kaufmann.debian.org layout
==========================

mosca$ make
mosca$ gpg --clearsign output/sha512sums.txt
mosca$ mv output/sha512sums.txt.asc output/sha512sums.txt
mosca$ scp output/sha512sums.txt kaufmann.debian.org://org/keyring.debian.org/master-keyring/output
mosca$ scp output/keyrings/* kaufmann.debian.org://org/keyring.debian.org/master-keyring/output/keyrings
mosca$ bzr push --create-prefix bzr+ssh://bzr.debian.org/bzr/keyring/debian-keyring

kaufmann$ cat /home/noodles/update-keyrings 
#!/bin/bash

SRCKEYRINGDIR=/org/keyring.debian.org/master-keyring/output
OUTPUTDIR=/org/keyring.debian.org/pub
HKPDIR=/org/keyring.debian.org/keyrings-new
PENDINGDIR=/org/keyring.debian.org/pending-updates

if ! gpg --batch --quiet --verify ${SRCKEYRINGDIR}/sha512sums.txt 2> /dev/null; \
		then
	echo sha512sums for update is not signed.
	exit 1
fi

cd ${SRCKEYRINGDIR}
if ! sha512sum -c sha512sums.txt; then
	echo sha512sums for update does not match files.
	exit 1
fi

if [ -e ${PENDINGDIR}/debian-keyring.gpg -o \
		-e ${PENDINGDIR}/debian-maintainers.gpg -o \
		-e ${PENDINGDIR}/debian-nonupload.gpg ]; then
	echo Unhandled pending updates.
	exit 1
fi

cp ${HKPDIR}/debian-keyring.gpg ${PENDINGDIR}
cp ${HKPDIR}/debian-maintainers.gpg ${PENDINGDIR}
cp ${HKPDIR}/debian-nonupload.gpg ${PENDINGDIR}

echo Updating active keyrings.
cp -r ${SRCKEYRINGDIR}/* ${OUTPUTDIR}/
echo Updating HKP keyrings.
cp -r ${SRCKEYRINGDIR}/keyrings/debian-keyring.gpg \
	${SRCKEYRINGDIR}/keyrings/debian-maintainers.gpg \
	${SRCKEYRINGDIR}/keyrings/debian-nonupload.gpg \
	${HKPDIR}/
