From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1037143-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 1FFFE138334
	for <garchives@archives.gentoo.org>; Tue, 17 Jul 2018 22:13:21 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 24770E0B20;
	Tue, 17 Jul 2018 22:13:20 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E9338E0B20
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Jul 2018 22:13:19 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 4CF5E335C7A
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Jul 2018 22:13:18 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 34124370
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Jul 2018 22:13:16 +0000 (UTC)
From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" <mgorny@gentoo.org>
Message-ID: <1531865589.e3117dda8d6e68ddc312298c0ffd2debacf9021a.mgorny@gentoo>
Subject: [gentoo-commits] proj/qa-scripts:master commit in: /
X-VCS-Repository: proj/qa-scripts
X-VCS-Files: create-dev-keyrings.bash
X-VCS-Directories: /
X-VCS-Committer: mgorny
X-VCS-Committer-Name: Michał Górny
X-VCS-Revision: e3117dda8d6e68ddc312298c0ffd2debacf9021a
X-VCS-Branch: master
Date: Tue, 17 Jul 2018 22:13:16 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: b6f6190b-e68e-4d65-95d9-5b6d32eab234
X-Archives-Hash: 8afa98b3fd7fd00124782e16b616a022

commit:     e3117dda8d6e68ddc312298c0ffd2debacf9021a
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 17 22:12:51 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue Jul 17 22:13:09 2018 +0000
URL:        https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=e3117dda

Add a script to fetch OpenPGP keys

 create-dev-keyrings.bash | 61 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash
new file mode 100755
index 0000000..ea31587
--- /dev/null
+++ b/create-dev-keyrings.bash
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+OUTPUT_DIR=${1:-.}
+
+COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active))'
+NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))'
+RETIRED_RULE='(!(gentooStatus=active))'
+
+# grab_ldap_fingerprints <ldap-rule>
+grab_ldap_fingerprints() {
+	ldapsearch "${1}" -Z gpgfingerprint -LLL |
+		sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}' |
+		sort -u |
+		grep -v undefined
+}
+
+# grab_keys <fingerprint>...
+grab_keys() {
+	local retries=0
+	local missing=()
+	local remaining=( "${@}" )
+
+	while :; do
+		gpg -q --recv-keys "${remaining[@]}" || :
+		missing=()
+		for key in "${remaining[@]}"; do
+			gpg --list-public "${key}" &>/dev/null || missing+=( "${key}" )
+		done
+
+		[[ ${#missing[@]} -ne 0 ]] || break
+
+		# if we did not make progress, give it a few seconds and retry
+		if [[ ${#missing[@]} -eq ${#remaining[@]} ]]; then
+			if [[ $(( retries++ )) -gt 3 ]]; then
+				echo "Unable to fetch the following keys:"
+				printf '%s\n' "${missing[@]}"
+				exit 1
+			fi
+			sleep 5
+		fi
+
+		remaining=( "${missing[@]}" )
+	done
+}
+
+set -e
+
+COMMITTING_DEVS=( $(grab_ldap_fingerprints "${COMMIT_RULE}") )
+NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints "${NONCOMMIT_RULE}") )
+#RETIRED_DEVS=( $(grab_ldap_fingerprints "${RETIRED_RULE}") )
+
+export GNUPGHOME=$(mktemp -d)
+trap 'rm -rf "${GNUPGHOME}"' EXIT
+
+grab_keys "${COMMITTING_DEVS[@]}"
+gpg --export > "${OUTPUT_DIR}"/committing-devs.gpg
+grab_keys "${NONCOMMITTING_DEVS[@]}"
+gpg --export > "${OUTPUT_DIR}"/active-devs.gpg
+# -- not all are on keyservers
+#grab_keys "${RETIRED_DEVS[@]}"
+#gpg --export > "${OUTPUT_DIR}"/all-devs.gpg