From 4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 23 Feb 2014 12:26:32 -0300 Subject: Design for check and canary --- lib/keyringer/actions/canary | 46 ++++++++++++++++++++++++++++++++++++++++++++ lib/keyringer/actions/check | 26 +++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100755 lib/keyringer/actions/canary create mode 100755 lib/keyringer/actions/check diff --git a/lib/keyringer/actions/canary b/lib/keyringer/actions/canary new file mode 100755 index 0000000..a27d562 --- /dev/null +++ b/lib/keyringer/actions/canary @@ -0,0 +1,46 @@ +#!/bin/bash +# +# Keyringer's canary warrant implementation. +# +# Inspired by: +# +# https://en.wikipedia.org/wiki/Warrant_canary +# http://www.rsync.net/resources/notices/canary.txt +# +# A canary is: +# +# - Generated using any combination of public available RSS +# feeds configured by user preferences. +# +# - Configured to generate new information once a day. +# If you run it more than that interval, no canary will +# be updated. +# +# A canary is stored: +# +# - In a folder called "canaries" followed by the user ID. +# +# - With an addiditonal timestamp stored plain+signed so it +# can be easily checked. +# +# - Can optionally be uploaded (encrypted or plain+signed) to a +# remote url via scp. +# +# - Can optinally be included in another git repository +# (encrypted or plain+signed), commited and pushed +# to a remote repository (ikiwiki instance, etc). +# +# How to run: +# +# - First, "keyringer preferences edit # basic canary preferences". +# +# - Then, add the following at your ~/.profile or wherever you want your canary +# be called from: "keyringer canary". + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# TODO: code! +echo "Not implemented :(" +exit 1 diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check new file mode 100755 index 0000000..669b994 --- /dev/null +++ b/lib/keyringer/actions/check @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Check a keyring. +# +# See also some useful OpenPGP maintenance scripts: +# +# - git://lair.fifthhorseman.net/~mjgoins/cur +# - https://gitorious.org/key-report +# - https://github.com/ilf/gpg-maintenance.git +# +# This script can run from a crontab, client of server side to check +# keyringer health status. + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# TODO: Automatically fetch absent keys from all recipients. +# TODO: Automatically pull a repository. +# TODO: Check if keys in all recipients files are about to expire. +# TODO: Time to expire can be configured via repository options. +# TODO: Users can be alerted by mail if configured by user preferences. +# TODO: Check canaries' timestamps, warning by mail if configured by user preferences. +# TODO: Outgoing emails can be encrypted. +echo "Not implemented :(" +exit 1 -- cgit v1.2.3