Commit cca61ee7 authored by Eli Schwartz's avatar Eli Schwartz Committed by Christian Hesse
Browse files

update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export



This has the same effect, but causes only the exported version of the
key to be cleaned. Cleaning the internal copy doesn't matter.

Signed-off-by: Christian Hesse's avatarChristian Hesse <mail@eworm.de>
parent 44f69d00
......@@ -15,7 +15,7 @@ quiet
batch
no-tty
no-permission-warning
export-options no-export-attributes
export-options no-export-attributes,export-clean
keyserver ${KEYSERVER}
__EOF__
......@@ -65,7 +65,6 @@ done < master-keyids
while read -ra data; do
keyid="${data[0]}"
username="${data[1]}"
printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> master-revoked/${username}.asc
echo "${keyid}" >> archlinux-revoked
done < master-revoked-keyids
......@@ -74,7 +73,6 @@ done < master-revoked-keyids
while read -ra data; do
keyid="${data[0]}"
username="${data[@]:1}"
printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
if ! "${GPG[@]}" --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:'; then
echo "key is not fully trusted: ${keyid} ${username}"
else
......@@ -86,7 +84,6 @@ done < packager-keyids
while read -ra data; do
keyid="${data[0]}"
username="${data[1]}"
printf 'clean\nquit\ny\n' | "${GPG[@]}" --command-fd 0 --edit-key ${keyid}
"${GPG[@]}" --armor --no-emit-version --export-options export-minimal --export ${keyid} >> packager-revoked/${username}.asc
echo "${keyid}" >> archlinux-revoked
done < packager-revoked-keyids
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment