pentoo-overlay/scripts/update-pentoo-keyring

#!/bin/sh
set -exu
zero="A5DD1427DD11F94A"
blshkv="273E3E90D1A6294F"
github="4AEE18F83AFDEB23"

GNUPGHOME="$(mktemp -d)"
tmpkeyring="$(mktemp)"
export GNUPGHOME
export tmpkeyring

gpg --no-default-keyring --keyring "${tmpkeyring}" --keyserver keyserver.ubuntu.com --recv-keys "${zero}" "${blshkv}"

#we shouldn't need to refresh the keys if we are getting them clean
#gpg --refresh-keys

#this key causes errors if pulls from the keyserver :-(
curl https://github.com/web-flow.gpg | gpg --no-default-keyring --keyring "${tmpkeyring}" --import

#trust isn't exported
#printf "5\ny\n" | gpg --no-default-keyring --keyring "${tmpkeyring}" --command-fd 0 --edit-key "${github}" trust
gpg --no-default-keyring --keyring "${tmpkeyring}" --armor --export "${zero}" "${blshkv}" "${github}" > ../pentoo/pentoo-core/files/pentoo-keyring.asc
pkill -f "dirmngr --daemon --homedir ${GNUPGHOME}"
pkill -f "gpg-agent --homedir ${GNUPGHOME}"
rm -f "${tmpkeyring}"
rm -rf "${GNUPGHOME}"
unset GNUPGHOME