scrub-for-gpg-keys: import parabola and archlinuxarm keyring, too

1 files changed, 36 insertions, 0 deletions

diff --git a/scrub-for-gpg-keys b/scrub-for-gpg-keys
index 4687410..703078c 100755
--- a/scrub-for-gpg-keys
+++ b/scrub-for-gpg-keys
@@ -1,5 +1,30 @@
 #!/bin/bash
 
+parabola_keyring_version=$(
+  curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \
+  | sed '
+    s@^.*<a href="parabola-keyring-\([0-9.]\+\)\.tar\.gz">.*$@\1@
+    t
+    d
+  ' \
+  | sort -V \
+  | tail -n1
+)
+parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz"
+
+archlinuxarm_keyring=$(
+  curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \
+  | sed '
+    s@^.*<a href="archlinuxarm-keyring-\([0-9.]\+-[0-9]\+\)-any\.pkg\.tar\.xz">.*$@\1@
+    t
+    d
+  ' \
+  | sort -V \
+  | tail -n1 \
+  | sed '
+    s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@
+  '
+)
 
 {
   {
@@ -19,6 +44,13 @@
     ' \
     | tr -d '" \t'"'"
     curl -Ss 'https://archlinux32.org/key-wishlist'
+    {
+      curl -Ss "${archlinuxarm_keyring}" \
+      | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked}
+      curl -Ss "${parabola_keyring}" \
+      | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked}
+    } \
+    | cut -d: -f1
   } \
   | sort -u \
   | grep -x '[0-9a-fA-F]\{16,40\}' \
@@ -35,6 +67,10 @@
     printf '%s\n' "${key}"
   done
   gpg --homedir /etc/pacman.d/gnupg -a --export
+  curl -Ss "${archlinuxarm_keyring}" \
+  | bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg
+  curl -Ss "${parabola_keyring}" \
+  | bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg
 } \
 | if [ "x$1" = 'x-l' ]; then
   sudo su http -s /bin/bash -c 'gpg --import'