keyring.gpg \ + output/keyrings/debian-nonupload.gpg \ + output/keyrings/debian-maintainers.gpg > $GNUPGHOME/pubring.gpg +fi + +trap cleanup exit +cleanup () { + rm -rf "$GNUPGHOME" +} + +keyfile=$(readlink -f "$1") # gpg works better with absolute keyring paths +keydir="$2" + +basename=$(basename "$keyfile") +date=`date -R` + +keyid=$(gpg --quiet --with-colons < $keyfile | grep '^pub' | head -n 1 | cut -d : -f 5) +name=$(gpg --quiet --with-colons < $keyfile | grep '^uid' | head -n 1 | cut -d : -f 10 | sed -e 's/ <.*//') + +if [ ! -e $keydir/0x$keyid ]; then + echo "0x$keyid isn't already in $keydir - new key or error." + exit 1 +fi + +gpg --quiet --import $keydir/0x$keyid +summary=$(gpg --import $keyfile 2>&1 | \ + scripts/parse-gpg-update 0x$keyid "$name") +gpg --export $keyid > $GNUPGHOME/0x$keyid + +case "$summary" in + *:*) + # Something changed + ;; + *) + # Nothing changed, exit + echo "No changes to $summary" + exit +esac + +if cmp -s $GNUPGHOME/0x$keyid $keydir/0x$keyid; then + echo "No changes to 0x$keyid" + exit +fi + +echo "Running gpg-diff:" +( + echo $summary + echo + scripts/gpg-diff $keydir/0x$keyid $GNUPGHOME/0x$keyid +) | sensible-pager + +echo "Are you sure you want to update this key? (y/n)" +read n + +if [ "x$n" = "xy" -o "x$n" = "xY" ]; then + mv $GNUPGHOME/0x$keyid $keydir/0x$keyid + git add $keydir/0x$keyid + echo "Updated key." + echo $summary >> update.log +else + echo "Not updating key." +fi |