Add GPG management scripts

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2018-08-17 11:52:10 +02:00 · 2018-08-17 11:52:10 +02:00 · 92e66d42e0
commit 92e66d42e0
parent 3b2005f0aa
2 changed files with 41 additions and 0 deletions
--- a/bin/cleanup_gpg
+++ b/bin/cleanup_gpg
@ -0,0 +1,21 @@
+#!/bin/bash
+set -euo pipefail
+
+function echo_check() {
+	echo -n "$1: "
+	shift
+	$@ >/dev/null 2>&1 && echo "OK" || echo "FAIL (Command: $@)"
+}
+
+# Remove expired and revoked keys
+for key in $(gpg2 --list-keys --with-colons | awk -F : '/^pub:[er]/{ print $5 }'); do
+	echo_check "Removing key ${key}" gpg2 --batch --quiet --delete-keys --yes ${key}
+done
+
+# Cleanup remaining keys
+for key in $(gpg2 --list-keys --with-colons | awk -F : '/^pub:[^er]/{ print $5 }'); do
+	echo_check "Cleaning key ${key}" gpg2 --batch --quiet --edit-key ${key} check clean cross-certify save quit
+done
+
+# Update keys
+echo_check "Updating keys" gpg2 --batch --quiet --refresh-keys
--- a/bin/list_gpg_trust
+++ b/bin/list_gpg_trust
@ -0,0 +1,20 @@
+#!/bin/bash
+set -euo pipefail
+
+trustmap=(
+	"unused"
+	"unused"
+	"I don't know or won't say"
+	"I do NOT trust"
+	"I trust marginally"
+	"I trust fully"
+	"I trust ultimately"
+)
+
+for trust in $(gpg --export-ownertrust | grep '^[^#]'); do
+	fp=$(echo "${trust}" | cut -d : -f 1)
+	score=$(echo "${trust}" | cut -d : -f 2)
+
+	echo "# $(gpg --list-keys "${fp}" 2>/dev/null | grep ^uid | head -n1 | sed -E 's/^uid\s+\[[a-z ]+\] //' || echo "Key / UID not found") (${trustmap[score]})"
+	echo "${trust}"
+done