Merge branch 'master' of ssh://ftp-master.debian.org/srv/ftp.debian.org/git/dak

[dak.git] / scripts / debian / buildd-remove-keys

diff --git a/scripts/debian/buildd-remove-keys b/scripts/debian/buildd-remove-keys
index 6252b4515f26ef1150e16a1ab9918b40da92a348..3591785d6c028769b169a9b22f1f81b3b1f5e2a9 100755 (executable)
--- a/scripts/debian/buildd-remove-keys
+++ b/scripts/debian/buildd-remove-keys
@@ -51,13 +51,13 @@ function cleanup() {
     done
     exit $ERRVAL
 }
-trap cleanup ERR EXIT TERM HUP INT QUIT
 
-base=="${base}/scripts/builddkeyrings"
+base="${base}/scripts/builddkeyrings"
 INCOMING="${base}/incoming"
 ERRORS="${base}/errors"
-ADMINS="${base}/admins"
+ADMINS="${base}/adminkeys.gpg"
 REMOVED="${base}/removed-buildd-keys.gpg"
+STAMPFILE="${base}/updatedkeyring"
 
 # Default options for our gpg calls
 DEFGPGOPT="--no-default-keyring --batch --no-tty --no-options --exit-on-status-write-error --no-greeting"
@@ -67,16 +67,27 @@ if ! [ -d "${INCOMING}" ]; then
     exit 1
 fi
 
+cd "${INCOMING}"
+KEYS=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.del | sed -e "s,./,," | xargs)
+if [ -z "${KEYS}" ]; then
+    exit 0
+fi
+
+trap cleanup ERR EXIT TERM HUP INT QUIT
+
+# Tell prepare-dir that there is an update and it can run
+touch "${STAMPFILE}"
+
 # Whenever something goes wrong, its put in there.
 mkdir -p "${ERRORS}"
 
 # We process all new files in our incoming directory
-for file in $(ls -1 ${INCOMING}/*.del ); do
+for file in ${KEYS}; do
     file=${file##*/}
     # First we want to see if we recognize the filename. The buildd people have
     # to follow a certain schema:
-    # architecture_builddname.YEAR-MONTH-DAY_HOUR:MINUTE.del
-    if [[ $file =~ (.*)_(.*).([0-9]{4}-[0-9]{2}-[0-9]{2}_[0-9]{2}:[0-9]{2}).del ]]; then
+    # architecture_builddname.YEAR-MONTH-DAY_HOURMINUTE.del
+    if [[ $file =~ (.*)_(.*).([0-9]{4}-[0-9]{2}-[0-9]{2}_[0-9]{2}[0-9]{2}).del ]]; then
         ARCH=${BASH_REMATCH[1]}
         BUILDD=${BASH_REMATCH[2]}
         # Right now timestamp is unused
@@ -122,7 +133,7 @@ for file in $(ls -1 ${INCOMING}/*.del ); do
     exec 5> "${GPGLOGS}"
 
     # So lets run gpg, status/logger into the two files, to "decrypt" the keyfile
-    if ! gpg ${DEFGPGOPT} --status-fd 4 --logger-fd 5 --decrypt "${INCOMING}/${file}" > "${GPGOUTF}"; then
+    if ! gpg ${DEFGPGOPT} --keyring "${ADMINS}" --status-fd 4 --logger-fd 5 --decrypt "${INCOMING}/${file}" > "${GPGOUTF}"; then
         ret=$?
         log "gpg returned with ${ret}, not removing key using ${file}"
         DATE=$(date -Is)
@@ -172,7 +183,7 @@ for file in $(ls -1 ${INCOMING}/*.del ); do
     ARCHKEYRING="${base}/${ARCH}/keyring.gpg"
 
     # Is the key in there?
-    KEYNO=$(gpg ${DEFGPGOPT} --keyring "${ARCHKEYRING}" --with-colons --list-keys ${KEYID} | grep -c '^pub:')
+    KEYNO=$(gpg ${DEFGPGOPT} --keyring "${ARCHKEYRING}" --with-colons --list-keys ${KEYID} | grep -c '^pub:' || /bin/true )
 
     if [ $KEYNO -eq 1 ]; then
         # Right, exactly one there, lets get rid of it