1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
#!/bin/bash
SHOULD_RUN_ON=kaufmann.debian.org
if [ -z "$RUNANYWAY" -a $(hostname -f) != "$SHOULD_RUN_ON" ] ; then
echo This script is meant to be run in $SHOULD_RUN_ON
echo You can still run it if you are sure by setting
echo \$RUNANYWAY to a nonempty value.
exit 1
fi
SRCKEYRINGDIR=/org/keyring.debian.org/master-keyring/output
OUTPUTDIR=/org/keyring.debian.org/pub
HKPDIR=/org/keyring.debian.org/keyrings-new
PENDINGDIR=/org/keyring.debian.org/pending-updates
if ! gpg --batch --quiet --verify ${SRCKEYRINGDIR}/sha512sums.txt 2> /dev/null; \
then
echo sha512sums for update is not signed.
exit 1
fi
cd ${SRCKEYRINGDIR}
if ! sha512sum -c sha512sums.txt; then
echo sha512sums for update does not match files.
exit 1
fi
if [ -e ${PENDINGDIR}/debian-keyring.pgp -o \
-e ${PENDINGDIR}/debian-keyring.gpg -o \
-e ${PENDINGDIR}/debian-maintainers.gpg ]; then
echo Unhandled pending updates.
exit 1
fi
cp ${HKPDIR}/debian-keyring.pgp ${PENDINGDIR}
cp ${HKPDIR}/debian-keyring.gpg ${PENDINGDIR}
cp ${HKPDIR}/debian-maintainers.gpg ${PENDINGDIR}
echo Updating active keyrings.
cp -r ${SRCKEYRINGDIR}/* ${OUTPUTDIR}/
echo Updating HKP keyrings.
cp -r ${SRCKEYRINGDIR}/keyrings/debian-keyring.{gpg,pgp} \
${SRCKEYRINGDIR}/keyrings/debian-maintainers.gpg \
${HKPDIR}/
|
