summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* autosign.bash: silence rename attempts•••For example, to-send.txt may not exist if there was no work to be done. Fixes: dfa00dc31c2838e8bf89030d4b6df3c531bb5457 Signed-off-by: Sam James <sam@gentoo.org> HEADmasterSam James8 hours1-1/+1
* autosign.bash: rename intermediate/output files at startup•••This makes it easier to debug later rather than possibly having some stale files mixed from previous runs. Signed-off-by: Sam James <sam@gentoo.org> Sam James4 days1-0/+8
* Abort if revoking too many keys at once•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny4 days1-2/+7
* autosign.bash: use pipestatus for openpgp-key-upload•••Signed-off-by: Sam James <sam@gentoo.org> Sam James14 days1-1/+2
* autosign.bash: fix openpgp-key-upload invocation•••Fixes: 9954a7ac1b6f3f424fe73f123f81e5b315373db6 Signed-off-by: Sam James <sam@gentoo.org> Sam James14 days1-1/+1
* autosign.bash: use /usr/local/bin/openpgp-key-upload if available•••/usr/local/bin/openpgp-key-upload will send to all known Gentoo keyservers rather than the roundrobin. The synchronisation proves brittle so let's be careful and use what we tell devs to do. Signed-off-by: Sam James <sam@gentoo.org> Sam James14 days1-4/+17
* autosign.bash: preserve $? in die•••Signed-off-by: Sam James <sam@gentoo.org> Sam James14 days1-1/+8
* autosign.bash: import gentoo-auth.asc from system's sec-keys/openpgp-keys-gen...•••Use sec-keys/openpgp-keys-gentoo-auth's /usr/share/openpgp-keys/gentoo-auth.asc to refresh our authority key: ``` $ gpg --list-secret-keys ... sec rsa2048 2019-04-01 [C] [expired: 2026-07-01] ``` Signed-off-by: Sam James <sam@gentoo.org> Sam James14 days1-0/+4
* autosign.bash: add TODO for --command-fd + --status-fd to replace expect•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-0/+1
* autosign.bash: add TODO for configurable sanity check threshold on revocations•••I was going to implement this but with the error handling now, I am curious as to if it can happen. Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-0/+2
* autosign.bash: drop --batch from --check-trustdb•••With --batch, gpg will print the notice even with -q. Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-1/+2
* autosign.bash: fix error handling•••One needs to use `wait` with read+procsubs (while read < <(...)), it turns out. Interestingly, https://old.reddit.com/r/bash/comments/m3eh2c/how_to_add_error_handling_to_a_while_loop/ even uses ldap too! Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-2/+2
* autosign.bash: always pass `--batch` to gpg where possible•••.. except for where we use `expect`. Per gpg(1): > It is highly recommended to use this option along with the options --status-fd > and --with-colons for any unattended use of gpg. Should not be used in an option file. Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-6/+7
* .gitignore: add more entries (from 'make clean')•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-0/+2
* .gitignore: ignore files created by `make check`•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-0/+2
* autosign.bash: 'exited w/' for $?•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-5/+5
* autosign.bash: $? needs quoting, duh•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-2/+2
* autosign.bash: drop semi-useless `die` to avoid mangling exit code•••We want pipestatus to see the real one to surface in an error message, so don't use `die` prematurely where it can't result in exit (because subshell, as we're not in an ebuild). Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-3/+2
* autosign.bash: handle gpg failure w/ pipestatus in get_signed_keys, refresh_keys•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-2/+4
* autosign.bash: use pipestatus more with pipelines•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-2/+4
* autosign.bash: handle failed ldapsearch•••I'd observed this back in https://github.com/gentoo/gentoo-authority-key/pull/4#issuecomment-2959920943 but didn't follow up on it as it seemed to be okay, but given we had an issue where some (but not all dev keys) got revoked by the script, let's be careful. Check ${PIPESTATUS} (via the eapi9-pipestatus.eclass impl) after ldapsearch in a subshell and exit if it failed. ldapsearch(1) says: > DIAGNOSTICS > Exit status is zero if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error. so it should be OK. Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-0/+18
* autosign.bash: move comment char•••Signed-off-by: Sam James <sam@gentoo.org> Sam James2026-01-271-1/+1
* autosign.bash: add sanity check to not revoke all keys w/ bad LDAP connectivity•••Followup to b3522cd57c12b2a1cf2b750a9dc18b0ff5a40f2a. Add a sanity check so we don't revoke every key we've signed in the case that our LDAP query fails and gives no results. Set AUTOSIGN_ALLOW_EMPTY_LDAP to override this. Signed-off-by: Sam James <sam@gentoo.org> Sam James2025-06-101-0/+8
* autosign.bash: pass --force-sign-key in sign_key•••We had an infra incident where TLS certificates didn't get refreshed and then the LDAP call returned nothing (so all keys had their signatures revoked). But even once that was fixed, gpg wouldn't actually add a new signature -- I think because the expiry time ended up being the same as the one added earlier. Per gpg's docs, we want --force-sign-key to update notation data. For a bit more detail: gpg gave "Nothing to sign with key", and it turns out that is controlled by: /* Fixme: see whether there is a revocation in which * case we should allow signing it again. */ if (!node->pkt->pkt.signature->flags.exportable && local) tty_fprintf ( fp, _("\"%s\" was already locally signed by key %s\n"), user, keystr_from_pk (pk)); else tty_fprintf (fp, _("\"%s\" was already signed by key %s\n"), user, keystr_from_pk (pk)); if (opt.flags.force_sign_key || (opt.expert && !quick && cpr_get_answer_is_yes ("sign_uid.dupe_okay", _("Do you want to sign it " "again anyway? (y/N) ")))) Note the extremely relevant FIXME. Signed-off-by: Sam James <sam@gentoo.org> Sam James2025-06-101-0/+1
* Support overriding the filter expression•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-08-191-1/+1
* Add external timeout to revocation•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2020-09-101-3/+1
* Make sure to kill old agent on startup•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2020-09-071-0/+3
* Add a timeout for revsig output•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2020-09-031-0/+2
* Fix hang on expired signatures•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2020-09-031-0/+2
* Fix sending expired keysMichał Górny2019-05-121-1/+1
* Fix recognizing dev UIDs to be case-insensitiveMichał Górny2019-05-011-1/+1
* make check: Avoid asking for passwordMichał Górny2019-04-141-1/+1
* Send only keys that had successful change appliedMichał Górny2019-04-141-6/+11
* Silence errors for non-existing keys•••If dev has non-existing keys in LDAP, just ignore them silently. Michał Górny2019-04-111-1/+1
* Handle UIDs case-sensitively•••Apparently Gentoo developers manage to have two UIDs that differ only by case. Michał Górny2019-04-111-1/+1
* Support running without key uploadMichał Górny2019-04-112-13/+16
* Use anonymous bind explicitlyMichał Górny2019-04-101-1/+1
* Send updates to keyserversMichał Górny2019-03-032-4/+22
* Fix signing keys with colliding revoked UIDsMichał Górny2019-03-031-2/+4
* Expire signatures after one yearMichał Górny2019-03-031-0/+1
* Add a policy URL to signaturesMichał Górny2019-03-031-1/+3
* Makefile: also clean program's temporary filesMichał Górny2019-02-261-1/+1
* Quiet trustdb checksMichał Górny2019-02-191-1/+1
* Add a Makefile with a trivial testing targetMichał Górny2019-02-191-0/+16
* Initial version of autosigning scriptMichał Górny2019-02-191-0/+194