blob: 8697b3d2437206f0370615f6f4870bc6075eeb85 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/bin/bash
#
# SPDX-License-Identifier: GPL-3.0-or-later
m4_include(lib/common.sh)
usage() {
cat <<- _EOF_
Usage: ${BASH_SOURCE[0]##*/}
Export the PGP keys from a PKGBUILDs validpgpkeys array into the keys/pgp/
subdirectory. Useful for distributing packager validated source signing
keys alongside PKGBUILDs.
OPTIONS
-h, --help Show this help text
_EOF_
}
# option checking
while (( $# )); do
case $1 in
-h|--help)
usage
exit 0
;;
*)
die "invalid argument: %s" "$1"
;;
esac
done
if [[ ! -f PKGBUILD ]]; then
die "This must be run a directory containing a PKGBUILD."
fi
mapfile -t validpgpkeys < <(
# shellcheck source=PKGBUILD.proto
. ./PKGBUILD
if (( ${#validpgpkeys[@]} )); then
printf "%s\n" "${validpgpkeys[@]}"
fi
)
msg "Exporting ${#validpgpkeys[@]} PGP keys..."
if (( ${#validpgpkeys[@]} == 0 )); then
exit 0
fi
trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
TEMPDIR=$(mktemp -d --tmpdir export-pkgbuild-keys.XXXXXXXXXX)
mkdir -p keys/pgp
error=0
for key in "${validpgpkeys[@]}"; do
gpg --output "$TEMPDIR/$key.asc" --armor --export --export-options export-minimal "$key" 2>/dev/null
# gpg does not give a non-zero return value if it fails to export...
if [[ -f $TEMPDIR/$key.asc ]]; then
msg2 "Exported $key"
mv "$TEMPDIR/$key.asc" "keys/pgp/$key.asc"
else
if [[ -f keys/pgp/$key.asc ]]; then
warning "Failed to update key: $key"
else
error "Key unavailable: $key"
error=1
fi
fi
done
if (( error )); then
die "Failed to export all \'validpgpkeys\' entries."
fi
|