sign-ca: remove all expired certificates

author: Erich Eckner <git@eckner.net> 2024-03-07 18:13:48 +0100
committer: Erich Eckner <git@eckner.net> 2024-03-07 18:13:48 +0100
commit: d0beeb5ddea416bc7cb2331689eecdb7245a9a6e (patch)
tree: 2dc802e1cb7e6914a48c8fade7d82eb4ee110fb9
parent: 18dc785aa1f5b4feac81c480c89b3fcf8a5c4048 (diff)
download: simple-pki-d0beeb5ddea416bc7cb2331689eecdb7245a9a6e.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/sign-ca.in b/sign-ca.in
index ab93130..bfd25a7 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -115,6 +115,15 @@ rsync --ignore-missing-args \
 | ssh "${remote_host}" '
   cd "'"${remote_dir}"'"
   while read -r time sum file; do
+    for f in ????-??-??T??\:??\:??".${file}"; do
+      [ -f "${f}" ] || continue
+      if [ $(date -d"$(openssl x509 -noout -enddate -in "${f}" | cut -d= -f2)" +%s) -ge $(($(date +%s)-24*60*60*30)) ]; then
+        rm "${f}"
+        sed -i '"'"'
+          /^[0-9a-f]\{127\}  '"'"'"${f//./\\.}"'"'"'$/d
+        '"'"' sha512sums
+      fi
+    done
     mv "${file}" "${time}.${file}"
     printf '"'"'%s  %s\n'"'"' "${sum}" "${time}.${file}" \
     >> sha512sums
author	Erich Eckner <git@eckner.net>	2024-03-07 18:13:48 +0100
committer	Erich Eckner <git@eckner.net>	2024-03-07 18:13:48 +0100
commit	d0beeb5ddea416bc7cb2331689eecdb7245a9a6e (patch)
tree	2dc802e1cb7e6914a48c8fade7d82eb4ee110fb9
parent	18dc785aa1f5b4feac81c480c89b3fcf8a5c4048 (diff)
download	simple-pki-d0beeb5ddea416bc7cb2331689eecdb7245a9a6e.tar.xz