summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2014-02-25 17:07:21 -0300
committerSilvio Rhatto <rhatto@riseup.net>2014-02-25 17:07:21 -0300
commitf6b2f4910184cdce2c1a27fab16eeebecd789446 (patch)
tree5f39acd2d7c18e384628af2ca2da1028a782486e
parent2b2cbe33a1aefb9b8eb2b812f1d4b3274e51a0df (diff)
downloadkeyringer-f6b2f4910184cdce2c1a27fab16eeebecd789446.tar.gz
keyringer-f6b2f4910184cdce2c1a27fab16eeebecd789446.tar.bz2
Check if keys are about to expire
-rwxr-xr-xlib/keyringer/functions44
1 files changed, 27 insertions, 17 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index ca59501..4ded3b3 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -665,13 +665,10 @@ function keyringer_check_recipient_key {
}
# Check key expiration
-# TODO: Check if keys in all recipients files are about to expire.
-# TODO: Time to expire can be configured via repository options.
-# TODO: Users can be alerted by mail if configured by user preferences.
-# TODO: Outgoing emails can be encrypted.
function keyringer_check_expiration {
# Variables
local recipient="$1"
+ local not_expired="0"
# Current date
seconds="`date +%s`"
@@ -679,24 +676,37 @@ function keyringer_check_expiration {
# Check the main key
expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`"
+ # TODO: Time to expire can be configured via repository options.
+ ahead="$((86400 * 30 + $seconds))"
+
# Check if key is expired
- # TODO: check if key is about to expire
if [ ! -z "$expiry" ] && [[ "$seconds" -gt "$expiry" ]]; then
echo "Fatal: primary key for $recipient expired on `date --date="@$expiry"`"
exit 1
- else
- # Check the subkeys
- for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
- if [[ "$seconds" -lt "$expiry" ]]; then
- # TODO: check if subkey is about to expire
- not_expired="1"
- fi
+ fi
- if [ "$not_expired" != "1" ]; then
- echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired."
- exit 1
- fi
- done
+ # Check if key is about to expire
+ # TODO: Users can be alerted by mail if configured by user preferences.
+ # TODO: Outgoing emails can be encrypted.
+ if [ "$BASENAME" == "check" ] && [ ! -z "$expiry" ] && [[ "$ahead" -gt "$expiry" ]]; then
+ echo "Warning: key $recipient will expire soon, on `date --date="@$expiry"`"
+ fi
+
+ # Check the subkeys
+ for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
+ if [[ "$seconds" -lt "$expiry" ]]; then
+ not_expired="1"
+ fi
+
+ if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then
+ echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`"
+ fi
+ done
+
+ # All subkeys are expired
+ if [ "$not_expired" != "1" ]; then
+ echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired."
+ exit 1
fi
}