#!/bin/bash # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- prog=$( basename $0 .bash ) PREFIX=/usr/local ROLE=base . /usr/local/bin/usr_local_tput.bash || exit 1 # The idea here is to run ansible_local.bash --tags daily # and then use this to do the parsing and throwing errors based on the output. # This was the ansible run can be free from erroring and this can be # run repeatedly anytime outside of ansible to deal with the issues raised. # It is also run at the end of ansible_local.bash --tags daily to raise the issues. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash . /usr/local/etc/local.d/local.bash MYID=$( id -u ) [ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; } LOG_DIR=/usr/local/tmp [ -d /etc/portage/gnupg ] || exit 0 KEY_ID=96D8BF6D KEY_SER=subkeys.pgp.net GPG="gpg --home /etc/portage/gnupg" # * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D # * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 if route | grep ^def ; then [ -f /usr/local/bin/base_daily.gpg ] || \ /usr/local/bin/scurl.bash --output /usr/local/bin/base_daily.gpg \ https://qa-reports.gentoo.org/output/service-keys.gpg || \ exit 2$? fi if [ -f /usr/local/bin/base_daily.gpg ] ; then : trusted # expired keys pass this if $GPG --list-keys --with-colons |grep $KEY_ID |grep :f: ; then : full trust? elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep unknown ; then expect /usr/local/bin/base_daily.exp || exit 4$? elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep trust ; then : this format does not exist else PANIC 3 $GPG --list-keys $KEY_ID not trusted fi else gpg --homedir /etc/portage/gnupg --keyserver $KEY_SER --recv-keys 0x$KEY_ID expect /usr/local/bin/base_daily.exp || exit 5$? # was gpg --homedir /etc/portage/gnupg --edit-key 0x$KEY_ID trust || exit 6 fi ls -ld /etc/portage/gnupg | grep -q drwx------ || chmod 700 /etc/portage/gnupg