Mercurial Mercurial > hg > ius > repo-tools / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added script to check the key ring for expiring keys rsync
authorMatthias Förste foerste@schlittermann.de
Wed, 18 Apr 2012 11:09:40 +0200
branchrsync
changeset 40 5f159c41e8a3
parent 39 c2e97355a239
child 41 40df28fd3562
added script to check the key ring for expiring keys
bin/check-key-expiry file | annotate | diff | comparison | revisions
bin/check-key-ring-expiry file | annotate | diff | comparison | revisions
bin/check-repo-key-expiry file | annotate | diff | comparison | revisions 
--- a/bin/check-key-expiry	Tue Apr 17 14:22:44 2012 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-NOTIFY='edv@schlittermann.de'
-WARNTIME=$(expr 30 \* 24 \* 60 \* 60) # seconds
-EXPIRY=$(date -d $(LC_ALL= LANG= gpg -k --with-colons apt.schlittermann.de|grep '^pub'|cut -d: -f7) +%s)
-TODAY=$(date +%s)
-
-if [[ $(( $EXPIRY - $TODAY )) -le $WARNTIME ]]; then
-  ( echo Subject: apt.schlittermann.de Archive Signing Key is about to expire - please extend expiry date; gpg -k apt.schlittermann.de ) | /usr/sbin/sendmail $NOTIFY
-fi
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/check-key-ring-expiry	Wed Apr 18 11:09:40 2012 +0200
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+WARNTIME=$(expr 30 \* 24 \* 60 \* 60) # seconds
+TODAY=$(date +%s)
+#TODAY=$(date -d '2013-04-03' +%s)
+UPLOADERS=~/repo/conf/uploaders/*
+#UPLOADERS=/tmp/test
+
+EXPIRY=
+ADDRESS=
+
+set_key_data() {
+
+    e=
+    a=
+    k=${1}
+    EXPIRY=
+    ADDRESS=
+    IFS=':' read e a <<EOO
+$(LC_ALL= LANG= gpg -k --with-colons $k|grep '^pub'|cut -d: -f7,10)
+EOO
+
+    [ -n "$e" ] && EXPIRY=$(date -d $e +%s)
+    [ -n "$a" ] && ADDRESS=$a
+
+}
+
+about_to_expire() {
+    [ -n "$EXPIRY" -a \( $(( $EXPIRY - $TODAY )) -le $WARNTIME \) ] || return 1;
+}
+
+expired() { 
+    [ -n "$EXPIRY" -a \( $(( $EXPIRY - $TODAY )) -le 0 \) ] || return 1;
+}
+
+for f in $UPLOADERS; do
+    while read first second third fourth k; do
+	if [ \( "$first" = 'allow' \) \
+	    -a \( "$second" = '*' \) \
+	    -a \( "$third" = 'by' \) \
+	    -a \( "$fourth" = 'key' \) \
+	    -a \( -n "$k" \) ]; then
+	    SUBJECT=
+	    set_key_data $k
+	    { about_to_expire || expired; } && gpg --refresh-keys $k
+	    set_key_data $k
+	    if expired; then
+		SUBJECT='Your published Package Signing Key is expired'
+	    elif about_to_expire; then
+		SUBJECT='Your published Package Signing Key is about to expire'
+	    fi
+	    if [ -n "$SUBJECT" ]; then
+		#echo "$ADDRESS: Subject: $SUBJECT"
+		#cat <<EOM | gpg --encrypt -a --batch --trust-model always --recipient $k| /usr/sbin/sendmail "$ADDRESS"
+		cat <<EOM | /usr/sbin/sendmail "$ADDRESS"
+Subject: $SUBJECT
+
+Please extend the expiration date and send the updated key to the keyserver.
+Reply to this mail if you want us to remove your key from our list.
+
+$(gpg -k $k)
+
+Best regards
+EOM
+	    fi
+	fi
+    done <$f
+done
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/check-repo-key-expiry	Wed Apr 18 11:09:40 2012 +0200
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+NOTIFY='edv@schlittermann.de'
+WARNTIME=$(expr 30 \* 24 \* 60 \* 60) # seconds
+EXPIRY=$(date -d $(LC_ALL= LANG= gpg -k --with-colons apt.schlittermann.de|grep '^pub'|cut -d: -f7) +%s)
+TODAY=$(date +%s)
+
+if [[ $(( $EXPIRY - $TODAY )) -le $WARNTIME ]]; then
+  ( echo Subject: apt.schlittermann.de Archive Signing Key is about to expire - please extend expiry date; gpg -k apt.schlittermann.de ) | /usr/sbin/sendmail $NOTIFY
+fi
ius/repo-tools