summaryrefslogtreecommitdiff
path: root/global/post-tasks.d/015cosmos-trust
blob: 5c3359b1e3e7deb1a5b985241370fbaf04b8feb1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

#!/bin/sh

if [ -z "$COSMOS_KEYS" ]; then
   COSMOS_KEYS=/etc/cosmos/keys
fi

# Install new keys discovered in the $COSMOS_KEYS directory
for k in $COSMOS_KEYS/*.pub; do
   fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
   # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
   cosmos gpg --with-colons --fingerprint | grep -v "^pub:e:" | grep -q ":$fp:" || cosmos gpg --import < $k
done

# Delete keys no longer present in $COSMOS_KEYS directory
for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5 }'`; do
   seen="no"
   for k in $COSMOS_KEYS/*.pub; do
      cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
   done
   if [ "x$seen" = "xno" ]; then
      cosmos gpg --yes --batch --delete-key $fp || true
   fi
done
generated by cgit v1.1 at 2024-10-09 23:32:01 +0000