diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2014-02-23 12:26:32 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2014-02-23 12:26:32 -0300 |
| commit | 4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff (patch) | |
| tree | 0bba24ec49f6d6fc5328015a54c91d33c89ba6af | |
| parent | 43b9567ce09c7c9161b096d9cddac68ec659fa45 (diff) | |
| download | keyringer-4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff.tar.gz keyringer-4cb5cd0c09da6ed55d1c00f97608e94f9e0b87ff.tar.bz2 | |
Design for check and canary
| -rwxr-xr-x | lib/keyringer/actions/canary | 46 | ||||
| -rwxr-xr-x | lib/keyringer/actions/check | 26 |
2 files changed, 72 insertions, 0 deletions
diff --git a/lib/keyringer/actions/canary b/lib/keyringer/actions/canary new file mode 100755 index 0000000..a27d562 --- /dev/null +++ b/lib/keyringer/actions/canary @@ -0,0 +1,46 @@ +#!/bin/bash +# +# Keyringer's canary warrant implementation. +# +# Inspired by: +# +# https://en.wikipedia.org/wiki/Warrant_canary +# http://www.rsync.net/resources/notices/canary.txt +# +# A canary is: +# +# - Generated using any combination of public available RSS +# feeds configured by user preferences. +# +# - Configured to generate new information once a day. +# If you run it more than that interval, no canary will +# be updated. +# +# A canary is stored: +# +# - In a folder called "canaries" followed by the user ID. +# +# - With an addiditonal timestamp stored plain+signed so it +# can be easily checked. +# +# - Can optionally be uploaded (encrypted or plain+signed) to a +# remote url via scp. +# +# - Can optinally be included in another git repository +# (encrypted or plain+signed), commited and pushed +# to a remote repository (ikiwiki instance, etc). +# +# How to run: +# +# - First, "keyringer <keyringe> preferences edit # basic canary preferences". +# +# - Then, add the following at your ~/.profile or wherever you want your canary +# be called from: "keyringer <keyring> canary". + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# TODO: code! +echo "Not implemented :(" +exit 1 diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check new file mode 100755 index 0000000..669b994 --- /dev/null +++ b/lib/keyringer/actions/check @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Check a keyring. +# +# See also some useful OpenPGP maintenance scripts: +# +# - git://lair.fifthhorseman.net/~mjgoins/cur +# - https://gitorious.org/key-report +# - https://github.com/ilf/gpg-maintenance.git +# +# This script can run from a crontab, client of server side to check +# keyringer health status. + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# TODO: Automatically fetch absent keys from all recipients. +# TODO: Automatically pull a repository. +# TODO: Check if keys in all recipients files are about to expire. +# TODO: Time to expire can be configured via repository options. +# TODO: Users can be alerted by mail if configured by user preferences. +# TODO: Check canaries' timestamps, warning by mail if configured by user preferences. +# TODO: Outgoing emails can be encrypted. +echo "Not implemented :(" +exit 1 |