On Sat, Feb 24, 2007 at 01:59:07AM -0500, Joey Hess wrote: > > How would you convert "gpg --refresh-keys" into changeset based > > operations, I wonder? Maybe you could do it by something like: [...] > That's beautiful, if we can figure out what "changed-keys" is. :-) Two ways: either parse the output of gpg as it's running: gpg: requesting key CA57AD7C from ldap server keyserver.pgp.com gpg: key CA57AD7C: "PGP Global Directory Verification Key" not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: requesting key DDD11D8A from hkp server subkeys.pgp.net gpg: key DDD11D8A: "Ted Percival (midg3t) <ted@midg3t.net>" 74 new signatures gpg: Total number processed: 1 gpg: new signatures: 74 or run gpg --list-keys --verbose on the old and new keyring, and see what differences you find. I guess we need something that'll do that anyway, though. How about the attached as a proof of concept? ] $ ./diffring.pl ./debian-keyring.list ./debian-keyring-aj.list ] Updated uid 1024D/788A3F4C-Joey Hess <joey@kitenet.net> (sigs: +0, -181) ] Updated uid 1024D/788A3F4C-Joey Hess <joey@mooix.net> (sigs: +0, -86) ] Updated uid 1024D/788A3F4C-Joey Hess <joeyh@debian.org> (sigs: +0, -191) ] Removed uid 1024D/788A3F4C-Joey Hess <joeyh@master.debian.org> (sigs: 173) or ] $ ./diffring.pl ./debian-keyring-aj.list ./debian-keyring.list ] Updated uid 1024D/788A3F4C-Joey Hess <joey@kitenet.net> (sigs: +181, -0) ] Updated uid 1024D/788A3F4C-Joey Hess <joey@mooix.net> (sigs: +86, -0) ] Updated uid 1024D/788A3F4C-Joey Hess <joeyh@debian.org> (sigs: +191, -0) ] Added uid 1024D/788A3F4C-Joey Hess <joeyh@master.debian.org> (sigs: 173) It works on the output of `gpg --verbose --list-sigs', which is a bit slow on a full keyring. Oh well. On Sat, Feb 24, 2007 at 03:04:57AM -0500, Joey Hess wrote: > joey@kodama:~>ls jetring May Manoj's typos live forever :) > joey@kodama:~/tmp/debian-keyring-2005.05.28/keyrings>head emeritus-keyring/add-001B3BA1 > Comment: extracted from emeritus-keyring.pgp by keyring-explode > Action: import > Data: > -----BEGIN PGP PUBLIC KEY BLOCK----- No import date? > Ok, no significant changes, only id rearrangement and dup removal. diffring.pl should deal with those fwiw. Doesn't deal with revocations, and may not deal well with subkeys. Cheers, aj
#!/usr/bin/perl -w # Copyright (c) 2007 Anthony Towns # GNU GPL; v2 or later # Gives an overview of what changed between two keyrings use strict; my $l = parse_keyring($ARGV[0]); my $r = parse_keyring($ARGV[1]); foreach my $ku (sort keys %{$l}) { if (not defined $r->{$ku}) { my $n = @{$l->{$ku}}; print "Removed uid $ku (sigs: $n)\n"; } else { my $a = $l->{$ku}; my $b = $r->{$ku}; my ($i, $j) = (0,0); my ($del, $add) = (0,0); while() { my $A = $a->[$i] || "G"; my $B = $b->[$j] || "G"; # avoid dupes: if ($i > 0 && $A ne "G" && $A eq $a->[$i-1]) { $i++; next; } if ($j > 0 && $B ne "G" && $B eq $b->[$j-1]) { $j++; next; } # compare: my $x = $A cmp $B; if ($A eq "G" and $B eq "G") { last; } if ($x == 0) { $i++; $j++; next; } if ($x > 0) { $add++; $j++; next; } if ($x < 0) { $del++; $i++; next; } } if ($add or $del) { print "Updated uid $ku (sigs: +$add, -$del)\n"; } } } foreach my $ku (sort keys %{$r}) { if (not defined $l->{$ku}) { my $n = @{$r->{$ku}}; print "Added uid $ku (sigs: $n)\n"; } } sub parse_keyring { my $k = shift; my $fd; # open $fd, "gpg --no-default-keyring --no-auto-check-trustdb --keyring $k --verbose --list-sigs |" or die "couldn't open keyring $k: $!"; open $fd, "< $k" or die "couldn't open gpg--list-sigs-output $k: $!"; my $x = build_key_hash($fd); close($fd); return $x; } sub build_key_hash { my $f = shift; my $keys = {}; my ($k, $u); while (<$f>) { chomp; if (m/^\s*$/) { # skip } elsif (m/^pub/) { $k = substr($_,6); $k =~ s/\s.*//; $u = undef; } elsif (defined $k && m/^sub/) { $u = substr($_,6); $u =~ s/\s.*//; $keys->{"$k-$u"} = []; } elsif (defined $k && m/^uid/) { $u = substr($_,21); $keys->{"$k-$u"} = []; } elsif (defined $k && m/^rev/) { # skip } elsif (defined $k && defined $u && m/^sig/) { push @{$keys->{"$k-$u"}}, substr($_, 13, 19); } else { #print "XXX: $_\n"; } } foreach my $ku (keys %{$keys}) { $keys->{$ku} = [ sort( @{$keys->{$ku}} ) ]; } return $keys; }
Attachment:
signature.asc
Description: Digital signature