fetch_git_signing_keys.sh: an attempt to store known signing keys and show which ones are not publicly available (unfound_keys_users.txt)

git_signing_keys/README.md

@@ -0,0 +1,10 @@
+This is a simple script permitting to go through each commit and try to get keys from randomly selected servers from a list.
+
+- Individual key found are stored under keys/key_*
+- Unfound key IDs are under not_found_keys.txt
+- Unfound key users are under unfound_keys_users.txt
+
+The last file is important, since it shows that some commits previously found cannot be verified.
+
+As stated under https://github.com/linuxboot/heads/issues/1794#issuecomment-2389524366, one has to remember that for each git commit, the whole git tree is being signed by latest git commit signee.
+But with public keys not being found easily from gpg key servers, some older commits with expired/revoked keys will look odd doing `git log --show-signature`

git_signing_keys/error_log.txt

@@ -0,0 +1,187 @@
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Failed to retrieve key 07609BDE4C8AEAB90F6EFCA94CA7B2A5D5C92A9C from hkp://pgp.surfnet.nl
+Server hkp://keyserver.freenet.de could not be reached.
+Failed to retrieve key 07609BDE4C8AEAB90F6EFCA94CA7B2A5D5C92A9C from hkp://keys.openpgp.org
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 0A52DFD7727000734B9A53BD365ED1E014824647 from hkp://pgp.surfnet.nl
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 140BC0DEE3D6C93FBA88DE6E5401F9FC55CD2EA4 from hkp://pgp.surfnet.nl
+Failed to retrieve key 140BC0DEE3D6C93FBA88DE6E5401F9FC55CD2EA4 from hkp://keys.openpgp.org
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Failed to retrieve key 1705719801234567 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 1705719801234567 from hkp://keys.openpgp.org
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Failed to retrieve key 3A07364F010D7C71552FAFA687F342A528DFD8E5 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Failed to retrieve key 3A07364F010D7C71552FAFA687F342A528DFD8E5 from hkp://keys.openpgp.org
+Server hkp://pgp.mit.edu could not be reached.
+Failed to retrieve key 3E3D140D4439F0659D4A8FED20C3618D656E7853 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 3E3D140D4439F0659D4A8FED20C3618D656E7853 from hkp://keys.openpgp.org
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Failed to retrieve key 48579AA47429663E from hkp://pgp.surfnet.nl
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 48579AA47429663E from hkp://keys.openpgp.org
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Failed to retrieve key 575F80D1599EA6D2C70AA9A19A53E1BB3FF00461 from hkp://pgp.surfnet.nl
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 5EFABA8B40366BFFC88176A52B4A4BE581022A54 from hkp://keys.openpgp.org
+Failed to retrieve key 5FCA029DCAB21268 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Failed to retrieve key 5FCA029DCAB21268 from hkp://keys.openpgp.org
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key 687A5005935B1533 from hkp://keys.openpgp.org
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Failed to retrieve key 687A5005935B1533 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Failed to retrieve key 7C75583D172140AF4A6B10186CD35B07297B3CF9 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Failed to retrieve key 924C1CD7C19D95FE7A577D2848579AA47429663E from hkp://keys.openpgp.org
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Failed to retrieve key 924C1CD7C19D95FE7A577D2848579AA47429663E from hkp://pgp.surfnet.nl
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Failed to retrieve key A766C89569895C0B86D598D09963C36AAC3B2B46 from hkp://keys.openpgp.org
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Failed to retrieve key C7CFA251FF608213 from hkp://keys.openpgp.org
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key C7CFA251FF608213 from hkp://pgp.surfnet.nl
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Failed to retrieve key C7E32619E2F71736F5910BB144CB2D868DD16BDA from hkp://keys.openpgp.org
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keys.gnupg.net could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.freenet.de could not be reached.
+Server hkp://pgp.mit.edu could not be reached.
+Server hkp://keyserver.cryptonomica.com could not be reached.
+Server hkp://keyserver.pgp.com could not be reached.
+Server hkp://keyserver.kjsl.com could not be reached.
+Server hkp://keyserver.ubuntu.com could not be reached.

git_signing_keys/fetch_git_signing_keys.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# Check if gpg is installed
+if ! command -v gpg &> /dev/null; then
+    echo "gpg could not be found. Please install gpg and try again."
+    exit 1
+fi
+
+# Check if git is installed
+if ! command -v git &> /dev/null; then
+    echo "git could not be found. Please install git and try again."
+    exit 1
+fi
+
+# Remove existing artifacts
+rm -f signatures.txt keys.txt not_found_keys.txt error_log.txt success_log.txt unfound_keys_users.txt
+rm -rf keys
+
+# Extract signatures from git log
+git log --show-signature > signatures.txt
+
+# Parse the signatures and extract unique keys
+grep -oP 'using (RSA|DSA|ECDSA|EDDSA) key \K\w+' signatures.txt | sort | uniq > keys.txt
+
+# Define key servers to try
+key_servers=(
+    "hkp://keyserver.ubuntu.com"
+    "hkp://keys.openpgp.org"
+    "hkp://pgp.mit.edu"
+    "hkp://keyserver.pgp.com"
+    "hkp://keys.gnupg.net"
+    "hkp://pgp.surfnet.nl"
+    "hkp://keyserver.cryptonomica.com"
+    "hkp://keyserver.freenet.de"
+    "hkp://keyserver.kjsl.com"
+)
+
+# Function to shuffle array
+shuffle() {
+    local i tmp size max rand
+    size=${#key_servers[*]}
+    max=$(( 32768 / size * size ))
+    for ((i=size-1; i>0; i--)); do
+        while (( (rand=RANDOM) >= max )); do :; done
+        rand=$(( rand % (i+1) ))
+        tmp=${key_servers[i]}
+        key_servers[i]=${key_servers[rand]}
+        key_servers[rand]=$tmp
+    done
+}
+
+# Create keys directory
+mkdir -p keys
+
+# Fetch and save the public keys from key servers
+while read -r key; do
+    found=false
+    shuffle
+    # Extract user information for the key
+    user=$(grep -A3 -B3 "$key" signatures.txt | grep 'Author:' | head -n 1 | sed 's/Author: //')
+    if [ -z "$user" ]; then
+        user="Unknown"
+    fi
+    echo "Debug: Key = $key, User = $user"  # Debugging statement
+    echo "Attempting to fetch key $key for user $user"
+    for server in "${key_servers[@]}"; do
+        echo "Trying server $server"
+        if ! ping -c 1 -W 1 "${server#*//}" &> /dev/null; then
+            echo "Server $server could not be reached." >> error_log.txt
+            continue
+        fi
+        if gpg --keyserver "$server" --recv-keys "$key"; then
+            gpg --export --armor "$key" > "keys/key_$key.asc"
+            found=true
+            echo "Successfully retrieved key $key from $server" >> success_log.txt
+            break
+        else
+            echo "Failed to retrieve key $key from $server" >> error_log.txt
+        fi
+    done
+    if [ "$found" = false ]; then
+        echo "Key $key not found on any key server." | tee -a not_found_keys.txt
+        echo "Key $key not found for user $user" >> unfound_keys_users.txt
+    fi
+done < keys.txt
+

git_signing_keys/keys.txt

@@ -0,0 +1,39 @@
+07609BDE4C8AEAB90F6EFCA94CA7B2A5D5C92A9C
+080FFC139F57AACE3E946186BB2ED46ACD2C6CF7
+0A52DFD7727000734B9A53BD365ED1E014824647
+0A59C698920806EB
+0F948052DDECBE68
+140BC0DEE3D6C93FBA88DE6E5401F9FC55CD2EA4
+1533C1225C1B41AFC46B33EBEB03A691DB2F0833
+1705719801234567
+3A07364F010D7C71552FAFA687F342A528DFD8E5
+3E3D140D4439F0659D4A8FED20C3618D656E7853
+48579AA47429663E
+4AEE18F83AFDEB23
+4D6E8D948B90871EF9AE2FAC91AB3245B1D14ABD
+523C8D614C0D2CA978C43AF2FD14C4672CA7D2C5
+575F80D1599EA6D2C70AA9A19A53E1BB3FF00461
+5EFABA8B40366BFFC88176A52B4A4BE581022A54
+5FCA029DCAB21268
+64E40F3DE2ECB70D746863563FBAF0E7D81427AB
+687A5005935B1533
+79D0526BD96AE6338E6257BDA8853020E8EE6FBA
+7C75583D172140AF4A6B10186CD35B07297B3CF9
+868184069239FF65DE0BCD7DD9BAE35991DE5B22
+8735540225E98BDBC82491B41E9C3CA91AE25114
+8D6066CF922E52796F187ABE2BBB776A35B978FD
+924C1CD7C19D95FE7A577D2848579AA47429663E
+A2444D06D3CAFA92F68A21E679C78E6659DB658F
+A6C74E341054A169CE52BE5FB65BFE540DEF86C0
+A766C89569895C0B86D598D09963C36AAC3B2B46
+AAFC4B34BBEBB31C
+ACF4B7893D4D05C8F18069BAE7B4A71658E36A93
+B5690EEEBB952194
+B65BFE540DEF86C0
+C7CFA251FF608213
+C7E32619E2F71736F5910BB144CB2D868DD16BDA
+D825FD54D9B940FF0FFFB31AA4FDB7BE12F63EC3
+E157D2B23F605B99A3E297760F948052DDECBE68
+E8ACBC6CFCCA7A99779FB69127B829528903C906
+F553996957F0D56EE54D6F72555577116BFA74B9
+FB1AB4639F52FF4B8E302151902C199C68C4B327

git_signing_keys/keys/key_080FFC139F57AACE3E946186BB2ED46ACD2C6CF7.asc

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFwGhroBEACysodv4GiKgZWEjmCb7W65r/5T5Pf//tfVZUGn+pJOX1n9ZtQ9
+WSLVMV8xSgaEb4Ht/BvpKCVlnjrl2w3/J17sQduAAoKx/qTsZVnD/4ouIF2Ar+r/
+jN9QJrKNtL3Mb3PwPCkbEjmZI2qrk7cd5/dEJ0XZaTA5msH/TlVyWC8JS+I3QLZV
+nb0Vv2xTKi6+9d4uI/LQYAEULrZiA94egvfC1inyJK6RqvaAgbp+sFvnoUvHzCQN
+vAMVcmI+RmfS496yTLFihWakv8kfopjCmHAwH7S/8eT1jAYq494F5ZEy6x0N7NRi
+UZ5Ykx089rTvIH+GoDm8GRVq4H/rRf8j+ZZddYa8Nmgkwqern8a/C0S9qyga1hly
+uoct+NL3RMv57bTdWeJT9tO6P672SHKMya39pY5Ppb623A1Pl+qAK7HmlCZNdz6J
+F9rzyvYX/8cJrf9GCWkpj+lSQG4sRVrbZvKi4bnmdbkrspLiuBiFkPI4gW0WH4C9
++C2g8dLpigwwpos++bP58NwQYK4HPB5R5IG7sHd3PMm40nd10NbRuh67BHsVUYd7
+4tv1dYielKVuytMjrA2yOcGUzaoVGwvtMyeXnUMalPZbUjulS7byP+Y97Js9ix8G
+ibfqeVFwSE4MzH+zFOWqlMZRFkDVJ90CljMfDw09VGiOr4M5iIyNuINv0wARAQAB
+tFBNYXJlayBNYXJjenlrb3dza2ktR8OzcmVja2kgKGNvZGUgc2lnbmluZyBrZXkp
+IDxtYXJtYXJla0BpbnZpc2libGV0aGluZ3NsYWIuY29tPokCTgQTAQgAOBYhBAgP
+/BOfV6rOPpRhhrsu1GrNLGz3BQJcBoa6AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
+AheAAAoJELsu1GrNLGz35sQP/iv/KbZ7i5z5Y3L30nOwBZKgzCoiN4OLauLEJuUR
+CcU4WKbKw1kuiSfjrTWTnK4Jk0VIVr6U7UQOr3zNzfyltSaattNjkvOYY+q4up25
+wKAvlOg61lml8y6XbrXY9IRr+zXKgbEacSdgNORyCJjFMrT+evufrSFDTS6joJuJ
+lQmrZHTlGbi//3GlLNZ+OGwcRRFfq2LqEG6rQoqp6t5/QmXMFw8KBMaop1dt90TW
+Ti5GyCjUtT4lTy15iTkh6C2QTphH3EbmNsybit+ZB7ATpO7ka+YkTDcHvYyOUcwj
+/vH06aA44WgGPYVU2q2wXl2xYY44PEImd7fMgxPES1bcJssapU5ilByHfHRGOS8V
+tBRxEYrmF2ACOt3LdHEg4n47uJROQhGBaoWjVmveDkKlI1ShveovdEo+fZQSBjsp
+haZYHbhQaixHi+0Q+49zQjtQjo/AEnlS3J6A7NiBoxJWzMLGQfM+2kzHkMzTF7K2
+YzI1G7sTeKZjnO6YsJ4P7fPnGkd1AwbyzAkYoogAwf4WLbtBYvCOCTT4yDYtwSmr
+zOp/DelSiRim+6Jn6bMNVhJVb7WnLTZMxJ46lpSf/rY+0D7X/4c8vo3/ZfoW0zD2
+leBVP1phn9GlVPLnH07ufNQ2IEXInF6wLnHP7s5ghuzlgRWva45DggWVCPuHHz6k
+fa1c
+=zAIz
+-----END PGP PUBLIC KEY BLOCK-----