gpg --batch --yes --edit-key trust

[mark at proseconsulting.co.uk]

 On Tue 27/07/10 11:02 AM , mark at proseconsulting.co.uk sent:
> On Tue 27/07/10  9:12 AM , Werner Koch  sent:
> > On Mon, 26 Jul 2010 10:01,  said:
> > > gpg --fingerprint --list-keys "$1" |
> > >     $AWK -v tmpfile="$TMPFILE" -v trustlevel="$2"
> >
> > Please use --with-colons for all scripts.  The standard output is only
> > for humans.
>
> Good spot.  Amended script attached.  I hope others find it useful.
> Best regards,
> Mark Bannister.

Checking the mailing list archive, it seems my attached script got scrubbed.  But also, it seems my formatting is not being lost until I get the mail back again.  So all is good.  Here is the final script one more time.

For those who missed the original mailings, this script will set the trust-level non-interactively on a public key that you have previously imported, making it possible for tools (such as pkgutil) to verify digital signatures with a key previously downloaded from a secure keyserver, while at no time expecting the end user to interact with GPG:

#!/bin/ksh
#
# Set trust level for a given GPG key
#
AWK=/bin/gawk
[ -x /bin/nawk ] && AWK=/bin/nawk

[ $# -ne 2 ] && echo "Syntax: $(basename $0) key trust-level" && exit 1

gpg --fingerprint --with-colons --list-keys |\
    $AWK -F: -v keyname="$1" -v trustlevel="$2" '
        $1=="pub" && $10 ~ keyname { fpr=1 }
        $1=="fpr" && fpr { fpr=$10; exit }
        END {
            cmd="gpg --export-ownertrust"
            while (cmd | getline) if ($1!=fpr) print
            close(cmd)
            print fpr ":" trustlevel ":"
        }
    ' | gpg --import-ownertrust



Best regards,
Mark Bannister.