From 8712387a029b5dbc9e4e94e58477b1521ad2341c Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 7 Jul 2023 21:39:24 +0200 Subject: gpg: * consider newest key only * consider oldest sig of this key * clean up date parsing --- crypt-expiry-check.in | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 14f7432..c24dfbc 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -495,22 +495,27 @@ check_gpg_key_status() { exit 1 fi - KEY_INFO=$(${GPG_COMMAND} --list-secret-keys "${GPG_ADDRESS}" 2> /dev/null) - [ -z "${KEY_INFO}" ] && KEY_INFO=$(${GPG_COMMAND} --list-keys "${GPG_ADDRESS}") - - KEY_DATE_STR=$( - echo "${KEY_INFO}" | \ - ${GREP} "\[\(expire[ds]\|verfallen\|verf..\?llt\):[^]]*]" | \ - ${SED} "s#^.*\[\(expire[ds]\|verfallen\|verf..\?llt\):\s*\(\S[^]]*\)].*\$#\2#" | \ - ${SORT} -r | \ - ${TAIL} -n1 - ) - if [ -z "${KEY_DATE_STR}" ] + KEYS=$(${GPG_COMMAND} --list-secret-keys --with-colons "${GPG_ADDRESS}" 2>/dev/null) + [ -z "${KEYS}" ] && KEYS=$(${GPG_COMMAND} --list-keys --with-colons "${GPG_ADDRESS}" 2>/dev/null) + + KEY_DATE=$( + echo "${KEYS}" \ + | ${AWK} -F: '$1 == "fpr" {print $10}' \ + | ${SORT} -u \ + | while read -r KEY; do + ${GPG_COMMAND} --list-keys --with-colons "${KEY}" \ + | awk -F: '$1 == "sub" || $1 == "pub" {print $7}' \ + | ${SORT} -r \ + | tail -n1 + done \ + | ${SORT} \ + | tail -n1 + ) + if [ -z "${KEY_DATE}" ] then echo "No valid gpg-key found for ${GPG_ADDRESS}." | ${TEE} -a ${MAILOUT_TMP} >> ${STDOUT_TMP} set_retcode 2 - else - KEY_DATE=$(${DATE} +%s -ud "${KEY_DATE_STR}") + return fi KEY_DIFF=$[${KEY_DATE} - $(${DATE} +%s)] @@ -524,17 +529,17 @@ check_gpg_key_status() { if [ ${KEY_DIFF} -lt 0 ] then echo "The GPG key for ${GPG_ADDRESS} has expired!" >> ${MAILOUT_TMP} - prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} + prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} set_retcode 2 elif [ ${KEY_DIFF} -lt ${FWARNDAYS} ] then echo "The GPG key for ${GPG_ADDRESS} will expire on ${KEY_DATE_STR}" >> ${MAILOUT_TMP} - prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} + prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} set_retcode 1 else - prints "GPG" " ${GPG_ADDRESS}" "Valid" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} + prints "GPG" " ${GPG_ADDRESS}" "Valid" "${KEY_DATE}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} fi } -- cgit v1.2.3-70-g09d2