[Nm-templates-discuss] templates keycheck.sh,1.12,1.13

joerg@haydn.debian.org joerg@haydn.debian.org 

Update of /cvsroot/nm-templates/templates
In directory haydn:/tmp/cvs-serv3876

Modified Files:
	keycheck.sh 
Log Message:
Added a check for expired keys


Index: keycheck.sh
===================================================================
RCS file: /cvsroot/nm-templates/templates/keycheck.sh,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- keycheck.sh	5 Feb 2005 20:37:43 -0000	1.12
+++ keycheck.sh	1 Apr 2005 21:16:29 -0000	1.13
@@ -27,17 +27,17 @@
 DELETE=no
 # The options for the gpg call in this script.
 # Contains only options used in ALL gpg calls.
-GPGOPTS=" -q --no-options --no-auto-check-trustdb --no-default-keyring --keyring $DESTDIR/nm.gpg "
+GPGOPTS=" -q --no-options --no-default-keyring --no-auto-check-trustdb --keyring $DESTDIR/nm.gpg "
 # For the following calls use LANG=C - some output is used for
 # reports to a list / for an english report.
 LANG=C
 export LANG
 
 echo "Syncing Debian Keyrings with rsync from keyring.debian.org"
-rsync -qcltz --block-size=8192 --partial --progress --exclude=emeritus-* --exclude=removed-* keyring.debian.org::keyrings/keyrings/* $DESTDIR/.
+rsync -qcltz --block-size=8192 --partial --progress --exclude='emeritus-*' --exclude='removed-*' 'keyring.debian.org::keyrings/keyrings/*' $DESTDIR/.
 echo "Receiving and checking key"
 gpg $2 ${GPGOPTS} --keyserver=$KEYSERVER --recv-keys 0x$1
-gpg $2 ${GPGOPTS} --with-fingerprint --keyring $DESTDIR/debian-keyring.gpg --keyring $DESTDIR/debian-keyring.pgp --check-sigs $1
+gpg $2 ${GPGOPTS} -v --with-fingerprint --keyring $DESTDIR/debian-keyring.gpg --keyring $DESTDIR/debian-keyring.pgp --check-sigs $1
 
 echo "Let's test if its a version 4 or greater key"
 VERSION=$(gpg ${GPGOPTS} --export $1 | gpg -qvv 2>/dev/null | head -n 4 | grep version |awk '/version/ {print $2}'| sed "s/\([0-9]\)\,/\1/")
@@ -49,6 +49,19 @@
 else
 	echo "Key is ok"
 fi
+
+echo "Check for key expire stuff"
+EXPIRE=$(gpg ${GPGOPTS} --with-colons --check-sigs $1 |awk -F : ' $1 == "sub" && $2 != "r" {print $7} ')
+
+if [ -z $EXPIRE ]; then
+    echo "Key has no expiration date set, nothing to check."
+else
+	echo "Key has an expiration date of ${EXPIRE}."
+	echo "Please check that its not in the past, AND that it is more than one"
+	echo "month in the future at the time you will sent your DAM report!"
+	echo "Thank you."
+fi
+
 if [[ "$DELETE" = "yes" ]]; then
 	rm -f $DESTDIR/nm.gpg
 fi