From 4ed1a6e1d4fcb1ba272a4fb3931b33d1c6fbee0d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 13 Apr 2024 16:25:47 +0200
Subject: Adding upstream version 2023.12.24.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 scripts/replace-key | 178 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 178 insertions(+)
 create mode 100755 scripts/replace-key

(limited to 'scripts/replace-key')

diff --git a/scripts/replace-key b/scripts/replace-key
new file mode 100755
index 0000000..caad499
--- /dev/null
+++ b/scripts/replace-key
@@ -0,0 +1,178 @@
+#!/bin/bash
+
+# Copyright (c) 2014 Gunnar Wolf <gwolf@debian.org>,
+#      Based on 2008 Jonathan McDowell <noodles@earth.li>
+# GNU GPL; v2 or later
+# Replaces an existing key with a new one in its same keyring directory
+
+set -e
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+	echo "Usage: replace-key oldkeyid newkeyid" >&2
+	exit 1
+fi
+
+scriptdir=`dirname $0`
+oldkey=$1
+newkey=$2
+
+# avoid gnupg touching ~/.gnupg
+GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
+export GNUPGHOME
+cat  > "$GNUPGHOME"/gpg.conf <<EOF
+keyid-format 0xlong
+keyserver pgpkeys.eu
+no-autostart
+EOF
+trap cleanup exit
+cleanup () {
+	rm -rf "$GNUPGHOME"
+}
+
+newkeytemp=`mktemp -t newkey.XXXXXXXXX`
+gpgconf --launch dirmngr
+gpg --recv-key "$newkey"
+gpg --no-auto-check-trustdb --options /dev/null \
+	--keyring output/keyrings/debian-keyring.gpg \
+	--keyring output/keyrings/debian-nonupload.gpg \
+	--keyring output/keyrings/debian-maintainers.gpg \
+	--export-options export-clean,no-export-attributes \
+	--export "$newkey" > $newkeytemp
+
+# strip leading 0x from fingerprints
+oldkey=${oldkey##0x}
+newkey=${newkey##0x}
+
+if [ $(echo -n $oldkey|wc -c) -eq 16 ]; then
+    key='0x'$(echo $oldkey|tr a-z A-Z)
+elif [ $(echo -n $oldkey|wc -c) -eq 40 ] ; then
+    key='0x'$(echo -n $oldkey | cut -b 25-)
+else
+    echo "Please supply either a long keyid or a full fingerprint for the old key."
+    exit 1
+fi
+
+for dir in *-gpg/; do
+    if [ -f $dir/$key ]; then
+	oldkeyfile=$(readlink -f "$dir/$key")
+	keydir=$(readlink -f $dir)
+	keyring=`basename $keydir`
+	break
+    fi
+done
+
+if [ -z "$oldkeyfile" -o -z "$keydir" ]; then
+    echo "Requested key '$oldkey' not found (looked for '*-gpg/$key')"
+    exit 1
+fi
+
+oldkeyfp=$(gpg --with-colons --fingerprint --no-auto-check-trustdb --no-default-keyring --keyring $oldkeyfile| grep '^fpr' | cut -d : -f 10)
+newkeyfp=$(gpg --with-colons --fingerprint --no-auto-check-trustdb --no-default-keyring --keyring $newkeytemp| grep '^fpr' | cut -d : -f 10)
+
+oldkeydata=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $oldkeyfile|grep '^pub')
+newkeydata=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $newkeytemp|grep '^pub')
+oldkeyuser=$(echo $oldkeydata | cut -d : -f 10)
+newkeyuser=$(echo $newkeydata | cut -d : -f 10)
+oldkeylen=$(echo $oldkeydata | cut -d : -f 3)
+newkeylen=$(echo $newkeydata | cut -d : -f 3)
+oldkeyalg=$(echo $oldkeydata | cut -d : -f 4)
+if [ "$oldkeyalg" == "1" ]; then
+    oldkeyalg='R'
+elif [ "$oldkeyalg" == "17" ]; then
+    oldkeyalg='D'
+elif [ "$oldkeyalg" == "22" ]; then
+    oldkeyalg='E'
+else
+    oldkeyalg='UNK'
+fi
+newkeyalg=$(echo $newkeydata | cut -d : -f 4)
+if [ "$newkeyalg" == "1" ]; then
+    newkeyalg='R'
+elif [ "$newkeyalg" == "17" ]; then
+    newkeyalg='D'
+elif [ "$oldkeyalg" == "22" ]; then
+    oldkeyalg='E'
+else
+    newkeyalg='UNK'
+fi
+echo $oldkeydata
+
+echo ""
+echo "About to replace key $oldkey ($oldkeyuser)"
+echo "   with NEW key $newkey ($newkeyuser)"
+echo "   in the $keyring keyring."
+echo "Are you sure you want to update this key? (y/n)"
+read n
+
+if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
+    destkeyring="$keyring"
+    if ! $scriptdir/add-key $newkeytemp $destkeyring ; then
+        echo "add-key failed"
+        exit 1
+    fi
+
+    if [ "$keyring" = "debian-keyring-gpg" -o "$keyring" = "debian-nonupload-gpg" ]; then
+	name=`grep $newkey keyids | sed 's/^[^ ]* //'|sed s/\<.*//`
+	account=`grep $newkey keyids | sed 's/.*\<//'|sed s/\>$//`
+	if [ "$keyring" = "debian-nonupload-gpg" ]; then
+	    role='DD-NU'
+	else
+	    role='DD'
+	fi
+    elif [ "$keyring" = "debian-maintainers-gpg" ]; then
+	echo -n "Enter full name of new key: "
+	read name
+	role='DM'
+    else
+	echo "*** Key to be replaced is of a strange type (not DD, NonUplDD, DM)"
+	echo "    Be sure you are doing the right thing before committing. Double-check"
+	echo "    the log message, as it will most likely not be correct."
+	name="Unknown"
+    fi
+    echo -n 'RT issue ID this change closes, if any: '
+    read rtid
+    name=$(echo $name | sed -r 's/^ *(.*) *$/\1/')
+
+    log="Replace 0x$oldkey with 0x$newkey ($name) (RT #$rtid)"
+
+    git rm $oldkeyfile
+    VERSION=$(head -1 debian/changelog | awk '{print $2}' | sed 's/[\(\)]//g')
+    RELEASE=$(head -1 debian/changelog | awk '{print $3}' | sed 's/;$//')
+    case $RELEASE in
+	UNRELEASED)
+	    dch  --multimaint-merge -D UNRELEASED -a "$log"
+	    ;;
+	unstable)
+	    NEWVER=$(date +%Y.%m.xx)
+	    if [ "$VERSION" = "$NEWVER" ]
+	    then
+		echo '* Warning: New version and previous released version are'
+		echo "  the same: $VERSION. This should not be so!"
+		echo '  Check debian/changelog'
+	    fi
+	    dch -D UNRELEASED -v $NEWVER "$log"
+	    ;;
+	*)
+	    echo "Last release $VERSION for unknown distribution «$RELEASE»."
+	    echo "Not calling dch, do it manually."
+	    ;;
+    esac
+    git add debian/changelog
+
+    cat > git-commit-template <<EOF
+$log
+
+Action: replace
+Subject: $name
+Username: $account
+Role: $role
+Old-key: $oldkeyfp
+Old-key-type: $oldkeylen$oldkeyalg
+New-key: $newkeyfp
+New-key-type: $newkeylen$newkeyalg
+RT-Ticket: $rtid
+Request-signed-by: \$oldkey
+New-key-certified-by: \$oldkey,
+EOF
+
+fi
-- 
cgit v1.2.3