X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=scripts%2Fdebian%2Fbuildd-remove-keys;h=7b597c044ba48b69fc8a16348b1851b39fc93ef6;hb=b60394c7d9054748972aaf019398c9837d712b99;hp=0ea4c23dc33afebf6031e7b9d15811a84470e0e7;hpb=3f673e29a7eccfbf1ef4f162dfe5bc40af84cd81;p=dak.git

diff --git a/scripts/debian/buildd-remove-keys b/scripts/debian/buildd-remove-keys
index 0ea4c23d..7b597c04 100755
--- a/scripts/debian/buildd-remove-keys
+++ b/scripts/debian/buildd-remove-keys
@@ -43,21 +43,20 @@ function cleanup() {
     trap - ERR EXIT TERM HUP INT QUIT
 
     for TEMPFILE in GPGSTATUS GPGLOGS GPGOUTF TEMPKEYDATA; do
-        TFILE=${TEMPFILE:=$TEMPFILE}
-        DELF=${!TFILE:-""}
+        DELF=${!TEMPFILE:-""}
         if [ -n "${DELF}" ] && [ -f "${DELF}" ]; then
             rm -f "${DELF}"
         fi
     done
     exit $ERRVAL
 }
-trap cleanup ERR EXIT TERM HUP INT QUIT
 
 base="${base}/scripts/builddkeyrings"
 INCOMING="${base}/incoming"
 ERRORS="${base}/errors"
 ADMINS="${base}/adminkeys.gpg"
 REMOVED="${base}/removed-buildd-keys.gpg"
+STAMPFILE="${base}/updatedkeyring"
 
 # Default options for our gpg calls
 DEFGPGOPT="--no-default-keyring --batch --no-tty --no-options --exit-on-status-write-error --no-greeting"
@@ -67,11 +66,22 @@ if ! [ -d "${INCOMING}" ]; then
     exit 1
 fi
 
+cd "${INCOMING}"
+KEYS=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.del | sed -e "s,./,," | xargs)
+if [ -z "${KEYS}" ]; then
+    exit 0
+fi
+
+trap cleanup ERR EXIT TERM HUP INT QUIT
+
+# Tell prepare-dir that there is an update and it can run
+touch "${STAMPFILE}"
+
 # Whenever something goes wrong, its put in there.
 mkdir -p "${ERRORS}"
 
 # We process all new files in our incoming directory
-for file in $(ls -1 ${INCOMING}/*.del ); do
+for file in ${KEYS}; do
     file=${file##*/}
     # First we want to see if we recognize the filename. The buildd people have
     # to follow a certain schema:
@@ -168,6 +178,8 @@ for file in $(ls -1 ${INCOMING}/*.del ); do
         fi
     done
 
+    COMMENT=${COMMENT:-"The bad ${KEYSUBMITTER} hasn't supplied a comment"}
+
     # Right, we have the keyid, know the arch, lets see if we can remove it
     ARCHKEYRING="${base}/${ARCH}/keyring.gpg"
 
@@ -179,7 +191,9 @@ for file in $(ls -1 ${INCOMING}/*.del ); do
         # So put it into the removed keyring
         gpg ${DEFGPGOPT} --keyring "${ARCHKEYRING}" --export ${KEYID} | gpg ${DEFGPGOPT} --keyring "${REMOVED}" --import 2>/dev/null
         if gpg ${DEFGPGOPT} --keyring "${ARCHKEYRING}" --yes --delete-keys ${KEYID}; then
-            log "Removed key ${KEYID}, reason: ${COMMENT}"
+            KEYSUBMITTER=$(cat "${GPGSTATUS}"|grep GOODSIG)
+            KEYSUBMITTER=${KEYSUBMITTER##*GOODSIG}
+            log "${KEYSUBMITTER} removed key ${KEYID} for ${ARCH} buildd ${BUILDD}, reason: ${COMMENT}"
             mv "${INCOMING}/${file}" "${base}/${ARCH}"
             continue
         fi