From d0beeb5ddea416bc7cb2331689eecdb7245a9a6e Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Thu, 7 Mar 2024 18:13:48 +0100
Subject: sign-ca: remove all expired certificates

---
 sign-ca.in | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sign-ca.in b/sign-ca.in
index ab93130..bfd25a7 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -115,6 +115,15 @@ rsync --ignore-missing-args \
 | ssh "${remote_host}" '
   cd "'"${remote_dir}"'"
   while read -r time sum file; do
+    for f in ????-??-??T??\:??\:??".${file}"; do
+      [ -f "${f}" ] || continue
+      if [ $(date -d"$(openssl x509 -noout -enddate -in "${f}" | cut -d= -f2)" +%s) -ge $(($(date +%s)-24*60*60*30)) ]; then
+        rm "${f}"
+        sed -i '"'"'
+          /^[0-9a-f]\{127\}  '"'"'"${f//./\\.}"'"'"'$/d
+        '"'"' sha512sums
+      fi
+    done
     mv "${file}" "${time}.${file}"
     printf '"'"'%s  %s\n'"'"' "${sum}" "${time}.${file}" \
     >> sha512sums
-- 
cgit v1.2.3-54-g00ecf