Allow a longer expire time for buildd keys

[dak.git] / scripts / debian / buildd-add-keys

diff --git a/scripts/debian/buildd-add-keys b/scripts/debian/buildd-add-keys
index 7a4b906c22a8954c238ad6cd6d092c1df6015398..0a2fc06cda9ecf6134dc80834944d332bb59f291 100755 (executable)
--- a/scripts/debian/buildd-add-keys
+++ b/scripts/debian/buildd-add-keys
@@ -43,8 +43,7 @@ function cleanup() {
     trap - ERR EXIT TERM HUP INT QUIT
 
     for TEMPFILE in GPGSTATUS GPGLOGS GPGOUTF TEMPKEYDATA; do
-        TFILE=${TEMPFILE:=$TEMPFILE}
-        DELF=${!TFILE:-""}
+        DELF=${!TEMPFILE:-""}
         if [ -n "${DELF}" ] && [ -f "${DELF}" ]; then
             rm -f "${DELF}"
         fi
@@ -239,11 +238,11 @@ for file in ${KEYS}; do
     continue
     fi
 
-    # We want a maximum lifetime of 120 days, so check that.
-    # Easiest to compare in epoch, so lets see, 120 days midnight from now,
+    # We want a maximum lifetime of 365 days, so check that.
+    # Easiest to compare in epoch, so lets see, 365 days midnight from now,
     # compared with their set expiration date at midnight
-    # maxdate should turn out higher. just in case we make it 121 for this check
-    maxdate=$(date -d '121 day 00:00:00' +%s)
+    # maxdate should turn out higher. just in case we make it 366 for this check
+    maxdate=$(date -d '366 day 00:00:00' +%s)
     theirexpire=$(date -d "${KEYEXPIRE} 00:00:00" +%s)
     if [ ${theirexpire} -gt ${maxdate} ]; then
         log "Key expiry ${KEYEXPIRE} wrong"
@@ -272,7 +271,9 @@ for file in ${KEYS}; do
 
     # Right. At this point everything should be in order, which means we should put the key into
     # the keyring
-    log "Accepting key ${KEYID} for ${ARCH} buildd ${BUILDD}, expire ${KEYEXPIRE}"
+    KEYSUBMITTER=$(cat "${GPGSTATUS}"|grep GOODSIG)
+    KEYSUBMITTER=${KEYSUBMITTER##*GOODSIG}
+    log "${KEYSUBMITTER} added key ${KEYID} for ${ARCH} buildd ${BUILDD}, expire ${KEYEXPIRE}"
     gpg ${DEFGPGOPT} --status-fd 4 --logger-fd 5 --keyring "${ARCHKEYRING}" --import "${GPGOUTF}" 2>/dev/null
 
     mv "${INCOMING}/${file}" "${base}/${ARCH}"