From 457533034d1e0070323f9ca49a4bf8ddde5f882e Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 14 Jan 2019 10:34:54 +0100
Subject: initial import

---
 scripts/update-trust | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100755 scripts/update-trust

(limited to 'scripts/update-trust')

diff --git a/scripts/update-trust b/scripts/update-trust
new file mode 100755
index 0000000..9ff7e78
--- /dev/null
+++ b/scripts/update-trust
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+export GNUPGHOME=/etc/metadata/gnupg
+mkdir -p $GNUPGHOME
+chmod 0700 $GNUPGHOME
+export GPG=gpg2
+
+# Install new keys discovered in the keys directory
+for k in keys/*.pub; do
+   fp=`$GPG --with-colons --with-fingerprint < $k | awk -F: '$1 == "pub" {print $5}'`
+   fp_in_db=`$GPG --with-colons --fingerprint | grep ":$fp:"`
+   if [ "x`echo $fp_in_db | grep '^pub:e:'`" != "x" ]; then
+       echo "$0: Key expired, will re-import it from $k"
+       $GPG --fingerprint $fp
+   fi
+   # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
+   echo $fp_in_db | grep -v "^pub:e:" | grep -q ":$fp:" || $GPG --import < $k
+done
+
+# Delete keys no longer present in keys directory
+for fp in `$GPG --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
+   seen="no"
+   for k in keys/*.pub; do
+      $GPG --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
+   done
+   if [ "x$seen" = "xno" ]; then
+      $GPG --yes --batch --delete-key $fp || true
+   fi
+done
-- 
cgit v1.2.3