diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2024-05-19 10:25:34 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2024-05-19 10:25:34 -0700 |
| commit | 4eb498510530c9717576144ce80800310f070e35 (patch) | |
| tree | 8225af29ecb3ef4bc3552dc12f6daff6832b664c | |
| parent | Makefile.gpyutils, htdocs/index.html: add 3.11->3.12 stable reports (diff) | |
| download | qa-scripts-4eb498510530c9717576144ce80800310f070e35.tar.gz qa-scripts-4eb498510530c9717576144ce80800310f070e35.tar.bz2 qa-scripts-4eb498510530c9717576144ce80800310f070e35.zip | |
create-dev-keyrings.bash: this was split into other scripts and not used since 2019
From infra crontabs in 2019 (public SKS was since removed):
```
-# regen dev keyrings every hour (we want to catch revocations early on)
-0 * * * * gqa /usr/bin/nice /usr/local/bin/pidlock ${REPO}/create-dev-keyrings.bash ${OUTPUTDIR}
+# regen keyrings
+# Fetch from SKS, push to keys.g.o
+0 * * * * gqa /usr/bin/nice /usr/local/bin/pidlock ${REPO}/keyrings-recv-sks.bash ; /usr/local/bin/pidlock ${REPO}/keyrings-send-keys.gentoo.org.bash
+# Fetch from keys.g.o & export to keyring files
+*/10 * * * * gqa /usr/bin/nice /usr/local/bin/pidlock ${REPO}/keyrings-recv-keys.gentoo.org.bash ; /usr/bin/nice /usr/local/bin/pidlock ${REPO}/keyrings-export.bash ${OUTPUTDIR}
```
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rwxr-xr-x | create-dev-keyrings.bash | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash deleted file mode 100755 index 3ab1b58..0000000 --- a/create-dev-keyrings.bash +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Import key updates from Keyservers -# -# TODO: -# - Turn off export in this script - -OUTPUT_DIR=${1:-.} -BASEDIR="$(dirname "$0")" -source "${BASEDIR}"/keyrings.inc.bash - -set -e -export_ldap_data_to_env - -export KEYSERVERS=( "${KS_SKS}" "${KS_OPENPGP}" "${KS_GENTOO}" ) -export KEYSERVER_TIMEOUT=20m - -grab_keys "${SYSTEM_KEYS[@]}" -export_keys "${OUTPUT_DIR}"/service-keys.gpg \ - "${SYSTEM_KEYS[@]}" - -grab_keys "${INFRA_SYSTEM_KEYS[@]}" -export_keys "${OUTPUT_DIR}"/infra-service-keys.gpg \ - "${INFRA_SYSTEM_KEYS[@]}" - -grab_keys "${COMMITTING_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/committing-devs.gpg \ - "${COMMITTING_DEVS[@]}" - -grab_keys "${NONCOMMITTING_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/active-devs.gpg \ - "${COMMITTING_DEVS[@]}" \ - "${NONCOMMITTING_DEVS[@]}" - -grab_keys "${INFRA_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/infra-devs.gpg \ - "${INFRA_DEVS[@]}" - -# -- not all are on keyservers -# -- and are unlikely to turn up now -# -- this needs to fetch from some archive instead -#grab_keys "${RETIRED_DEVS[@]}" -export_keys "${OUTPUT_DIR}"/retired-devs.gpg \ - "${RETIRED_DEVS[@]}" - -# Everybody together now -export_keys "${OUTPUT_DIR}"/all-devs.gpg \ - "${SYSTEM_KEYS[@]}" \ - "${COMMITTING_DEVS[@]}" \ - "${NONCOMMITTING_DEVS[@]}" \ - "${INFRA_DEVS[@]}" \ - "${RETIRED_DEVS[@]}" - -# Populate keys.gentoo.org with the keys we have, since they might have come from SKS -export KEYSERVERS=( "${KS_GENTOO}" ) -export KEYSERVER_TIMEOUT=20m -push_keys "${SYSTEM_KEYS[@]}" -push_keys "${COMMITTING_DEVS[@]}" -push_keys "${NONCOMMITTING_DEVS[@]}" -push_keys "${INFRA_DEVS[@]}" -push_keys "${RETIRED_DEVS[@]}" |