fi
fi
-gpg_keys=$(pass ls Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2)
-for key in $gpg_keys; do
- content=$(pass show Nixops/GPGKeys/$key)
- fpr=$(echo "$content" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5)
+for key in public_keys/*; do
+ fpr=$(cat "$key" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5)
gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no
# /usr/share/doc/gnupg/DETAILS field 2
- (echo "$content" | gpg --import-options show-only --import --with-colons |
+ (cat "$key" | gpg --import-options show-only --import --with-colons |
grep -E '^pub:' |
cut -d':' -f2 |
grep -q '[fu]') && signed=yes || signed=no
if [ "$signed" = no -o "$imported" = no ] ; then
echo "The key for $key needs to be imported and signed (a local signature is enough)"
- echo "$content" | gpg --import-options show-only --import
+ cat "$key" | gpg --import-options show-only --import
echo "Continue? [y/N]"
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
- echo "$content" | gpg --import
+ cat "$key" | gpg --import
gpg --expert --edit-key "$fpr" lsign quit
else
echo "Aborting"