Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
KEYS.md: add former developers' PGP keys
Added the public keys used by former developers jreese and dhx to sign release tags, as well as an old key of vboctor. Issue #22269 For future reference, here are the steps and commands used to automate the process of identifying the missing keys and adding them, as I really didn't want to manually check all 182 tags in he repository. 1. Find all annotated tags ``` git for-each-ref --format="%(objecttype) %(refname:short)" refs/tags | grep ^tag |cut -d" " -f2| sort -V >/tmp/annotated-tags ``` 2. Get all signed tags (removing annotated tags without signature), with GPG verification data on a single line ``` cat /tmp/annotated-tags | xargs -n1 -I TAG bash -c 'echo "TAG $(git verify-tag TAG |& paste -s)"' | grep -v "error: no signature found" >/tmp/signed-tags-data ``` 3. Identify the missing keys from the tags for which the signature could not be checked (i.e. excluding those for which we already have a public key). The command prints the number of identified keys. ``` cat /tmp/signed-tags-data | sed -rn "/gpg: Can't check signature/s/^.*using \w+ key (\w+).*$/\1/p" | sort -u |tee /tmp/missing-keys |wc -l ``` 4. Retrieve the missing keys from keyserver. The command should import the same number of keys as identified at step 3. ``` cat /tmp/missing-keys |cut -d" " -f1 |xargs gpg --receive-keys ``` 5. Review, sign and trust the newly added keys. ``` cat /tmp/missing-keys |cut -d" " -f1 |xargs -n1 gpg --sign-key ``` 6. Verify that we have successfully added all the necessary keys: the following command should return an empty list. ``` cat /tmp/signed-tags-data |cut -d" " -f1 | xargs -n1 -I TAG bash -c 'echo "TAG $(git verify-tag TAG |& paste -s)"' | grep -v "Good signature" ```
- Loading branch information
Showing
1 changed file
with
273 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters