From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 179B11581D3 for ; Sun, 19 May 2024 17:28:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CA13DE29FE; Sun, 19 May 2024 17:28:51 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9B802E29FB for ; Sun, 19 May 2024 17:28:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9B70F33BE26 for ; Sun, 19 May 2024 17:28:50 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 05B99132F for ; Sun, 19 May 2024 17:28:49 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <1716139534.4eb498510530c9717576144ce80800310f070e35.robbat2@gentoo> Subject: [gentoo-commits] proj/qa-scripts:master commit in: / X-VCS-Repository: proj/qa-scripts X-VCS-Files: create-dev-keyrings.bash X-VCS-Directories: / X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: 4eb498510530c9717576144ce80800310f070e35 X-VCS-Branch: master Date: Sun, 19 May 2024 17:28:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 47596ba1-f1c2-4ee5-af63-d9404965f482 X-Archives-Hash: 7fb82cfdaec5f025d0e25b02114db9bf commit: 4eb498510530c9717576144ce80800310f070e35 Author: Robin H. Johnson gentoo org> AuthorDate: Sun May 19 17:25:34 2024 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Sun May 19 17:25:34 2024 +0000 URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=4eb49851 create-dev-keyrings.bash: this was split into other scripts and not used since 2019 >From infra crontabs in 2019 (public SKS was since removed): ``` -# regen dev keyrings every hour (we want to catch revocations early on) -0 * * * * gqa /usr/bin/nice /usr/local/bin/pidlock ${REPO}/create-dev-keyrings.bash ${OUTPUTDIR} +# regen keyrings +# Fetch from SKS, push to keys.g.o +0 * * * * gqa /usr/bin/nice /usr/local/bin/pidlock ${REPO}/keyrings-recv-sks.bash ; /usr/local/bin/pidlock ${REPO}/keyrings-send-keys.gentoo.org.bash +# Fetch from keys.g.o & export to keyring files +*/10 * * * * gqa /usr/bin/nice /usr/local/bin/pidlock ${REPO}/keyrings-recv-keys.gentoo.org.bash ; /usr/bin/nice /usr/local/bin/pidlock ${REPO}/keyrings-export.bash ${OUTPUTDIR} ``` Signed-off-by: Robin H. Johnson gentoo.org> create-dev-keyrings.bash | 60 ------------------------------------------------ 1 file changed, 60 deletions(-) diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash deleted file mode 100755 index 3ab1b58..0000000 --- a/create-dev-keyrings.bash +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Import key updates from Keyservers -# -# TODO: -# - Turn off export in this script - -OUTPUT_DIR=${1:-.} -BASEDIR="$(dirname "$0")" -source "${BASEDIR}"/keyrings.inc.bash - -set -e -export_ldap_data_to_env - -export KEYSERVERS=( "${KS_SKS}" "${KS_OPENPGP}" "${KS_GENTOO}" ) -export KEYSERVER_TIMEOUT=20m - -grab_keys "${SYSTEM_KEYS[@]}" -export_keys "${OUTPUT_DIR}"/service-keys.gpg \ - "${SYSTEM_KEYS[@]}" - -grab_keys "${INFRA_SYSTEM_KEYS[@]}" -export_keys "${OUTPUT_DIR}"/infra-service-keys.gpg \ - "${INFRA_SYSTEM_KEYS[@]}" - -grab_keys "${COMMITTING_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/committing-devs.gpg \ - "${COMMITTING_DEVS[@]}" - -grab_keys "${NONCOMMITTING_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/active-devs.gpg \ - "${COMMITTING_DEVS[@]}" \ - "${NONCOMMITTING_DEVS[@]}" - -grab_keys "${INFRA_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/infra-devs.gpg \ - "${INFRA_DEVS[@]}" - -# -- not all are on keyservers -# -- and are unlikely to turn up now -# -- this needs to fetch from some archive instead -#grab_keys "${RETIRED_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/retired-devs.gpg \ - "${RETIRED_DEVS[@]}" - -# Everybody together now -export_keys "${OUTPUT_DIR}"/all-devs.gpg \ - "${SYSTEM_KEYS[@]}" \ - "${COMMITTING_DEVS[@]}" \ - "${NONCOMMITTING_DEVS[@]}" \ - "${INFRA_DEVS[@]}" \ - "${RETIRED_DEVS[@]}" - -# Populate keys.gentoo.org with the keys we have, since they might have come from SKS -export KEYSERVERS=( "${KS_GENTOO}" ) -export KEYSERVER_TIMEOUT=20m -push_keys "${SYSTEM_KEYS[@]}" -push_keys "${COMMITTING_DEVS[@]}" -push_keys "${NONCOMMITTING_DEVS[@]}" -push_keys "${INFRA_DEVS[@]}" -push_keys "${RETIRED_DEVS[@]}"