summaryrefslogtreecommitdiff
path: root/lib/keyringer/functions
diff options
context:
space:
mode:
Diffstat (limited to 'lib/keyringer/functions')
-rwxr-xr-xlib/keyringer/functions50
1 files changed, 47 insertions, 3 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 475514d..4746859 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -514,11 +514,23 @@ function keyringer_usage {
}
# Check recipients
+# TODO: break in smaller pieces
function keyringer_check_recipients {
+ # Shall we check recipients?
if [ "$KEYRINGER_CHECK_RECIPIENTS" == "false" ]; then
return
fi
+ # Local variables
+ local processed=":"
+
+ # Sync the repository
+ if [ "$BASENAME" == "check" ]; then
+ echo "Syncing git repository..."
+ keyringer_exec git "$BASEDIR" pull
+ echo ""
+ fi
+
# Check if recipients file is empty.
if [ "`grep -vE "^#|^$" "$RECIPIENTS"/* | wc -l`" == 0 ] && [ "$SUBCOMMAND" != "edit" ]; then
echo "Fatal: no recipients configured for this keyring."
@@ -538,6 +550,13 @@ function keyringer_check_recipients {
fi
for recipient in $(cat "$RECIPIENTS"/* | grep -v '^#' | awk '{ print $2 }'); do
+ # Process a recipient just once
+ if echo $processed | grep -q "$recipient:"; then
+ continue
+ else
+ processed="$processed$recipient:"
+ fi
+
size=$(echo "$recipient" | wc -c)
if (( $size < 41 )); then
echo "Fatal: please set the full GPG signature hash for key ID $recipient:"
@@ -561,9 +580,32 @@ EOF
else
gpg --list-key "$recipient" &> /dev/null
if [ "$?" != "0" ]; then
- echo "Fatal: no such key $recipient on your GPG keyring."
- echo "Please check for this key or fix the recipient file."
- exit 1
+ if [ "$BASENAME" == "check" ]; then
+ # TODO: gpg-maintenance trickery
+ # TODO: should be controlled by user preference
+ refresh="no"
+ echo "Trying to receive missing key $recipient..."
+ gpg --batch --recv-keys "$recipient"
+ echo ""
+ if [ "$?" != 0 ]; then
+ echo "Error fetching $recipient from keyservers."
+ continue
+ fi
+ else
+ echo "Fatal: no such key $recipient on your GPG keyring."
+ echo "Please check for this key or fix the recipient file."
+
+ exit 1
+ fi
+ fi
+
+ # Refresh keys
+ if [ "$BASENAME" == "check" ] && [ "$refresh" != "no" ]; then
+ # TODO: gpg-maintenance trickery
+ # TODO: should be controlled by user preference
+ echo "Trying to refresh key $recipient..."
+ gpg --batch --refresh-keys "$recipient"
+ echo ""
fi
# Current date
@@ -573,6 +615,7 @@ EOF
expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`"
# Check if key is expired
+ # TODO: check if key is about to expire
if [ ! -z "$expiry" ] && [[ "$seconds" -gt "$expiry" ]]; then
echo "Fatal: primary key for $recipient expired on `date --date="@$expiry"`"
exit 1
@@ -580,6 +623,7 @@ EOF
# Check the subkeys
for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
if [[ "$seconds" -lt "$expiry" ]]; then
+ # TODO: check if subkey is about to expire
not_expired="1"
fi