summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2023-07-07 21:39:24 +0200
committerErich Eckner <git@eckner.net>2023-07-07 21:39:24 +0200
commit8712387a029b5dbc9e4e94e58477b1521ad2341c (patch)
tree1a3e6ecc1a9287efaa743e24a2358e3188b58952
parentd82f06896815991be88781c9a44857e2be9cea9f (diff)
downloadcrypt-expiry-check-8712387a029b5dbc9e4e94e58477b1521ad2341c.tar.xz
gpg:
* consider newest key only * consider oldest sig of this key * clean up date parsing
-rwxr-xr-xcrypt-expiry-check.in37
1 files changed, 21 insertions, 16 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index 14f7432..c24dfbc 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -495,22 +495,27 @@ check_gpg_key_status() {
exit 1
fi
- KEY_INFO=$(${GPG_COMMAND} --list-secret-keys "${GPG_ADDRESS}" 2> /dev/null)
- [ -z "${KEY_INFO}" ] && KEY_INFO=$(${GPG_COMMAND} --list-keys "${GPG_ADDRESS}")
-
- KEY_DATE_STR=$(
- echo "${KEY_INFO}" | \
- ${GREP} "\[\(expire[ds]\|verfallen\|verf..\?llt\):[^]]*]" | \
- ${SED} "s#^.*\[\(expire[ds]\|verfallen\|verf..\?llt\):\s*\(\S[^]]*\)].*\$#\2#" | \
- ${SORT} -r | \
- ${TAIL} -n1
- )
- if [ -z "${KEY_DATE_STR}" ]
+ KEYS=$(${GPG_COMMAND} --list-secret-keys --with-colons "${GPG_ADDRESS}" 2>/dev/null)
+ [ -z "${KEYS}" ] && KEYS=$(${GPG_COMMAND} --list-keys --with-colons "${GPG_ADDRESS}" 2>/dev/null)
+
+ KEY_DATE=$(
+ echo "${KEYS}" \
+ | ${AWK} -F: '$1 == "fpr" {print $10}' \
+ | ${SORT} -u \
+ | while read -r KEY; do
+ ${GPG_COMMAND} --list-keys --with-colons "${KEY}" \
+ | awk -F: '$1 == "sub" || $1 == "pub" {print $7}' \
+ | ${SORT} -r \
+ | tail -n1
+ done \
+ | ${SORT} \
+ | tail -n1
+ )
+ if [ -z "${KEY_DATE}" ]
then
echo "No valid gpg-key found for ${GPG_ADDRESS}." | ${TEE} -a ${MAILOUT_TMP} >> ${STDOUT_TMP}
set_retcode 2
- else
- KEY_DATE=$(${DATE} +%s -ud "${KEY_DATE_STR}")
+ return
fi
KEY_DIFF=$[${KEY_DATE} - $(${DATE} +%s)]
@@ -524,17 +529,17 @@ check_gpg_key_status() {
if [ ${KEY_DIFF} -lt 0 ]
then
echo "The GPG key for ${GPG_ADDRESS} has expired!" >> ${MAILOUT_TMP}
- prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
+ prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
set_retcode 2
elif [ ${KEY_DIFF} -lt ${FWARNDAYS} ]
then
echo "The GPG key for ${GPG_ADDRESS} will expire on ${KEY_DATE_STR}" >> ${MAILOUT_TMP}
- prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
+ prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
set_retcode 1
else
- prints "GPG" " ${GPG_ADDRESS}" "Valid" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
+ prints "GPG" " ${GPG_ADDRESS}" "Valid" "${KEY_DATE}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
fi
}