commit: ba4f3b35b91889df2508a203d70d204151f1bd6f Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> AuthorDate: Tue Apr 9 05:22:31 2019 +0000 Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> CommitDate: Tue Apr 9 05:22:31 2019 +0000 URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=ba4f3b35
create-dev-keyrings.bash: push keys back to keys.gentoo.org Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> create-dev-keyrings.bash | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash index 8e581b4..704e409 100755 --- a/create-dev-keyrings.bash +++ b/create-dev-keyrings.bash @@ -9,6 +9,10 @@ COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))' RETIRED_RULE='(!(gentooStatus=active))' +# this needs to move to HKPS as well, but that part is not yet deployed. +KS_GENTOO=hkp://keys.gentoo.org/ +KS_SKS=hkps://hkps.pool.sks-keyservers.net/ + GPG_TMPDIR=$(mktemp -d) clean_tmp() { rm -rf "$GPG_TMPDIR" @@ -28,12 +32,9 @@ grab_keys() { local missing=() local remaining=( "${@}" ) - # this needs to move to HKPS as well, but that part is not yet deployed. - KS1=hkp://keys.gentoo.org/ - KS2=hkps://hkps.pool.sks-keyservers.net/ while :; do - timeout 5m gpg --keyserver $KS1 -q --recv-keys "${remaining[@]}" || : - timeout 20m gpg --keyserver $KS2 -q --recv-keys "${remaining[@]}" || : + timeout 5m gpg --keyserver $KS_GENTOO -q --recv-keys "${remaining[@]}" || : + timeout 20m gpg --keyserver $KS_SKS -q --recv-keys "${remaining[@]}" || : missing=() for key in "${remaining[@]}"; do gpg --list-public "${key}" &>/dev/null || missing+=( "${key}" ) @@ -55,6 +56,12 @@ grab_keys() { done } +# push_keys <fingerprint>... +push_keys() { + timeout 5m gpg --keyserver $KS_GENTOO -q --send-keys "${remaining[@]}" || : + #timeout 5m gpg --keyserver $KS_SKS -q --send-keys "${remaining[@]}" || : +} + export_keys() { DST="$1" TMP="${GPG_TMPDIR}"/$(basename "${DST}") @@ -105,3 +112,9 @@ export_keys "${OUTPUT_DIR}"/all-devs.gpg \ "${COMMITTING_DEVS[@]}" \ "${NONCOMMITTING_DEVS[@]}" \ "${RETIRED_DEVS[@]}" + +# Populate keys.gentoo.org with the keys we have, since they might have come from SKS +push_keys "${SYSTEM_KEYS[@]}" +push_keys "${COMMITTING_DEVS[@]}" +push_keys "${NONCOMMITTING_DEVS[@]}" +push_keys "${RETIRED_DEVS[@]}"