59 lines
2.0 KiB
Bash
Executable File
59 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
|
|
|
prog=$( basename $0 .bash )
|
|
PREFIX=/usr/local
|
|
ROLE=base
|
|
. /usr/local/bin/usr_local_tput.bash || exit 1
|
|
|
|
# The idea here is to run ansible_local.bash --tags daily
|
|
# and then use this to do the parsing and throwing errors based on the output.
|
|
# This was the ansible run can be free from erroring and this can be
|
|
# run repeatedly anytime outside of ansible to deal with the issues raised.
|
|
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
|
|
|
|
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
|
|
|
|
. /usr/local/etc/local.d/local.bash
|
|
|
|
MYID=$( id -u )
|
|
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
|
|
LOG_DIR=/usr/local/tmp
|
|
|
|
[ -d /etc/portage/gnupg ] || exit 0
|
|
|
|
KEY_ID=96D8BF6D
|
|
KEY_SER=subkeys.pgp.net
|
|
GPG="gpg --home /etc/portage/gnupg"
|
|
|
|
# * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
|
|
# * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
|
|
|
|
if route | grep ^def ; then
|
|
[ -f /usr/local/bin/base_daily.gpg ] || \
|
|
/usr/local/bin/scurl.bash --output /usr/local/bin/base_daily.gpg \
|
|
https://qa-reports.gentoo.org/output/service-keys.gpg || \
|
|
exit 2$?
|
|
fi
|
|
|
|
if [ -f /usr/local/bin/base_daily.gpg ] ; then
|
|
: trusted
|
|
# expired keys pass this
|
|
if $GPG --list-keys --with-colons |grep $KEY_ID |grep :f: ; then
|
|
: full trust?
|
|
elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep unknown ; then
|
|
expect /usr/local/bin/base_daily.exp || exit 4$?
|
|
elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep trust ; then
|
|
: this format does not exist
|
|
else
|
|
PANIC 3 $GPG --list-keys $KEY_ID not trusted
|
|
fi
|
|
else
|
|
gpg --homedir /etc/portage/gnupg --keyserver $KEY_SER --recv-keys 0x$KEY_ID
|
|
expect /usr/local/bin/base_daily.exp || exit 5$?
|
|
# was gpg --homedir /etc/portage/gnupg --edit-key 0x$KEY_ID trust || exit 6
|
|
fi
|
|
|
|
ls -ld /etc/portage/gnupg | grep -q drwx------ || chmod 700 /etc/portage/gnupg
|