On Tue, 16 Jan 2001, Kai Weber wrote:
> This is just an example. My question therefor is whether a solution for
> keeping the keyring up-to-date already exist?
You need to roll your own. Attached, you'll find my script. Fell free to use
and modify it, but be aware of possible pitfalls. It Works For Me, but there
are no warranties it will work for you.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
#!/bin/sh
## GNUPG Maintenance script
##
###
### User-defined parameters
###
## Read-Only keyrings
ROKEYRINGS="/usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-keyring.pgp"
## Keyserver list
#KEYSERVERS="keyring.debian.org wwwkeys.eu.pgp.net wwwkeys.us.pgp.net"
KEYSERVERS="wwwkeys.eu.pgp.net wwwkeys.us.pgp.net"
PROG=`basename $0`
########################################################################
set +e
if test -x /usr/bin/time; then
TIMECMD=/usr/bin/time
else
TIMECMD=
fi
runupdate() {
# Does an update run
gpg --batch --list-keys --fast-list | grep ^pub\ | awk '{ print $2 }' | sed s/^.*\\/// | xargs -r ${TIMECMD} gpg -q --batch --lock-multiple --recv-key $@
}
## First, update public ring from any readonly keyrings
echo ${PROG}: Updating RW keyring from RO keyrings...
echo ${PROG}: Keyrings: ${ROKEYRINGS}
${TIMECMD} gpg --batch --quiet --fast-import ${ROKEYRINGS}
echo
## Now, refresh key data from dynamic sources
echo ${PROG}: Requesting fresh key data from public keyservers...
for i in ${KEYSERVERS} ; do
echo ${PROG}: Keyserver ${i}...
runupdate --keyserver ${i}
echo
done
## Now, rebuild database
echo ${PROG}: Rebuilding trust database...
gpg --batch --quiet --update-trustdb
echo ${PROG}: DONE.
PGP signature