| 1 |
commit: e3117dda8d6e68ddc312298c0ffd2debacf9021a |
| 2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Jul 17 22:12:51 2018 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Jul 17 22:13:09 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=e3117dda |
| 7 |
|
| 8 |
Add a script to fetch OpenPGP keys |
| 9 |
|
| 10 |
create-dev-keyrings.bash | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ |
| 11 |
1 file changed, 61 insertions(+) |
| 12 |
|
| 13 |
diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash |
| 14 |
new file mode 100755 |
| 15 |
index 0000000..ea31587 |
| 16 |
--- /dev/null |
| 17 |
+++ b/create-dev-keyrings.bash |
| 18 |
@@ -0,0 +1,61 @@ |
| 19 |
+#!/bin/bash |
| 20 |
+ |
| 21 |
+OUTPUT_DIR=${1:-.} |
| 22 |
+ |
| 23 |
+COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active))' |
| 24 |
+NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))' |
| 25 |
+RETIRED_RULE='(!(gentooStatus=active))' |
| 26 |
+ |
| 27 |
+# grab_ldap_fingerprints <ldap-rule> |
| 28 |
+grab_ldap_fingerprints() { |
| 29 |
+ ldapsearch "${1}" -Z gpgfingerprint -LLL | |
| 30 |
+ sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}' | |
| 31 |
+ sort -u | |
| 32 |
+ grep -v undefined |
| 33 |
+} |
| 34 |
+ |
| 35 |
+# grab_keys <fingerprint>... |
| 36 |
+grab_keys() { |
| 37 |
+ local retries=0 |
| 38 |
+ local missing=() |
| 39 |
+ local remaining=( "${@}" ) |
| 40 |
+ |
| 41 |
+ while :; do |
| 42 |
+ gpg -q --recv-keys "${remaining[@]}" || : |
| 43 |
+ missing=() |
| 44 |
+ for key in "${remaining[@]}"; do |
| 45 |
+ gpg --list-public "${key}" &>/dev/null || missing+=( "${key}" ) |
| 46 |
+ done |
| 47 |
+ |
| 48 |
+ [[ ${#missing[@]} -ne 0 ]] || break |
| 49 |
+ |
| 50 |
+ # if we did not make progress, give it a few seconds and retry |
| 51 |
+ if [[ ${#missing[@]} -eq ${#remaining[@]} ]]; then |
| 52 |
+ if [[ $(( retries++ )) -gt 3 ]]; then |
| 53 |
+ echo "Unable to fetch the following keys:" |
| 54 |
+ printf '%s\n' "${missing[@]}" |
| 55 |
+ exit 1 |
| 56 |
+ fi |
| 57 |
+ sleep 5 |
| 58 |
+ fi |
| 59 |
+ |
| 60 |
+ remaining=( "${missing[@]}" ) |
| 61 |
+ done |
| 62 |
+} |
| 63 |
+ |
| 64 |
+set -e |
| 65 |
+ |
| 66 |
+COMMITTING_DEVS=( $(grab_ldap_fingerprints "${COMMIT_RULE}") ) |
| 67 |
+NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints "${NONCOMMIT_RULE}") ) |
| 68 |
+#RETIRED_DEVS=( $(grab_ldap_fingerprints "${RETIRED_RULE}") ) |
| 69 |
+ |
| 70 |
+export GNUPGHOME=$(mktemp -d) |
| 71 |
+trap 'rm -rf "${GNUPGHOME}"' EXIT |
| 72 |
+ |
| 73 |
+grab_keys "${COMMITTING_DEVS[@]}" |
| 74 |
+gpg --export > "${OUTPUT_DIR}"/committing-devs.gpg |
| 75 |
+grab_keys "${NONCOMMITTING_DEVS[@]}" |
| 76 |
+gpg --export > "${OUTPUT_DIR}"/active-devs.gpg |
| 77 |
+# -- not all are on keyservers |
| 78 |
+#grab_keys "${RETIRED_DEVS[@]}" |
| 79 |
+#gpg --export > "${OUTPUT_DIR}"/all-devs.gpg |
Archives