Added kinda hacky script for migrating apt-key's deprecated keystore to /etc/apt/trusted.gpg.d/
This commit is contained in:
parent
684f24de7a
commit
88c937a954
|
@ -0,0 +1,69 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Ugly key exporter/splitter for APT's keyring
|
||||
# (c) 2022 by crt0mega
|
||||
if [ $(command -v sudo) ]; then
|
||||
declare SU=$(command -v sudo)
|
||||
else
|
||||
declare SU="$(command -v su) -c"
|
||||
fi
|
||||
|
||||
if ! [ $(id -u) == 0 ]; then
|
||||
echo "This script must be run as root."
|
||||
$SU $0
|
||||
exit
|
||||
fi
|
||||
|
||||
declare KEYFILE="/etc/apt/trusted.gpg"
|
||||
declare NEWPATH="/etc/apt/trusted.gpg.d"
|
||||
declare GPG_CMD=$(command -v gpg)
|
||||
declare GPG_LIST="--keyring $KEYFILE --no-default-keyring --list-public-keys --with-colons"
|
||||
declare GPG_EXPORT="--keyring $KEYFILE --no-default-keyring --export --armor"
|
||||
|
||||
declare i=0
|
||||
declare e=0
|
||||
|
||||
# Get a list of all public keys
|
||||
echo "Getting list of keys from $KEYFILE ..."
|
||||
declare KEY_LIST=$($GPG_CMD $GPG_LIST | grep "pub" | cut -d: -f 5)
|
||||
|
||||
# Export each key in an ASCII armored file
|
||||
for key in $KEY_LIST; do
|
||||
echo "Exporting $key ..."
|
||||
$GPG_CMD $GPG_EXPORT --output $NEWPATH/$key.asc $key
|
||||
|
||||
if ! [ $? == 0 ]; then
|
||||
echo Error exporting key $key
|
||||
((e++))
|
||||
fi
|
||||
|
||||
((i++))
|
||||
done
|
||||
|
||||
echo "$((i - e)) keys exported."
|
||||
|
||||
if ! [ $e == 0 ]; then
|
||||
echo "There have $e been errors. Exiting."
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ $i == 0 ]; then
|
||||
echo "No keys have been exported. Exiting."
|
||||
exit
|
||||
fi
|
||||
|
||||
read -n 1 -p "All keys have been exported. Do you wish to delete APT's deprecated keyring? (Y/N) "
|
||||
echo
|
||||
|
||||
if [ "${REPLY^^}" == "Y" ]; then
|
||||
rm $KEYFILE
|
||||
fi
|
||||
|
||||
read -n 1 -p "APT needs to be refreshed. Run apt-get update now? (Y/N) "
|
||||
echo
|
||||
|
||||
if [ "${REPLY^^}" == "Y" ]; then
|
||||
apt-get update
|
||||
fi
|
||||
|
||||
echo "Finished."
|
|
@ -0,0 +1,8 @@
|
|||
# Usage of tools in debian/
|
||||
|
||||
## apt-key-migrate
|
||||
|
||||
`apt-key-migrate` is a simple tool for lazy folks like me who have a bunch of public keys in `apt-key`'s deprecated keyring. It exports every single key to a seperate file in `/etc/apt/trusted.gpg.d/` and cleans the mess up afterwards.
|
||||
|
||||
![Butt beware!](https://img-9gag-fun.9cache.com/photo/aPMDxAB_700bwp.webp)
|
||||
This script has not been thorougly tested. Use at your own risk!
|
Loading…
Reference in New Issue