heads/initrd/bin/key-init

#!/bin/ash
set -e -o pipefail
. /etc/functions

TRACE "Under /bin/key-init"

# Post processing of keys

# Import user's keys
gpg --import /.gnupg/keys/*.key  /.gnupg/keys/*.asc 2>/dev/null || true

# Import trusted distro keys allowed for ISO signing
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true

# Add user's keys to the list of trusted keys for ISO signing
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true