[gentoo-commits] proj/qa-scripts:master commit in: /

Fri, 03 May 2019 20:23:33 -0700 

commit:     daec48a7895d7a4b04d55ddf35397fb07b48f68b
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sat May  4 03:22:15 2019 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat May  4 03:22:15 2019 +0000
URL:        https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=daec48a7

keyrings: prepare to flip to new scripts

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 create-dev-keyrings.bash             |  5 +++++
 keyrings-export-keys.gentoo.org.bash | 18 ++++++++++++++++++
 keyrings-import-keys.gentoo.org.bash | 23 +++++++++++++++++++++++
 keyrings-import-sks.bash             | 23 +++++++++++++++++++++++
 keyrings.inc.bash                    | 29 +++++++++++++++++++----------
 5 files changed, 88 insertions(+), 10 deletions(-)

diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash
index 3f65550..f2772d8 100755
--- a/create-dev-keyrings.bash
+++ b/create-dev-keyrings.bash
@@ -11,6 +11,9 @@ source "${BASEDIR}"/keyrings.inc.bash
 set -e
 export_ldap_data_to_env
 
+export KEYSERVERS=( "${KS_SKS}" "${KS_GENTOO}" )
+export KEYSERVER_TIMEOUT=20m
+
 grab_keys "${SYSTEM_KEYS[@]}"
 export_keys "${OUTPUT_DIR}"/service-keys.gpg \
        "${SYSTEM_KEYS[@]}"
@@ -39,6 +42,8 @@ export_keys "${OUTPUT_DIR}"/all-devs.gpg \
        "${RETIRED_DEVS[@]}"
 
 # Populate keys.gentoo.org with the keys we have, since they might have come 
from SKS
+export KEYSERVERS=( "${KS_GENTOO}" )
+export KEYSERVER_TIMEOUT=20m
 push_keys "${SYSTEM_KEYS[@]}"
 push_keys "${COMMITTING_DEVS[@]}"
 push_keys "${NONCOMMITTING_DEVS[@]}"

diff --git a/keyrings-export-keys.gentoo.org.bash 
b/keyrings-export-keys.gentoo.org.bash
new file mode 100755
index 0000000..38a3478
--- /dev/null
+++ b/keyrings-export-keys.gentoo.org.bash
@@ -0,0 +1,18 @@
+#!/bin/bash
+# Export key updates to Keyservers: keys.gentoo.org
+
+OUTPUT_DIR=${1:-.}
+BASEDIR="$(dirname "$0")"
+source "${BASEDIR}"/keyrings.inc.bash
+
+set -e
+export_ldap_data_to_env
+
+export KEYSERVERS=( "${KS_GENTOO}" )
+export KEYSERVER_TIMEOUT=5m
+
+# Populate keys.gentoo.org with the keys we have, since they might have come 
from SKS
+push_keys "${SYSTEM_KEYS[@]}"
+push_keys "${COMMITTING_DEVS[@]}"
+push_keys "${NONCOMMITTING_DEVS[@]}"
+push_keys "${RETIRED_DEVS[@]}"

diff --git a/keyrings-import-keys.gentoo.org.bash 
b/keyrings-import-keys.gentoo.org.bash
new file mode 100755
index 0000000..3328e2c
--- /dev/null
+++ b/keyrings-import-keys.gentoo.org.bash
@@ -0,0 +1,23 @@
+#!/bin/bash
+# Import key updates from Keyservers: keys.gentoo.org
+#
+# TODO:
+# - Turn off export in this script
+
+OUTPUT_DIR=${1:-.}
+BASEDIR="$(dirname "$0")"
+source "${BASEDIR}"/keyrings.inc.bash
+
+set -e
+export_ldap_data_to_env
+
+export KEYSERVERS=( "${KS_GENTOO}" )
+export KEYSERVER_TIMEOUT=5m
+
+grab_keys "${SYSTEM_KEYS[@]}"
+grab_keys "${COMMITTING_DEVS[@]}"
+grab_keys "${NONCOMMITTING_DEVS[@]}"
+# -- not all are on keyservers
+# -- and are unlikely to turn up now
+# -- this needs to fetch from some archive instead
+grab_keys "${RETIRED_DEVS[@]}"

diff --git a/keyrings-import-sks.bash b/keyrings-import-sks.bash
new file mode 100755
index 0000000..3d04ebc
--- /dev/null
+++ b/keyrings-import-sks.bash
@@ -0,0 +1,23 @@
+#!/bin/bash
+# Import key updates from Keyservers
+#
+# TODO:
+# - Turn off export in this script
+
+OUTPUT_DIR=${1:-.}
+BASEDIR="$(dirname "$0")"
+source "${BASEDIR}"/keyrings.inc.bash
+
+set -e
+export_ldap_data_to_env
+
+export KEYSERVER=( ${KS_SKS} )
+export KEYSERVER_TIMEOUT=20m
+
+grab_keys "${SYSTEM_KEYS[@]}"
+grab_keys "${COMMITTING_DEVS[@]}"
+grab_keys "${NONCOMMITTING_DEVS[@]}"
+# -- not all are on keyservers
+# -- and are unlikely to turn up now
+# -- this needs to fetch from some archive instead
+#grab_keys "${RETIRED_DEVS[@]}"

diff --git a/keyrings.inc.bash b/keyrings.inc.bash
index 052550d..427a6f2 100644
--- a/keyrings.inc.bash
+++ b/keyrings.inc.bash
@@ -9,12 +9,7 @@ RETIRED_RULE='(!(gentooStatus=active))'
 
 KS_GENTOO=hkps://keys.gentoo.org/
 KS_SKS=hkps://hkps.pool.sks-keyservers.net/
-
-GPG_TMPDIR=$(mktemp -d)
-clean_tmp() {
-       rm -rf "$GPG_TMPDIR"
-}
-trap clean_tmp EXIT
+KEYSERVERS=( ) # empty by default
 
 # grab_ldap_fingerprints <ldap-rule>
 grab_ldap_fingerprints() {
@@ -30,9 +25,11 @@ grab_keys() {
        local missing=()
        local remaining=( "${@}" )
 
+       KEYSERVER_TIMEOUT=${KEYSERVER_TIMEOUT:=1m}
        while :; do
-               timeout 5m  gpg --keyserver $KS_GENTOO -q --recv-keys 
"${remaining[@]}" || :
-               timeout 20m gpg --keyserver $KS_SKS -q --recv-keys 
"${remaining[@]}" || :
+               for ks in "${KEYSERVERS[@]}" ; do
+                       timeout ${KEYSERVER_TIMEOUT}  gpg --keyserver "$ks" -q 
--recv-keys "${remaining[@]}" || :
+               done
                missing=()
                for key in "${remaining[@]}"; do
                        gpg --list-public "${key}" &>/dev/null || missing+=( 
"${key}" )
@@ -58,12 +55,24 @@ grab_keys() {
 push_keys() {
        # Only send keys that we have
        local remaining=( $(gpg --with-colon --list-public "${@}" | sed -n 
'/^pub/{n; /fpr/p }' |cut -d: -f10) )
-       timeout 5m  gpg --keyserver $KS_GENTOO -q --send-keys "${remaining[@]}" 
|| :
-       #timeout 5m  gpg --keyserver $KS_SKS -q --send-keys "${remaining[@]}" 
|| :
+       KEYSERVER_TIMEOUT=${KEYSERVER_TIMEOUT:=1m}
+       for ks in "${KEYSERVERS[@]}" ; do
+               timeout 5m  ${KEYSERVER_TIMEOUT} g --keyserver "$ks" -q 
--send-keys "${remaining[@]}" || :
+       done
+}
+
+
+clean_tmp() {
+       [ -n "$GPG_TMPDIR" ] && [ -d "$GPG_TMPDIR" ] && rm -rf "$GPG_TMPDIR"
+}
+setup_tmp() {
+       export GPG_TMPDIR=$(mktemp -d)
+       trap clean_tmp EXIT
 }
 
 export_keys() {
        DST="$1"
+       setup_tmp
        TMP="${GPG_TMPDIR}"/$(basename "${DST}")
        # Must not exist, otherwise GPG will give error
        [[ -f "${TMP}" ]] && rm -f "${TMP}"

Reply via email to