1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
#!/bin/sh
# Copyright (c) 2013 Gunnar Wolf <gwolf@debian.org>,
# Based on 2008 Jonathan McDowell <noodles@earth.li>
# GNU GPL; v2 or later
# Moves an existing key to another keyring directory
set -e
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: move-key keyid dir" >&2
exit 1
fi
key=$1
destdir=$(readlink -f $2)
# avoid gnupg touching ~/.gnupg
GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
export GNUPGHOME
trap cleanup exit
cleanup () {
rm -rf "$GNUPGHOME"
}
keyfp="<fixme>"
if [ $(echo -n $key|wc -c) -eq 16 ]; then
key='0x'$(echo $key|tr a-z A-Z)
elif [ $(echo -n $key|wc -c) -eq 40 ] ; then
keyfp=$key
key='0x'$(echo -n $key | cut -b 25-)
fi
if [ ! -d "$destdir" ] || echo "$destdir"|grep -q -- '-pgp/?$'; then
echo "Error: $destdir is not a valid keyring directory" >& 2
exit 1
fi
for dir in *-pgp/; do
if [ -f $dir/$key ]; then
keyfile=$(readlink -f "$dir/$key")
srcdir=$(readlink -f $dir)
break
fi
done
if [ "$srcdir" = "$destdir" ]; then
echo "Source and destination directories are the same: $srcdir" >& 2
exit 1
fi
if [ -z "$keyfile" ]; then
echo "Requested key '$key' not found"
exit 1
fi
keyuser=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $keyfile| grep '^pub' | cut -d : -f 10)
echo ""
echo "About to move key $key ($keyuser)"
echo " FROM $srcdir"
echo " TO $destdir"
echo "Are you sure you want to update this key? (y/n)"
read n
if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
add_to_keyid=""
echo -n "Enter full name of new key's owner: "
read name
echo -n 'RT issue ID this change closes, if any: '
read rtid
if ( echo $destdir | egrep -q 'debian-keyring-pgp/?$' ); then
log="Add new DD key $key ($name) (RT #$rtid)"
add_to_keyid=yes
dest=DD
action=add
elif ( echo $destdir | egrep -q 'debian-nonupload-pgp/?$' ); then
log="Add new nonuploading key $key ($name) (RT #$rtid)"
add_to_keyid=yes
dest=DN
action=add
elif ( echo $destdir | egrep -q 'debian-maintainer-pgp/?$' ); then
log="Add new DM key $key ($name) (RT #$rtid)"
dest=DM
action=add
elif ( echo $destdir | egrep -q 'emeritus-keyring-pgp/?$' ); then
log="Move $key to emeritus ($name) (RT #$rtid)"
action=remove
fi
git mv $keyfile $destdir
VERSION=$(head -1 debian/changelog | awk '{print $2}' | sed 's/[\(\)]//g')
RELEASE=$(head -1 debian/changelog | awk '{print $3}' | sed 's/;$//')
case $RELEASE in
UNRELEASED)
dch --multimaint-merge -D UNRELEASED -a "$log"
;;
unstable)
NEWVER=$(date +%Y.%m.xx)
if [ "$VERSION" = "$NEWVER" ]
then
echo '* Warning: New version and previous released version are'
echo " the same: $VERSION. This should not be so!"
echo ' Check debian/changelog'
fi
dch -D UNRELEASED -v $NEWVER "$log"
;;
*)
echo "Last release $VERSION for unknown distribution «$RELEASE»."
echo "Not calling dch, do it manually."
;;
esac
git add debian/changelog
if [ ! -z "$add_to_keyid" ]; then
if oldkey=$(grep $key keyids); then
echo "Key already present in the keyids file:"
echo $oldkey
else
echo -n "Enter Debian login of new key: "
read login
echo "$key $name <$login>" >> keyids
sort keyids > keyids.$$ && mv keyids.$$ keyids
git add keyids
fi
fi
cat > git-commit-template <<EOF
$log
Action: $action
Subject: $name
Username: $login
Role: $dest
Key: $keyfp
Key-type:
RT-Ticket: $rtid
Request-signed-by:
Details:
Notes: Move from <src> keyring
EOF
else
echo "Not moving key."
fi
|
