diff options
| author | James McCoy <jamessan@debian.org> | 2019-11-26 14:05:09 -0500 |
|---|---|---|
| committer | James McCoy <jamessan@debian.org> | 2019-11-26 14:06:52 -0500 |
| commit | 166d4979b1c4e4f6f6b0362e301ccd6ac75dc448 (patch) | |
| tree | 92f90a58261bc6704d10f60911e94ee2b251bad9 | |
| parent | 030b8cc797cf42340fe6f79bf0eedf9a1aca9998 (diff) | |
Add fetch-keys script to update/minimize signing-key.asc
Signed-off-by: James McCoy <jamessan@debian.org>
| -rwxr-xr-x | debian/fetch-keys | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/debian/fetch-keys b/debian/fetch-keys new file mode 100755 index 0000000..b74d8e7 --- /dev/null +++ b/debian/fetch-keys @@ -0,0 +1,59 @@ +#!/bin/sh +set -eu + +usage() { + rc=$1 + + if [ "$rc" -ne 0 ]; then + exec 1>&2 + fi + + printf 'Usage: %s <version> + +Retrieve signing keys for upstream version <version> and store the minimized +version to debian/upstream/signing-key.asc. + +Must be run from top level of source package. +' $0 + exit "$rc" +} + +keyurl() { + printf 'https://www.apache.org/dist/subversion/subversion-%s.KEYS' "$1" +} + +SIGNING_KEY=debian/upstream/signing-key.asc +dh_testdir "$SIGNING_KEY" + +UVER= + +if [ "$#" -lt 1 ]; then + usage 1 +fi + +case "$1" in + -h|--help) + usage 0 + ;; + -*) + usage 1 + ;; + *) + UVER="$1" + shift + ;; +esac + +export GNUPGHOME="$(mktemp -d)" +trap "rm -r \"$GNUPGHOME\"" EXIT + +FULLKEYS="$GNUPGHOME/fullkeys" + +wget -nv -O "$FULLKEYS" "$(keyurl "$UVER")" +gpg --batch --quiet --import "$FULLKEYS" + +: > "$SIGNING_KEY" +for fpr in $(gpg --with-colons --list-keys --fingerprint --fingerprint | awk -F: 'BEGIN { print_fpr = 0; } /^fpr:/{ if (print_fpr == 1) { printf "%s\n", $10; print_fpr = 0; } } /^pub:/{ print_fpr = 1; }' | sort); do + printf 'Exporting key for fingerprint %s...\n' "$fpr" + gpg --armor --export --export-options export-minimal,export-clean "$fpr" >> "$SIGNING_KEY" +done |