common: Improved helper script gpg_import_url_key

- Disabled output from called commands - Improved shell options when failing - Alternative return code if key is already stored in keyring
5 years ago · 5c1a6b6a89
parent 151f2ca896
commit 5c1a6b6a89
1 changed files with 9 additions and 4 deletions
--- a/roles/common/files/gpg_import_url_key.sh
+++ b/roles/common/files/gpg_import_url_key.sh
@ -2,14 +2,19 @@

 # Usage: <url> <fpr> <keyring>

-set -e;
+set -euf;

+return_code=0;
 readonly keyfile="$(mktemp --dry-run)";

 mkdir --parents ~/.gnupg;
 chmod "u=rwx,g=,o=" ~/.gnupg;

-/usr/bin/wget --output-document="$keyfile" -- "$1";
-/usr/bin/gpg2 --dry-run --quiet --import-options import-show --with-colons --import "$keyfile" | awk -F: '$1 == "fpr" { print $10 }' | head --lines=1 | grep --fixed-strings "$2";
-/usr/bin/gpg2 --quiet --no-default-keyring --keyring "$3" --import "$keyfile";
+/usr/bin/wget --quiet --output-document="$keyfile" -- "$1";
+/usr/bin/gpg2 --dry-run --quiet --debug-level 0 --import-options import-show --with-colons --import "$keyfile" | awk -F: '$1 == "fpr" { print $10 }' | head --lines=1 | grep --fixed-strings "$2" > /dev/null;
+readonly return_text="$(/usr/bin/gpg2 --no-default-keyring --keyring "$3" --import "$keyfile" 2>&1)";
+if echo "$return_text" | grep --basic-regexp ' not changed$' > /dev/null; then
+  return_code=2;
+fi
 rm "$keyfile";
+exit $return_code;