1 |
commit: fbb6e9911b2cc8582f870acb23c2dacac8e2c077 |
2 |
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Feb 27 17:57:48 2022 +0000 |
4 |
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 27 17:57:48 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=fbb6e991 |
7 |
|
8 |
keyrings: add infra keyring |
9 |
|
10 |
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> |
11 |
|
12 |
create-dev-keyrings.bash | 6 ++++++ |
13 |
keyrings.inc.bash | 3 +++ |
14 |
2 files changed, 9 insertions(+) |
15 |
|
16 |
diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash |
17 |
index 65b2b14..d0ea12a 100755 |
18 |
--- a/create-dev-keyrings.bash |
19 |
+++ b/create-dev-keyrings.bash |
20 |
@@ -27,6 +27,10 @@ export_keys "${OUTPUT_DIR}"/active-devs.gpg \ |
21 |
"${COMMITTING_DEVS[@]}" \ |
22 |
"${NONCOMMITTING_DEVS[@]}" |
23 |
|
24 |
+grab_keys "${INFRA_DEVS[@]}" |
25 |
+export_keys "${OUTPUT_DIR}"/infra-devs.gpg \ |
26 |
+ "${INFRA_DEVS[@]}" |
27 |
+ |
28 |
# -- not all are on keyservers |
29 |
# -- and are unlikely to turn up now |
30 |
# -- this needs to fetch from some archive instead |
31 |
@@ -39,6 +43,7 @@ export_keys "${OUTPUT_DIR}"/all-devs.gpg \ |
32 |
"${SYSTEM_KEYS[@]}" \ |
33 |
"${COMMITTING_DEVS[@]}" \ |
34 |
"${NONCOMMITTING_DEVS[@]}" \ |
35 |
+ "${INFRA_DEVS[@]}" \ |
36 |
"${RETIRED_DEVS[@]}" |
37 |
|
38 |
# Populate keys.gentoo.org with the keys we have, since they might have come from SKS |
39 |
@@ -47,4 +52,5 @@ export KEYSERVER_TIMEOUT=20m |
40 |
push_keys "${SYSTEM_KEYS[@]}" |
41 |
push_keys "${COMMITTING_DEVS[@]}" |
42 |
push_keys "${NONCOMMITTING_DEVS[@]}" |
43 |
+push_keys "${INFRA_DEVS[@]}" |
44 |
push_keys "${RETIRED_DEVS[@]}" |
45 |
|
46 |
diff --git a/keyrings.inc.bash b/keyrings.inc.bash |
47 |
index bf45a86..7989d79 100644 |
48 |
--- a/keyrings.inc.bash |
49 |
+++ b/keyrings.inc.bash |
50 |
@@ -6,6 +6,7 @@ SYSTEM_BASE='ou=system,dc=gentoo,dc=org' |
51 |
COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active))' |
52 |
NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))' |
53 |
RETIRED_RULE='(!(gentooStatus=active))' |
54 |
+INFRA_RULE='(&(gentooAccess=infra.group)(gentooStatus=active))' |
55 |
|
56 |
export KS_GENTOO=hkps://keys.gentoo.org/ |
57 |
# Use local keyserver for speedup |
58 |
@@ -18,6 +19,7 @@ export KEYSERVERS=( ) # empty by default |
59 |
export COMMITTING_DEVS=( ) |
60 |
export NONCOMMITTING_DEVS=( ) |
61 |
export RETIRED_DEVS=( ) |
62 |
+export INFRA_DEVS=( ) |
63 |
export SYSTEM_KEYS=( ) |
64 |
|
65 |
# grab_ldap_fingerprints <ldap-rule> |
66 |
@@ -128,5 +130,6 @@ export_ldap_data_to_env() { |
67 |
export -a COMMITTING_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${COMMIT_RULE}") ) |
68 |
export -a NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${NONCOMMIT_RULE}") ) |
69 |
export -a RETIRED_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${RETIRED_RULE}") ) |
70 |
+ export -a INFRA_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${INFRA_RULE}") ) |
71 |
export -a SYSTEM_KEYS=( $(grab_ldap_fingerprints -b "${SYSTEM_BASE}" "${NONCOMMIT_RULE}") ) |
72 |
} |