From e9f436a3716aa603d9e6affa84cf20520da349a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= Date: Mon, 25 Mar 2013 17:16:54 -0300 Subject: Fixing the Parabola WoT Some commands from the master-keys processing were missing and thus generated an incomplete WoT, since some signatures where removed. Also, $GPG wasn't locally signing keys with multiple IDs, because it makes two questions and $GPG was expecting one. This is still happening on pacman-key and the fix is going to be applied on pacman 4.1. --- parabola-keyring/update-keys | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'parabola-keyring/update-keys') diff --git a/parabola-keyring/update-keys b/parabola-keyring/update-keys index 235e620..5765ae4 100755 --- a/parabola-keyring/update-keys +++ b/parabola-keyring/update-keys @@ -3,7 +3,7 @@ export LANG=C TMPDIR=$(mktemp -d) -trap "rm -rf '${TMPDIR}'" EXIT +#trap "rm -rf '${TMPDIR}'" EXIT KEYSERVER='hkp://pool.sks-keyservers.net' GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}" @@ -29,15 +29,29 @@ while read -ra data; do keyid="${data[0]}" username="${data[@]:1}" ${GPG} --recv-keys ${keyid} &>/dev/null - printf 'clean\nquit\ny\n' | \ + printf 'lsign\ny\ny\nsave\ny\n' | \ + ${GPG} --command-fd 0 --edit-key ${keyid} + echo "${keyid}:4:" | tee -a parabola-trusted +done < packager-keyids +${GPG} --import-ownertrust < parabola-trusted 2>/dev/null + +while read -ra data; do + keyid="${data[0]}" + username="${data[@]:1}" + printf 'clean\nquit\n' | \ ${GPG} --command-fd 0 --edit-key ${keyid} FD=$(mktemp) exec 4>"${FD}" - ${GPG} --yes --lsign-key ${keyid} &>/dev/null - ${GPG} --armor --output packager/${username}.asc --export ${keyid} - echo "${keyid}:4:" >> parabola-trusted + if ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then + echo "key is not fully trusted: ${keyid} ${username}" + else + ${GPG} --armor --output packager/${username}.asc --export ${keyid} + fi done < packager-keyids cat packager/*.asc > parabola.gpg popd >/dev/null + +echo $TMPDIR +rm /tmp/tmp.* -- cgit v1.2.3-2-g168b