• Daniel Kahn Gillmor's avatar
    clean up cruft from stored keyrings · 061bf73a
    Daniel Kahn Gillmor authored
    I noticed that there was some cruft in the OpenPGP keys we are
    distributing.  For example, NIIBE's key (0x00B45EBD4CA7BABE) contained
    multiple copies of his weird bitcoin ECC subkey.
    
    gpg(1) has a nice import-option for curation/cleanup.  It says:
    
        import-export
           Run the entire import code but instead of storing the key
           to  the local keyring write it to the output.
             [ ... ]
           This  option can be used to remove all invalid parts from
           a key without the need to store it.
    
    so i used this against all the keys in debian-keyring-gpg, like so:
    
        for targ in 0x* ; do
           gpg --no-keyring --batch --quiet \
               --import-options import-export --import \
               < $targ > tmp && \
           /bin/mv tmp $targ
        done
    
    You can see what's changed with:
    
       GIT_EXTERNAL_DIFF=openpgp-diff git diff
    
    where openpgp-diff looks something like:
    
    echo  "changes to file $1"
    diff -u <(pgpdump <"$2") <(pgpdump <"$5")
    true
    
    This removes ~400KB (about 1.5% by volume) of malformed misaligned, or
    duplicated OpenPGP packets.
    061bf73a
Name
Last commit
Last update
cheatsheets Loading commit data...
debian Loading commit data...
debian-keyring-gpg Loading commit data...
debian-maintainers-gpg Loading commit data...
debian-nonupload-gpg Loading commit data...
debian-role-keys-gpg Loading commit data...
dm-packaging Loading commit data...
emeritus-keyring-gpg Loading commit data...
output/keyrings Loading commit data...
scripts Loading commit data...
t Loading commit data...
.gitignore Loading commit data...
LICENSE Loading commit data...
Makefile Loading commit data...
README Loading commit data...
keyids Loading commit data...
runtests Loading commit data...