#!/bin/sh # Copyright (c) 2008 Jonathan McDowell # GNU GPL; v2 or later # Updates an existing key in a keyring dir set -e if [ "x$1" = "x--no-clean" ]; then NOCLEAN=1 shift else NOCLEAN=0 fi if [ -z "$1" ] || [ -z "$2" ]; then echo "Usage: update-key keyfile dir" >&2 exit 1 fi # avoid gnupg touching ~/.gnupg GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX) export GNUPGHOME cat > "$GNUPGHOME"/gpg.conf <> "$GNUPGHOME"/gpg.conf echo "export-options export-clean,no-export-attributes" >> "$GNUPGHOME"/gpg.conf cat output/keyrings/debian-keyring.gpg \ output/keyrings/debian-nonupload.gpg \ output/keyrings/debian-maintainers.gpg > $GNUPGHOME/pubring.gpg fi trap cleanup exit cleanup () { rm -rf "$GNUPGHOME" } keyfile=$(readlink -f "$1") # gpg works better with absolute keyring paths keydir="$2" basename=$(basename "$keyfile") date=`date -R` keyid=$(gpg --quiet --with-colons < $keyfile | grep '^pub' | head -n 1 | cut -d : -f 5) name=$(gpg --quiet --with-colons < $keyfile | grep '^uid' | head -n 1 | cut -d : -f 10 | sed -e 's/ <.*//') if [ ! -e $keydir/0x$keyid ]; then echo "0x$keyid isn't already in $keydir - new key or error." exit 1 fi gpg --quiet --import $keydir/0x$keyid summary=$(gpg --import $keyfile 2>&1 | \ scripts/parse-gpg-update 0x$keyid "$name") gpg --export $keyid > $GNUPGHOME/0x$keyid case "$summary" in *:*) # Something changed ;; *) # Nothing changed, exit echo "No changes to $summary" exit esac if cmp -s $GNUPGHOME/0x$keyid $keydir/0x$keyid; then echo "No changes to 0x$keyid" exit fi n='a' while [ "x$n" = "xa" -o "x$n" = "xA" ]; do echo "Running gpg-diff:" ( echo $summary echo scripts/gpg-diff $keydir/0x$keyid $GNUPGHOME/0x$keyid ) | sensible-pager echo "Are you sure you want to update this key? (y/n/a: Yes/No/Again)" read n done if [ "x$n" = "xy" -o "x$n" = "xY" ]; then mv $GNUPGHOME/0x$keyid $keydir/0x$keyid git add $keydir/0x$keyid echo "Updated key." echo $summary >> update.log else echo "Not updating key." fi