Changes method for setting trust level of GPG keys

gitian.yml

@@ -10,6 +10,7 @@
     git_email: ''
     gpg_key_id: '' # optional
     ssh_key_name: '' # optional
+    git_verify_sigs: true
   roles:
     - role: common
       tags: common

roles/gitian/defaults/main.yml

@@ -9,6 +9,7 @@ zcash_gitian_sigs_repo: https://github.com/zcash/gitian.sigs
 zcash_version: master
 gitian_host_ip: 10.0.2.15
 lxc_guest_ip: 10.0.3.5
+git_verify_sigs: false
 zcash_developer_pubkeys:
   - name: nathan
     id: ED417FBE79C99E8C

roles/gitian/files/set-trust.exp

@@ -1,7 +0,0 @@
-#!/usr/bin/expect
-
-set timeout 5
-spawn /usr/bin/gpg2 --edit-key $argv 0 --yes trust quit
-expect "Your decision? " { send "5\n" }
-expect "Do you really want to set this key to ultimate trust? (y/N) " { send "y\n" }
-interact

roles/gitian/tasks/main.yml

@@ -21,6 +21,7 @@
     - curl
     - debootstrap
     - git-core
+    - gnupg2
     - kpartx
     - make
     - parted

roles/gitian/tasks/verify.yml

@@ -1,18 +1,4 @@
 ---
-- name: Install expect and GnuPG v2.
-  apt:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - expect
-    - gnupg2
-
-- name: Copy trust-setting script.
-  copy:
-    src: set-trust.exp
-    dest: /usr/local/bin/set-trust.exp
-    mode: "0755"
-
 - name: Download Zcash developer public keys from website.
   become: yes
   get_url:
@@ -29,7 +15,11 @@
   with_items: "{{ zcash_developer_pubkeys }}"
 
 - name: Set Zcash developer public keys to ultimately trusted.
-  command: "set-trust.exp {{ item.id }}"
-  with_items: "{{ zcash_developer_pubkeys }}"
+  shell: >
+    gpg --list-keys --with-colons --with-fingerprint `gpg --list-keys
+    --with-colons | grep "pub:f:.*:-:" |
+    sed -r -e 's/pub:f:[0-9]+:[0-9]+:([A-F0-9]+):.*/0x\1/'` | grep "^fpr:" |
+    sed -r -e 's/fpr:::::::::([0-9A-F]+):/\1:6:/' | gpg --import-ownertrust
   become_user: "{{ gitian_user }}"
-
+  args:
+    executable: /bin/bash