Cradicle Explorer
krzk-tools
/ linux / korg-refresh-keys
korg-refresh-keys
 1  #!/bin/bash
 2  #
 3  # SPDX-License-Identifier: GPL-3.0
 4  #
 5  # This script is for refreshing your keyring on a regular
 6  # basis. It can be run from cron or manually. See README.rst
 7  # for details on how to set it up.
 8  #
 9  # Remove the following line. It is there so people don't run this
10  # script directly from the git repository.
11  
12  # FIX ME: point at the actual location of pgpkeys.git clone
13  PGPKEYS="$HOME/dev/korg-pgpkeys"
14  
15  # If you remove "--import-options merge-only", it will import keys
16  # not already present on your keyring, which is not what you want!
17  IMPORTFLAGS="--import-options import-clean --import-options merge-only"
18  
19  # Make sure this points to your gpg v2 binary. You can also add other
20  # flags here, such as --homedir
21  GPGBIN="/usr/bin/gpg2 --batch"
22  
23  # Run with -q from cron to silence most output
24  [[ $1 == '-q' ]] && Q='-q'
25  
26  cd $PGPKEYS || exit 1
27  # Exit if we can't run git fetch (perhaps not online?)
28  [[ -z "$Q" ]] && echo "Updating the repository"
29  git fetch $Q || exit 0
30  
31  
32  if [[ $(git rev-parse HEAD) == $(git rev-parse @{u}) ]]; then
33      [[ -z $Q ]] && echo "No changes since last run"
34      exit 0
35  fi
36  
37  # Verify that the signature on the tip is both good and valid.
38  # To be valid, it needs to be signed by a key with ultimate or
39  # full ownertrust -- see README for details.
40  [[ -z $Q ]] && echo "Verifying commit signature at the tip"
41  COUNT=$(git verify-commit --raw @{u} 2>&1 | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
42  if [[ ${COUNT} -lt 2 ]]; then
43      # Hopefully, this never happens. :)
44      echo "$0: FAILED TO VERIFY COMMIT SIGNATURE!"
45      exit 1
46  fi
47  
48  CHANGED=$(git diff --name-only HEAD @{u} | grep '.asc$')
49  
50  git pull $Q
51  
52  IMPORTFILES=''
53  for ASCFILE in $CHANGED; do
54      # It may have been a delete, so check if it's still there
55      [[ -f $ASCFILE ]] && IMPORTFILES="$IMPORTFILES $ASCFILE"
56  done
57  
58  # This is a somewhat hacky but effective way to trim space
59  IMPORTFILES=$(echo $IMPORTFILES | xargs)
60  if [[ ! -z $IMPORTFILES ]]; then
61      [[ -z "$Q" ]] && echo "Updating keyring"
62      $GPGBIN $Q --import $IMPORTFLAGS $IMPORTFILES
63  fi