[gentoo-commits] proj/qa-scripts:master commit in: /

Robin H. Johnson Mon, 08 Apr 2019 22:23:30 -0700

commit:     ba4f3b35b91889df2508a203d70d204151f1bd6f
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  9 05:22:31 2019 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Apr  9 05:22:31 2019 +0000
URL:        https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=ba4f3b35


create-dev-keyrings.bash: push keys back to keys.gentoo.org

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 create-dev-keyrings.bash | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash
index 8e581b4..704e409 100755
--- a/create-dev-keyrings.bash
+++ b/create-dev-keyrings.bash
@@ -9,6 +9,10 @@ 
COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active
 
NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))'
 RETIRED_RULE='(!(gentooStatus=active))'
 
+# this needs to move to HKPS as well, but that part is not yet deployed.
+KS_GENTOO=hkp://keys.gentoo.org/
+KS_SKS=hkps://hkps.pool.sks-keyservers.net/
+
 GPG_TMPDIR=$(mktemp -d)
 clean_tmp() {
        rm -rf "$GPG_TMPDIR"
@@ -28,12 +32,9 @@ grab_keys() {
        local missing=()
        local remaining=( "${@}" )
 
-       # this needs to move to HKPS as well, but that part is not yet deployed.
-       KS1=hkp://keys.gentoo.org/
-       KS2=hkps://hkps.pool.sks-keyservers.net/
        while :; do
-               timeout 5m  gpg --keyserver $KS1 -q --recv-keys 
"${remaining[@]}" || :
-               timeout 20m gpg --keyserver $KS2 -q --recv-keys 
"${remaining[@]}" || :
+               timeout 5m  gpg --keyserver $KS_GENTOO -q --recv-keys 
"${remaining[@]}" || :
+               timeout 20m gpg --keyserver $KS_SKS -q --recv-keys 
"${remaining[@]}" || :
                missing=()
                for key in "${remaining[@]}"; do
                        gpg --list-public "${key}" &>/dev/null || missing+=( 
"${key}" )
@@ -55,6 +56,12 @@ grab_keys() {
        done
 }
 
+# push_keys <fingerprint>...
+push_keys() {
+       timeout 5m  gpg --keyserver $KS_GENTOO -q --send-keys "${remaining[@]}" 
|| :
+       #timeout 5m  gpg --keyserver $KS_SKS -q --send-keys "${remaining[@]}" 
|| :
+}
+
 export_keys() {
        DST="$1"
        TMP="${GPG_TMPDIR}"/$(basename "${DST}")
@@ -105,3 +112,9 @@ export_keys "${OUTPUT_DIR}"/all-devs.gpg \
        "${COMMITTING_DEVS[@]}" \
        "${NONCOMMITTING_DEVS[@]}" \
        "${RETIRED_DEVS[@]}"
+
+# Populate keys.gentoo.org with the keys we have, since they might have come 
from SKS
+push_keys "${SYSTEM_KEYS[@]}"
+push_keys "${COMMITTING_DEVS[@]}"
+push_keys "${NONCOMMITTING_DEVS[@]}"
+push_keys "${RETIRED_DEVS[@]}"

[gentoo-commits] proj/qa-scripts:master commit in: /

Reply via email to