From 7dfa9fe0c70bf96736237aacf3c56d16695c6096 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 24 Feb 2014 20:26:26 -0300
Subject: Starting to code check action

---
 lib/keyringer/functions | 50 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 47 insertions(+), 3 deletions(-)

(limited to 'lib/keyringer/functions')

diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 475514d..4746859 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -514,11 +514,23 @@ function keyringer_usage {
 }
 
 # Check recipients
+# TODO: break in smaller pieces
 function keyringer_check_recipients {
+  # Shall we check recipients?
   if [ "$KEYRINGER_CHECK_RECIPIENTS" == "false" ]; then
     return
   fi
 
+  # Local variables
+  local processed=":"
+
+  # Sync the repository
+  if [ "$BASENAME" == "check" ]; then
+    echo "Syncing git repository..."
+    keyringer_exec git "$BASEDIR" pull
+    echo ""
+  fi
+
   # Check if recipients file is empty.
   if [ "`grep -vE "^#|^$" "$RECIPIENTS"/* | wc -l`" == 0 ] && [ "$SUBCOMMAND" != "edit" ]; then
     echo "Fatal: no recipients configured for this keyring."
@@ -538,6 +550,13 @@ function keyringer_check_recipients {
   fi
 
   for recipient in $(cat "$RECIPIENTS"/* | grep -v '^#' | awk '{ print $2 }'); do
+    # Process a recipient just once
+    if echo $processed | grep -q "$recipient:"; then
+      continue
+    else
+      processed="$processed$recipient:"
+    fi
+
     size=$(echo "$recipient" | wc -c)
     if (( $size < 41 )); then
       echo "Fatal: please set the full GPG signature hash for key ID $recipient:"
@@ -561,9 +580,32 @@ EOF
     else
       gpg --list-key "$recipient" &> /dev/null
       if [ "$?" != "0" ]; then
-        echo "Fatal: no such key $recipient on your GPG keyring."
-        echo "Please check for this key or fix the recipient file."
-        exit 1
+        if [ "$BASENAME" == "check" ]; then
+          # TODO: gpg-maintenance trickery
+          # TODO: should be controlled by user preference
+          refresh="no"
+          echo "Trying to receive missing key $recipient..."
+          gpg --batch --recv-keys "$recipient"
+          echo ""
+          if [ "$?" != 0 ]; then
+            echo "Error fetching $recipient from keyservers."
+            continue
+          fi
+        else
+          echo "Fatal: no such key $recipient on your GPG keyring."
+          echo "Please check for this key or fix the recipient file."
+
+          exit 1
+        fi
+      fi
+
+      # Refresh keys
+      if [ "$BASENAME" == "check" ] && [ "$refresh" != "no" ]; then
+        # TODO: gpg-maintenance trickery
+        # TODO: should be controlled by user preference
+        echo "Trying to refresh key $recipient..."
+        gpg --batch --refresh-keys "$recipient"
+        echo ""
       fi
 
       # Current date
@@ -573,6 +615,7 @@ EOF
       expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`"
 
       # Check if key is expired
+      # TODO: check if key is about to expire
       if [ ! -z "$expiry" ] && [[ "$seconds" -gt "$expiry" ]]; then
         echo "Fatal: primary key for $recipient expired on `date --date="@$expiry"`"
         exit 1
@@ -580,6 +623,7 @@ EOF
         # Check the subkeys
         for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
           if [[ "$seconds" -lt "$expiry" ]]; then
+            # TODO: check if subkey is about to expire
             not_expired="1"
           fi
 
-- 
cgit v1.2.3