create-dev-keyrings.bash: push keys back to keys.gentoo.org

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
author: Robin H. Johnson <robbat2@gentoo.org> 2019-04-08 22:22:31 -0700
committer: Robin H. Johnson <robbat2@gentoo.org> 2019-04-08 22:22:31 -0700
commit: ba4f3b35b91889df2508a203d70d204151f1bd6f (patch)
tree: 36b53c8d6111a1ce1a01ed9969f17a44dc16d304
parent: create-dev-keyrings: try keys.gentoo.org as well (diff)
download: qa-scripts-ba4f3b35.tar.gz
qa-scripts-ba4f3b35.tar.bz2
qa-scripts-ba4f3b35.zip
1 files changed, 18 insertions, 5 deletions
diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash
index 8e581b4..704e409 100755
--- a/create-dev-keyrings.bash
+++ b/create-dev-keyrings.bash
@@ -9,6 +9,10 @@ COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active
 NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))'
 RETIRED_RULE='(!(gentooStatus=active))'
 
+# this needs to move to HKPS as well, but that part is not yet deployed.
+KS_GENTOO=hkp://keys.gentoo.org/
+KS_SKS=hkps://hkps.pool.sks-keyservers.net/
+
 GPG_TMPDIR=$(mktemp -d)
 clean_tmp() {
 	rm -rf "$GPG_TMPDIR"
@@ -28,12 +32,9 @@ grab_keys() {
 	local missing=()
 	local remaining=( "${@}" )
 
-	# this needs to move to HKPS as well, but that part is not yet deployed.
-	KS1=hkp://keys.gentoo.org/
-	KS2=hkps://hkps.pool.sks-keyservers.net/
 	while :; do
-		timeout 5m  gpg --keyserver $KS1 -q --recv-keys "${remaining[@]}" || :
-		timeout 20m gpg --keyserver $KS2 -q --recv-keys "${remaining[@]}" || :
+		timeout 5m  gpg --keyserver $KS_GENTOO -q --recv-keys "${remaining[@]}" || :
+		timeout 20m gpg --keyserver $KS_SKS -q --recv-keys "${remaining[@]}" || :
 		missing=()
 		for key in "${remaining[@]}"; do
 			gpg --list-public "${key}" &>/dev/null || missing+=( "${key}" )
@@ -55,6 +56,12 @@ grab_keys() {
 	done
 }
 
+# push_keys <fingerprint>...
+push_keys() {
+	timeout 5m  gpg --keyserver $KS_GENTOO -q --send-keys "${remaining[@]}" || :
+	#timeout 5m  gpg --keyserver $KS_SKS -q --send-keys "${remaining[@]}" || :
+}
+
 export_keys() {
 	DST="$1"
 	TMP="${GPG_TMPDIR}"/$(basename "${DST}")
@@ -105,3 +112,9 @@ export_keys "${OUTPUT_DIR}"/all-devs.gpg \
 	"${COMMITTING_DEVS[@]}" \
 	"${NONCOMMITTING_DEVS[@]}" \
 	"${RETIRED_DEVS[@]}"
+
+# Populate keys.gentoo.org with the keys we have, since they might have come from SKS
+push_keys "${SYSTEM_KEYS[@]}"
+push_keys "${COMMITTING_DEVS[@]}"
+push_keys "${NONCOMMITTING_DEVS[@]}"
+push_keys "${RETIRED_DEVS[@]}"
author	Robin H. Johnson <robbat2@gentoo.org>	2019-04-08 22:22:31 -0700
committer	Robin H. Johnson <robbat2@gentoo.org>	2019-04-08 22:22:31 -0700
commit	ba4f3b35b91889df2508a203d70d204151f1bd6f (patch)
tree	36b53c8d6111a1ce1a01ed9969f17a44dc16d304
parent	create-dev-keyrings: try keys.gentoo.org as well (diff)
download	qa-scripts-ba4f3b35.tar.gz qa-scripts-ba4f3b35.tar.bz2 qa-scripts-ba4f3b35.zip