#!/bin/bash
archlinux=true
archlinux_arm=true
archlinux_git=true
local=false
parabola=true
wishlist=true
while [ $# -gt 0 ]; do
case "x$1" in
'x-l')
local=true
;;
'x--no-archlinux')
archlinux=false
;;
'x--no-archlinux-arm')
archlinux_arm=false
;;
'x--no-archlinux-git')
archlinux_git=false
;;
'x--no-parabola')
parabola=false
;;
'x--no-wishlist')
wishlist=false
;;
*)
>&2 printf 'unknown parameter %s\n' "$1"
>&2 printf 'known parameters:\n'
>&2 printf ' -%s %s\n' \
'l' 'update local keyring'
>&2 printf ' --no-%s\n do not update keys from/mentioned in\n %s\n' \
'archlinux' 'locally running archlinux keyring' \
'archlinux-arm' 'archlinuxarm keyring package' \
'archlinux-git' 'archlinux sources (PKGBUILDs) git repository' \
'parabola' 'parabola keyring package sources' \
'wishlist' 'our keyserver'"'"'s wishlist'
exit 1
;;
esac
shift
done
if ${parabola}; then
parabola_keyring_version=$(
curl -Ss 'https://repo.parabola.nu/other/parabola-keyring/' \
| sed '
s@^.*.*$@\1@
t
d
' \
| sort -V \
| tail -n1
)
parabola_keyring="https://repo.parabola.nu/other/parabola-keyring/parabola-keyring-${parabola_keyring_version}.tar.gz"
fi
if ${archlinux_arm}; then
archlinuxarm_keyring=$(
curl -Ss 'https://arch.eckner.net/archlinuxarm/arm/core/' \
| sed '
s@^.*.*$@\1@
t
d
' \
| sort -V \
| tail -n1 \
| sed '
s@^.*$@https://arch.eckner.net/archlinuxarm/arm/core/archlinuxarm-keyring-\0-any.pkg.tar.xz@
'
)
fi
{
{
if ${archlinux_git}; then
find \
/usr/src/archlinux/{packages,community}/ \
/usr/src/archlinux32/packages/ \
~/eigeneSkripte/archPackages/ \
-type f -name PKGBUILD \
-exec sed -n '
/^\s*validpgpkeys=.*)/p
/^\s*validpgpkeys=[^)]\+$/,/)/p
' {} + 2>/dev/null \
| sed '
s/#.*$//
s/^\s*validpgpkeys=(//
s/).*$//
' \
| tr -d '" \t'"'"
fi
curl -Ss 'https://archlinux32.org/key-wishlist'
{
if ${archlinux_arm}; then
curl -Ss "${archlinuxarm_keyring}" \
| bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm-{trusted,revoked}
fi
if ${parabola}; then
curl -Ss "${parabola_keyring}" \
| bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola-{trusted,revoked}
fi
} \
| cut -d: -f1
} \
| sort -u \
| grep -x '[0-9a-fA-F]\{16,40\}' \
| while read -r key_id; do
key=$(gpg -a --export "${key_id}" 2>/dev/null)
if [ -z "${key}" ]; then
/usr/src/skripte/gpg-safe-import/gpg-safe-import --recv-keys "${key_id}"
key=$(gpg -a --export "${key_id}" 2>/dev/null)
fi
if [ -z "${key}" ]; then
>&2 printf 'wish-list key "%s" is unknown\n' "${key_id}"
continue
fi
printf '%s\n' "${key}"
done
if ${archlinux}; then
gpg --homedir /etc/pacman.d/gnupg -a --export
fi
if ${archlinux_arm}; then
curl -Ss "${archlinuxarm_keyring}" \
| bsdtar -Oxf - usr/share/pacman/keyrings/archlinuxarm.gpg
fi
if ${parabola}; then
curl -Ss "${parabola_keyring}" \
| bsdtar -Oxf - parabola-keyring-${parabola_keyring_version}/parabola.gpg
fi
} \
| if ${local}; then
sudo su http -s /bin/bash -c 'gpg --import'
else
ssh archlinux32 "sudo su http -s /bin/bash -c 'gpg --import'"
fi