From 92e66d42e00ae12a8ec5a335b01dac93a15fcec1 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Fri, 17 Aug 2018 11:52:10 +0200 Subject: [PATCH] Add GPG management scripts Signed-off-by: Knut Ahlers --- bin/cleanup_gpg | 21 +++++++++++++++++++++ bin/list_gpg_trust | 20 ++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100755 bin/cleanup_gpg create mode 100755 bin/list_gpg_trust diff --git a/bin/cleanup_gpg b/bin/cleanup_gpg new file mode 100755 index 0000000..f38c918 --- /dev/null +++ b/bin/cleanup_gpg @@ -0,0 +1,21 @@ +#!/bin/bash +set -euo pipefail + +function echo_check() { + echo -n "$1: " + shift + $@ >/dev/null 2>&1 && echo "OK" || echo "FAIL (Command: $@)" +} + +# Remove expired and revoked keys +for key in $(gpg2 --list-keys --with-colons | awk -F : '/^pub:[er]/{ print $5 }'); do + echo_check "Removing key ${key}" gpg2 --batch --quiet --delete-keys --yes ${key} +done + +# Cleanup remaining keys +for key in $(gpg2 --list-keys --with-colons | awk -F : '/^pub:[^er]/{ print $5 }'); do + echo_check "Cleaning key ${key}" gpg2 --batch --quiet --edit-key ${key} check clean cross-certify save quit +done + +# Update keys +echo_check "Updating keys" gpg2 --batch --quiet --refresh-keys diff --git a/bin/list_gpg_trust b/bin/list_gpg_trust new file mode 100755 index 0000000..9045733 --- /dev/null +++ b/bin/list_gpg_trust @@ -0,0 +1,20 @@ +#!/bin/bash +set -euo pipefail + +trustmap=( + "unused" + "unused" + "I don't know or won't say" + "I do NOT trust" + "I trust marginally" + "I trust fully" + "I trust ultimately" +) + +for trust in $(gpg --export-ownertrust | grep '^[^#]'); do + fp=$(echo "${trust}" | cut -d : -f 1) + score=$(echo "${trust}" | cut -d : -f 2) + + echo "# $(gpg --list-keys "${fp}" 2>/dev/null | grep ^uid | head -n1 | sed -E 's/^uid\s+\[[a-z ]+\] //' || echo "Key / UID not found") (${trustmap[score]})" + echo "${trust}" +done