X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=scripts%2Fdebian%2Fbuildd-remove-keys;h=3591785d6c028769b169a9b22f1f81b3b1f5e2a9;hb=33bef72270a93446af34b264f445560d625fcfdb;hp=45c4b2069a791cae8d221a24705ad2000c92c539;hpb=1073f180f3446768d60fe4a03f88728183818bce;p=dak.git diff --git a/scripts/debian/buildd-remove-keys b/scripts/debian/buildd-remove-keys index 45c4b206..3591785d 100755 --- a/scripts/debian/buildd-remove-keys +++ b/scripts/debian/buildd-remove-keys @@ -51,13 +51,13 @@ function cleanup() { done exit $ERRVAL } -trap cleanup ERR EXIT TERM HUP INT QUIT base="${base}/scripts/builddkeyrings" INCOMING="${base}/incoming" ERRORS="${base}/errors" -ADMINS="${base}/admins" +ADMINS="${base}/adminkeys.gpg" REMOVED="${base}/removed-buildd-keys.gpg" +STAMPFILE="${base}/updatedkeyring" # Default options for our gpg calls DEFGPGOPT="--no-default-keyring --batch --no-tty --no-options --exit-on-status-write-error --no-greeting" @@ -67,16 +67,27 @@ if ! [ -d "${INCOMING}" ]; then exit 1 fi +cd "${INCOMING}" +KEYS=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.del | sed -e "s,./,," | xargs) +if [ -z "${KEYS}" ]; then + exit 0 +fi + +trap cleanup ERR EXIT TERM HUP INT QUIT + +# Tell prepare-dir that there is an update and it can run +touch "${STAMPFILE}" + # Whenever something goes wrong, its put in there. mkdir -p "${ERRORS}" # We process all new files in our incoming directory -for file in $(ls -1 ${INCOMING}/*.del ); do +for file in ${KEYS}; do file=${file##*/} # First we want to see if we recognize the filename. The buildd people have # to follow a certain schema: - # architecture_builddname.YEAR-MONTH-DAY_HOUR:MINUTE.del - if [[ $file =~ (.*)_(.*).([0-9]{4}-[0-9]{2}-[0-9]{2}_[0-9]{2}:[0-9]{2}).del ]]; then + # architecture_builddname.YEAR-MONTH-DAY_HOURMINUTE.del + if [[ $file =~ (.*)_(.*).([0-9]{4}-[0-9]{2}-[0-9]{2}_[0-9]{2}[0-9]{2}).del ]]; then ARCH=${BASH_REMATCH[1]} BUILDD=${BASH_REMATCH[2]} # Right now timestamp is unused @@ -122,7 +133,7 @@ for file in $(ls -1 ${INCOMING}/*.del ); do exec 5> "${GPGLOGS}" # So lets run gpg, status/logger into the two files, to "decrypt" the keyfile - if ! gpg ${DEFGPGOPT} --keyring "${ADMINS}/${ARCH}.gpg" --status-fd 4 --logger-fd 5 --decrypt "${INCOMING}/${file}" > "${GPGOUTF}"; then + if ! gpg ${DEFGPGOPT} --keyring "${ADMINS}" --status-fd 4 --logger-fd 5 --decrypt "${INCOMING}/${file}" > "${GPGOUTF}"; then ret=$? log "gpg returned with ${ret}, not removing key using ${file}" DATE=$(date -Is) @@ -172,7 +183,7 @@ for file in $(ls -1 ${INCOMING}/*.del ); do ARCHKEYRING="${base}/${ARCH}/keyring.gpg" # Is the key in there? - KEYNO=$(gpg ${DEFGPGOPT} --keyring "${ARCHKEYRING}" --with-colons --list-keys ${KEYID} | grep -c '^pub:') + KEYNO=$(gpg ${DEFGPGOPT} --keyring "${ARCHKEYRING}" --with-colons --list-keys ${KEYID} | grep -c '^pub:' || /bin/true ) if [ $KEYNO -eq 1 ]; then # Right, exactly one there, lets get rid of it