Después de mucho investigar, y de dar mucha tabarra ;-) tengo un script operativo, que hace más o menos lo que quiero y que no funciona del todo mal.
Lo adjunto por si queréis hacerme algún comentario o por si os resulta útil. Le he añadido la funcionalidad de que compruebe las firmas que tienen las claves del anillo público y que si nos falta alguna clave, se la baje. Sobre todo me interesa saber qué aspectos se pueden mejorar respecto a que funcione en otras shells, y sea portable. Está todavía un poco verde, pero me resulta muy útil. Un saludo! -- I stole all those good days, that's why they were taken away from me, .''`. and they were replaced by the ones I deserve. : :' : Speaker for the dead - Orson Scott Card `. `' Proudly running Debian GNU/Linux Sid (Kernel 2.4.9) `- www.amayita.com www.malapecora.com www.chicasduras.com
#!/bin/sh # Amaya Rodrigo <[EMAIL PROTECTED]>, November 2001 # Help and comments from all the people below. Thanks! # Santiago Vila <[EMAIL PROTECTED]> # Juantomás García <[EMAIL PROTECTED]> # Manuel García <[EMAIL PROTECTED]> # Santiago Vila <[EMAIL PROTECTED]> # David Muriel <[EMAIL PROTECTED]> # This is free software, under the terms of the GPL v2 or later # See http://www.gnu.org/copyleft/gpl.html # Comments on this script are highly appreciated. # Define files to use as temporary files as I am still debbuging # Temp files will not be needed in a later stage file=/tmp/ids file2=/tmp/sigs file3=/tmp/processed file4=/tmp/failed file5=/tmp/failed.old # Set default keyserver keyserver=pgpkeys.mit.edu #keyserver=keyserver.pgp.com #keyserver=wwwkeys.eu.pgp.net #keyserver=keyring.debian.org # Set GPG timeout while connecting to server TIMEOUT=30 # Functions to obtain listings checkSigs(){ # Output everything to one file echo "Getting unkown key ids from the signatures in your public ring." echo "This may take a LONG while..." gpg --check-sigs | grep \? | cut -b 12-20 | sort > $file2 # Another extra check: uniq -u $file2 >> $file3 echo "Finished getting." # Find out how many keys max=`cat $file3 | wc -l ` #real=`echo $[$max-1]` echo "We have $max keys to obtain." } checkKeys(){ # Output everything to one file echo "Getting keys from our public ring." echo "This may take a while..." gpg --list-public-keys | grep ^pub | cut -b 12-20 | sort > $file uniq -u $file >> $file3 echo "Finished getting keys from our public ring" # I now have all the keys # Find out how many keys max=`cat $file3 | wc -l ` #real=`echo $[$max-1]` echo "We have $max keys in our public ring" } # Funtions to set timeouts killGpg(){ kill $gpgId 2> /dev/null output=$? if [ "$output" = "0" ]; then echo $i >> $file4 echo "************************************************************" echo " Retrieval of key $i failed: Operation timed out." echo "************************************************************" fi TIMEOUT=30 } # Fuction to actually update keys getKeys(){ mv $file4 $file5 # Get each key and update it. If we get no response from server in # $TIMEOUT seconds, get next one. for i in `cat $file3` ; do # If key is not an empty string: if [ "$i" != "" ]; then gpg --recv-key --keyserver $keyserver $i & gpgId=$! sleep $TIMEOUT killGpg fi done gpg --update-trustdb } retry(){ for i in `cat $file4` ; do # If key is not an empty string: if [ "$i" != "" ]; then gpg --recv-key --keyserver $keyserver $i & gpgId=$! sleep $TIMEOUT killGpg fi done gpg --update-trustdb } case "$1" in dump-sigs) checkSigs ;; dump-keys) checkKeys ;; sigs) checkSigs getKeys ;; keys) checkKeys getKeys ;; all) checkSigs checkKeys getKeys ;; get) getKeys ;; retry) retry ;; *) echo "" echo "Usage: $0 [keys|sigs|all|dump-sigs|dump-keys|get|retry]" echo "" echo "This script updates your GPG public ring retrieving the keys from" echo "a server." echo "" echo "Default keyserver is pgpkeys.mit.edu. Edit the script to change it." echo "" echo "Options:" echo " keys - Gets all keys on your public ring and updates them." echo " sigs - Checks all the signatures on those keys and retrieves" echo " those not found on your public ring." echo " all - Updates both public keys and signatures on them." echo " dump-sigs - Just creates the file with the sigs." echo " dump-keys - Just creates the file with the keys." echo " get - Gets the keys from the files created above." echo " retry - Gets the keys that failed before." echo "" echo "This is free software, under the terms of the GPL v2 or later." echo "See http://www.gnu.org/copyleft/gpl.html" echo "" exit 1 ;; esac echo "Not removing temporal data: [ $file | $file2 | $file3 ]. Still debbuging" #rm $file # Name starts in column 21