1 |
commit: e3117dda8d6e68ddc312298c0ffd2debacf9021a |
2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jul 17 22:12:51 2018 +0000 |
4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jul 17 22:13:09 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=e3117dda |
7 |
|
8 |
Add a script to fetch OpenPGP keys |
9 |
|
10 |
create-dev-keyrings.bash | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ |
11 |
1 file changed, 61 insertions(+) |
12 |
|
13 |
diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash |
14 |
new file mode 100755 |
15 |
index 0000000..ea31587 |
16 |
--- /dev/null |
17 |
+++ b/create-dev-keyrings.bash |
18 |
@@ -0,0 +1,61 @@ |
19 |
+#!/bin/bash |
20 |
+ |
21 |
+OUTPUT_DIR=${1:-.} |
22 |
+ |
23 |
+COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active))' |
24 |
+NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))' |
25 |
+RETIRED_RULE='(!(gentooStatus=active))' |
26 |
+ |
27 |
+# grab_ldap_fingerprints <ldap-rule> |
28 |
+grab_ldap_fingerprints() { |
29 |
+ ldapsearch "${1}" -Z gpgfingerprint -LLL | |
30 |
+ sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}' | |
31 |
+ sort -u | |
32 |
+ grep -v undefined |
33 |
+} |
34 |
+ |
35 |
+# grab_keys <fingerprint>... |
36 |
+grab_keys() { |
37 |
+ local retries=0 |
38 |
+ local missing=() |
39 |
+ local remaining=( "${@}" ) |
40 |
+ |
41 |
+ while :; do |
42 |
+ gpg -q --recv-keys "${remaining[@]}" || : |
43 |
+ missing=() |
44 |
+ for key in "${remaining[@]}"; do |
45 |
+ gpg --list-public "${key}" &>/dev/null || missing+=( "${key}" ) |
46 |
+ done |
47 |
+ |
48 |
+ [[ ${#missing[@]} -ne 0 ]] || break |
49 |
+ |
50 |
+ # if we did not make progress, give it a few seconds and retry |
51 |
+ if [[ ${#missing[@]} -eq ${#remaining[@]} ]]; then |
52 |
+ if [[ $(( retries++ )) -gt 3 ]]; then |
53 |
+ echo "Unable to fetch the following keys:" |
54 |
+ printf '%s\n' "${missing[@]}" |
55 |
+ exit 1 |
56 |
+ fi |
57 |
+ sleep 5 |
58 |
+ fi |
59 |
+ |
60 |
+ remaining=( "${missing[@]}" ) |
61 |
+ done |
62 |
+} |
63 |
+ |
64 |
+set -e |
65 |
+ |
66 |
+COMMITTING_DEVS=( $(grab_ldap_fingerprints "${COMMIT_RULE}") ) |
67 |
+NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints "${NONCOMMIT_RULE}") ) |
68 |
+#RETIRED_DEVS=( $(grab_ldap_fingerprints "${RETIRED_RULE}") ) |
69 |
+ |
70 |
+export GNUPGHOME=$(mktemp -d) |
71 |
+trap 'rm -rf "${GNUPGHOME}"' EXIT |
72 |
+ |
73 |
+grab_keys "${COMMITTING_DEVS[@]}" |
74 |
+gpg --export > "${OUTPUT_DIR}"/committing-devs.gpg |
75 |
+grab_keys "${NONCOMMITTING_DEVS[@]}" |
76 |
+gpg --export > "${OUTPUT_DIR}"/active-devs.gpg |
77 |
+# -- not all are on keyservers |
78 |
+#grab_keys "${RETIRED_DEVS[@]}" |
79 |
+#gpg --export > "${OUTPUT_DIR}"/all-devs.gpg |