From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6753B138334 for ; Sat, 21 Jul 2018 18:57:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 77A5EE07FE; Sat, 21 Jul 2018 18:57:01 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 47731E07FE for ; Sat, 21 Jul 2018 18:57:01 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BC5F7335D28 for ; Sat, 21 Jul 2018 18:56:59 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id F2209361 for ; Sat, 21 Jul 2018 18:56:57 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1532199401.2e128d0ac18528149eabdb5d96114de480971abd.mgorny@gentoo> Subject: [gentoo-commits] proj/qa-scripts:master commit in: / X-VCS-Repository: proj/qa-scripts X-VCS-Files: create-dev-keyrings.bash X-VCS-Directories: / X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 2e128d0ac18528149eabdb5d96114de480971abd X-VCS-Branch: master Date: Sat, 21 Jul 2018 18:56:57 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: d4669d25-684f-4c60-ac92-93936caf68c3 X-Archives-Hash: 708bda49766ed97e4f9bdb4a1aba489c commit: 2e128d0ac18528149eabdb5d96114de480971abd Author: Michał Górny gentoo org> AuthorDate: Sat Jul 21 18:56:41 2018 +0000 Commit: Michał Górny gentoo org> CommitDate: Sat Jul 21 18:56:41 2018 +0000 URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=2e128d0a create-dev-keyrings: Include separate group for system users create-dev-keyrings.bash | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash index 9190004..17bdfd4 100755 --- a/create-dev-keyrings.bash +++ b/create-dev-keyrings.bash @@ -2,13 +2,16 @@ OUTPUT_DIR=${1:-.} +DEV_BASE='ou=devs,dc=gentoo,dc=org' +SYSTEM_BASE='ou=system,dc=gentoo,dc=org' + COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active))' NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))' RETIRED_RULE='(!(gentooStatus=active))' # grab_ldap_fingerprints grab_ldap_fingerprints() { - ldapsearch "${1}" -Z gpgfingerprint -LLL | + ldapsearch "${@}" -Z gpgfingerprint -LLL | sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}' | sort -u | grep -v undefined @@ -45,13 +48,15 @@ grab_keys() { set -e -COMMITTING_DEVS=( $(grab_ldap_fingerprints "${COMMIT_RULE}") ) -NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints "${NONCOMMIT_RULE}") ) -#RETIRED_DEVS=( $(grab_ldap_fingerprints "${RETIRED_RULE}") ) +COMMITTING_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${COMMIT_RULE}") ) +NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${NONCOMMIT_RULE}") ) +#RETIRED_DEVS=( $(grab_ldap_fingerprints -b "${DEV_BASE}" "${RETIRED_RULE}") ) +SYSTEM_KEYS=( $(grab_ldap_fingerprints -b "${SYSTEM_BASE}" "${NONCOMMIT_RULE}") ) -grab_keys "${COMMITTING_DEVS[@]}" "${NONCOMMITTING_DEVS[@]}" +grab_keys "${COMMITTING_DEVS[@]}" "${NONCOMMITTING_DEVS[@]}" "${SYSTEM_KEYS[@]}" gpg --export "${COMMITTING_DEVS[@]}" > "${OUTPUT_DIR}"/committing-devs.gpg gpg --export "${COMMITTING_DEVS[@]}" "${NONCOMMITTING_DEVS[@]}" > "${OUTPUT_DIR}"/active-devs.gpg +gpg --export "${SYSTEM_KEYS[@]}" > "${OUTPUT_DIR}"/release-keys.gpg # -- not all are on keyservers #grab_keys "${RETIRED_DEVS[@]}" #gpg --export > "${OUTPUT_DIR}"/all-devs.gpg