summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2014-02-23 12:26:32 -0300
committerSilvio Rhatto <rhatto@riseup.net>2014-02-23 12:26:32 -0300
commit4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff (patch)
tree0bba24ec49f6d6fc5328015a54c91d33c89ba6af
parent43b9567ce09c7c9161b096d9cddac68ec659fa45 (diff)
downloadkeyringer-4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff.tar.gz
keyringer-4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff.tar.bz2
Design for check and canary
-rwxr-xr-xlib/keyringer/actions/canary46
-rwxr-xr-xlib/keyringer/actions/check26
2 files changed, 72 insertions, 0 deletions
diff --git a/lib/keyringer/actions/canary b/lib/keyringer/actions/canary
new file mode 100755
index 0000000..a27d562
--- /dev/null
+++ b/lib/keyringer/actions/canary
@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# Keyringer's canary warrant implementation.
+#
+# Inspired by:
+#
+# https://en.wikipedia.org/wiki/Warrant_canary
+# http://www.rsync.net/resources/notices/canary.txt
+#
+# A canary is:
+#
+# - Generated using any combination of public available RSS
+# feeds configured by user preferences.
+#
+# - Configured to generate new information once a day.
+# If you run it more than that interval, no canary will
+# be updated.
+#
+# A canary is stored:
+#
+# - In a folder called "canaries" followed by the user ID.
+#
+# - With an addiditonal timestamp stored plain+signed so it
+# can be easily checked.
+#
+# - Can optionally be uploaded (encrypted or plain+signed) to a
+# remote url via scp.
+#
+# - Can optinally be included in another git repository
+# (encrypted or plain+signed), commited and pushed
+# to a remote repository (ikiwiki instance, etc).
+#
+# How to run:
+#
+# - First, "keyringer <keyringe> preferences edit # basic canary preferences".
+#
+# - Then, add the following at your ~/.profile or wherever you want your canary
+# be called from: "keyringer <keyring> canary".
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# TODO: code!
+echo "Not implemented :("
+exit 1
diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check
new file mode 100755
index 0000000..669b994
--- /dev/null
+++ b/lib/keyringer/actions/check
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Check a keyring.
+#
+# See also some useful OpenPGP maintenance scripts:
+#
+# - git://lair.fifthhorseman.net/~mjgoins/cur
+# - https://gitorious.org/key-report
+# - https://github.com/ilf/gpg-maintenance.git
+#
+# This script can run from a crontab, client of server side to check
+# keyringer health status.
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# TODO: Automatically fetch absent keys from all recipients.
+# TODO: Automatically pull a repository.
+# TODO: Check if keys in all recipients files are about to expire.
+# TODO: Time to expire can be configured via repository options.
+# TODO: Users can be alerted by mail if configured by user preferences.
+# TODO: Check canaries' timestamps, warning by mail if configured by user preferences.
+# TODO: Outgoing emails can be encrypted.
+echo "Not implemented :("
+exit 1