[Nm-templates-discuss] templates keycheck.sh,1.12,1.13
joerg@haydn.debian.org
joerg@haydn.debian.org
Update of /cvsroot/nm-templates/templates
In directory haydn:/tmp/cvs-serv3876
Modified Files:
keycheck.sh
Log Message:
Added a check for expired keys
Index: keycheck.sh
===================================================================
RCS file: /cvsroot/nm-templates/templates/keycheck.sh,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- keycheck.sh 5 Feb 2005 20:37:43 -0000 1.12
+++ keycheck.sh 1 Apr 2005 21:16:29 -0000 1.13
@@ -27,17 +27,17 @@
DELETE=no
# The options for the gpg call in this script.
# Contains only options used in ALL gpg calls.
-GPGOPTS=" -q --no-options --no-auto-check-trustdb --no-default-keyring --keyring $DESTDIR/nm.gpg "
+GPGOPTS=" -q --no-options --no-default-keyring --no-auto-check-trustdb --keyring $DESTDIR/nm.gpg "
# For the following calls use LANG=C - some output is used for
# reports to a list / for an english report.
LANG=C
export LANG
echo "Syncing Debian Keyrings with rsync from keyring.debian.org"
-rsync -qcltz --block-size=8192 --partial --progress --exclude=emeritus-* --exclude=removed-* keyring.debian.org::keyrings/keyrings/* $DESTDIR/.
+rsync -qcltz --block-size=8192 --partial --progress --exclude='emeritus-*' --exclude='removed-*' 'keyring.debian.org::keyrings/keyrings/*' $DESTDIR/.
echo "Receiving and checking key"
gpg $2 ${GPGOPTS} --keyserver=$KEYSERVER --recv-keys 0x$1
-gpg $2 ${GPGOPTS} --with-fingerprint --keyring $DESTDIR/debian-keyring.gpg --keyring $DESTDIR/debian-keyring.pgp --check-sigs $1
+gpg $2 ${GPGOPTS} -v --with-fingerprint --keyring $DESTDIR/debian-keyring.gpg --keyring $DESTDIR/debian-keyring.pgp --check-sigs $1
echo "Let's test if its a version 4 or greater key"
VERSION=$(gpg ${GPGOPTS} --export $1 | gpg -qvv 2>/dev/null | head -n 4 | grep version |awk '/version/ {print $2}'| sed "s/\([0-9]\)\,/\1/")
@@ -49,6 +49,19 @@
else
echo "Key is ok"
fi
+
+echo "Check for key expire stuff"
+EXPIRE=$(gpg ${GPGOPTS} --with-colons --check-sigs $1 |awk -F : ' $1 == "sub" && $2 != "r" {print $7} ')
+
+if [ -z $EXPIRE ]; then
+ echo "Key has no expiration date set, nothing to check."
+else
+ echo "Key has an expiration date of ${EXPIRE}."
+ echo "Please check that its not in the past, AND that it is more than one"
+ echo "month in the future at the time you will sent your DAM report!"
+ echo "Thank you."
+fi
+
if [[ "$DELETE" = "yes" ]]; then
rm -f $DESTDIR/nm.gpg
fi