Cyber/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wkd: Skip revoked keys

Browse source 
https://bugs.archlinux.org/task/63171#comment180754

Signed-off-by: Florian Pritz <bluewind@xinu.at>
This commit is contained in:
Florian Pritz 2019-08-07 19:26:46 +02:00
parent 1c222c5347
commit 7295fe1983
No known key found for this signature in database
GPG key ID: 6D1655C14CE1C13E
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
roles/wkd/files/update-wkd.sh
View file

@ -16,10 +16,11 @@ mkdir -p "$workdir/openpgpkey/archlinux.org/hu"
# Required file according to https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-08#section-4.5
touch "$workdir/openpgpkey/archlinux.org/policy"
for email in $(gpg --list-options show-only-fpr-mbox --list-keys | grep '@archlinux.org' | cut -d' ' -f2); do
wkd_hash="$(/usr/lib/gnupg/gpg-wks-client --print-wkd-hash "$email" | cut -d' ' -f1)"
outfile="$workdir/openpgpkey/archlinux.org/hu/$wkd_hash"
gpg --export "$email" > "$outfile"
# TODO: return error if filesize of $outfile is >= 64kB; https://dev.gnupg.org/T4607#127792
gpg --quiet --no-permission-warning --list-options show-only-fpr-mbox --list-keys | grep '@archlinux.org' | \
while read -a fpr_email; do
if ! grep -q "${fpr_email[0]}" /usr/share/pacman/keyrings/archlinux-revoked; then
wkd_hash="$(/usr/lib/gnupg/gpg-wks-client --print-wkd-hash "${fpr_email[1]}" | cut -d' ' -f1)"
outfile="$workdir/openpgpkey/archlinux.org/hu/$wkd_hash"
gpg --no-permission-warning --export --export-options export-clean,no-export-attributes "${fpr_email[0]}" > "$outfile"
fi
done