[gentoo-commits] repo/gentoo:master commit in: sec-keys/openpgp-keys-gentoo-developers/files/

Fri, 06 Feb 2026 14:44:51 -0800 

commit:     5fdd383ef5a3e181a43639bc2fb86b79ec364562
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb  6 22:42:24 2026 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb  6 22:44:07 2026 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fdd383e

sec-keys/openpgp-keys-gentoo-developers: handle new gentoo-auth

Broke with 48746f8f53b41945c738899d4399143019994abf as the auth keyring
now contains the L2 authority for infra. Sync with the logic in
sec-keys/openpgp-keys-gentoo-infrastructure to skip irrelevant authorities
(services, infra) to have a clean keyring.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/keyring-mangler.py                               | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/sec-keys/openpgp-keys-gentoo-developers/files/keyring-mangler.py 
b/sec-keys/openpgp-keys-gentoo-developers/files/keyring-mangler.py
index 9019a7b3da88..87031370c1c6 100644
--- a/sec-keys/openpgp-keys-gentoo-developers/files/keyring-mangler.py
+++ b/sec-keys/openpgp-keys-gentoo-developers/files/keyring-mangler.py
@@ -21,13 +21,15 @@ import sys
 AUTHORITY_KEYS = [
     # Gentoo Authority Key L1
     "ABD00913019D6354BA1D9A132839FE0D796198B1",
-    # Gentoo Authority Key L2 for Services
-    "18F703D702B1B9591373148C55D3238EC050396E",
     # Gentoo Authority Key L2 for Developers
     "2C13823B8237310FA213034930D132FF0FF50EEB",
 ]
-
-L2_DEVELOPER_KEY = "30D132FF0FF50EEB"
+SKIP_KEYS = [
+    # Gentoo Authority Key L2 for Services
+    "18F703D702B1B9591373148C55D3238EC050396E",
+    # Gentoo Authority Key L2 for Infrastructure
+    "ABA5E4E7F4E407ABE9CA7EC7422C9066E21F705A"
+]
 
 # logging.basicConfig(level=os.environ.get("LOGLEVEL", "DEBUG"))
 
@@ -63,6 +65,10 @@ for key in gpg.list_keys(sigs=True):
         # Just add this in.
         good_keys.append(key["fingerprint"])
         continue
+    if key["fingerprint"] in SKIP_KEYS:
+        # We don't want the other L2 keys (e.g. infra) in here as we're 
filtering
+        # for developers.
+        continue
 
     # 
https://security.stackexchange.com/questions/41208/what-is-the-exact-meaning-of-this-gpg-output-regarding-trust
     if key["trust"] == "e":

Reply via email to