Added kinda hacky script for migrating apt-key's deprecated keystore to /etc/apt/trusted.gpg.d/

2022-03-25 11:15:39 +01:00 · 2022-03-25 11:15:39 +01:00 · 88c937a954
parent 684f24de7a
commit 88c937a954
2 changed files with 77 additions and 0 deletions
--- a/69
+++ b/69
@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Ugly key exporter/splitter for APT's keyring
+# (c) 2022 by crt0mega
+if [ $(command -v sudo) ]; then
+	declare SU=$(command -v sudo)
+else
+	declare SU="$(command -v su) -c"
+fi
+
+if ! [ $(id -u) == 0 ]; then
+	echo "This script must be run as root."
+	$SU $0
+	exit
+fi
+
+declare KEYFILE="/etc/apt/trusted.gpg"
+declare NEWPATH="/etc/apt/trusted.gpg.d"
+declare GPG_CMD=$(command -v gpg)
+declare GPG_LIST="--keyring $KEYFILE --no-default-keyring --list-public-keys --with-colons"
+declare GPG_EXPORT="--keyring $KEYFILE --no-default-keyring --export --armor"
+
+declare i=0
+declare e=0
+
+# Get a list of all public keys
+echo "Getting list of keys from $KEYFILE ..."
+declare KEY_LIST=$($GPG_CMD $GPG_LIST | grep "pub" | cut -d: -f 5)
+
+# Export each key in an ASCII armored file
+for key in $KEY_LIST; do
+	echo "Exporting $key ..."
+	$GPG_CMD $GPG_EXPORT --output $NEWPATH/$key.asc $key
+
+	if ! [ $? == 0 ]; then
+		echo Error exporting key $key
+		((e++))
+	fi
+
+	((i++))
+done
+
+echo "$((i - e)) keys exported."
+
+if ! [ $e == 0 ]; then
+	echo "There have $e been errors. Exiting."
+	exit
+fi
+
+if [ $i == 0 ]; then
+	echo "No keys have been exported. Exiting."
+	exit
+fi
+
+read -n 1 -p "All keys have been exported. Do you wish to delete APT's deprecated keyring? (Y/N) "
+echo
+
+if [ "${REPLY^^}" == "Y" ]; then
+	rm $KEYFILE
+fi
+
+read -n 1 -p "APT needs to be refreshed. Run apt-get update now? (Y/N) "
+echo
+
+if [ "${REPLY^^}" == "Y" ]; then
+	apt-get update
+fi
+
+echo "Finished." 
--- a/debian/readme.md
+++ b/debian/readme.md
@ -0,0 +1,8 @@
+# Usage of tools in debian/
+
+## apt-key-migrate
+
+`apt-key-migrate` is a simple tool for lazy folks like me who have a bunch of public keys in `apt-key`'s deprecated keyring. It exports every single key to a seperate file in `/etc/apt/trusted.gpg.d/` and cleans the mess up afterwards.
+
+![Butt beware!](https://img-9gag-fun.9cache.com/photo/aPMDxAB_700bwp.webp)
+This script has not been thorougly tested. Use at your own risk!