mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
feat: find PGP keys from within the linter
- Find PGP keys using the same methods as other scripts; - Lower threshold to 30 days by default; - Add environment variable to set threshold; - Add colors to distinguish expired from expires soon; and - Add days until key expiration when it is below threshold.
This commit is contained in:
parent
7a0fac1dbb
commit
04d1aaf63e
2
.github/workflows/cron.yaml
vendored
2
.github/workflows/cron.yaml
vendored
@ -24,4 +24,4 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Discover keys that are expired or close to expiration date
|
- name: Discover keys that are expired or close to expiration date
|
||||||
run: scripts/pgp-lint.sh $(find -type f -name "*.asc")
|
run: scripts/pgp-lint.sh
|
||||||
|
@ -6,41 +6,96 @@
|
|||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
|
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
|
||||||
|
repo_toplevel="$(git rev-parse --show-toplevel)"
|
||||||
|
test -d "${repo_toplevel}" || exit 1
|
||||||
|
unset repo_toplevel
|
||||||
now="$(date +%s)"
|
now="$(date +%s)"
|
||||||
fail="0"
|
fail="0"
|
||||||
if test -z "${1-}"; then
|
find_tool="$(./scripts/best-program.sh fd fdfind find)"
|
||||||
echo "No file provided" >&2
|
|
||||||
exit 1
|
if test -n "${1-}"; then
|
||||||
|
files=""
|
||||||
|
for f in "${@}"; do
|
||||||
|
test -f "${f}" || continue
|
||||||
|
test -r "${f}" || continue
|
||||||
|
extension="${f##*.}"
|
||||||
|
case "${extension}" in
|
||||||
|
asc|gpg) files="${files} ${f}";;
|
||||||
|
*) continue;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
else
|
||||||
|
case "${find_tool}" in
|
||||||
|
fd|fdfind)
|
||||||
|
files="$(${find_tool} . -H -t f -e asc -e gpg | sort -d)"
|
||||||
|
;;
|
||||||
|
find)
|
||||||
|
files="$(find . -type f \( -name '*.asc' -o -name '*.gpg' \) | sort -d)"
|
||||||
|
;;
|
||||||
|
*) echo "Unsupported find tool" >&2; exit 1;;
|
||||||
|
esac
|
||||||
fi
|
fi
|
||||||
for key in "${@}"; do
|
|
||||||
|
if test -z "${files}"; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
for key in ${files}; do
|
||||||
data="$(gpg --no-keyring --no-auto-check-trustdb --no-autostart \
|
data="$(gpg --no-keyring --no-auto-check-trustdb --no-autostart \
|
||||||
--with-colons --show-keys "${key}")"
|
--with-colons --show-keys "${key}")"
|
||||||
nr="$(echo "${data}" | awk '/^(p|s)ub:/' | wc -l | cut -d " " -f1)"
|
nr="$(echo "${data}" | grep -Ec '^(p|s)ub:')"
|
||||||
|
## Threshold in days.
|
||||||
|
threshold="${PGP_LINT_THRESHOLD:-30}"
|
||||||
|
tty_stderr=0
|
||||||
|
if test -t 2; then
|
||||||
|
tty_stderr=1
|
||||||
|
fi
|
||||||
echo "${data}" | awk -v fail="0" -v key="${key}" -v nr="${nr}" \
|
echo "${data}" | awk -v fail="0" -v key="${key}" -v nr="${nr}" \
|
||||||
-v now="${now}" -F ':' '/^(p|s)ub:/ {
|
-v threshold="${threshold}" -v now="${now}" -v color="${tty_stderr}" \
|
||||||
nlines++;
|
-F ':' '
|
||||||
|
BEGIN {
|
||||||
|
MAGENTA = ""
|
||||||
|
YELLOW = ""
|
||||||
|
RED = ""
|
||||||
|
RESET = ""
|
||||||
|
if (color == 1) {
|
||||||
|
MAGENTA = "\033[1;35m"
|
||||||
|
YELLOW = "\033[1;33m"
|
||||||
|
RED = "\033[1;31m"
|
||||||
|
RESET = "\033[0m"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($7=="") {
|
/^(p|s)ub:/{
|
||||||
if (nlines==nr) { if (fail==1) { exit 1; }; }
|
|
||||||
|
nlines++
|
||||||
|
|
||||||
|
if ($7 == "") {
|
||||||
|
if (nlines == nr ) { if (fail == 1) { exit 1 } }
|
||||||
next
|
next
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($7<now) {
|
if ($7 < now) {
|
||||||
print key ": expired:", $5 >"/dev/stderr";
|
message = MAGENTA key RESET ":" RED " expired " RESET ": " $5
|
||||||
fail=1
|
print message >"/dev/stderr"
|
||||||
if (nlines==nr) { if (fail==1) { exit 1; }; }
|
fail = 1
|
||||||
|
if (nlines == nr ) { if (fail == 1) { exit 1 } }
|
||||||
next
|
next
|
||||||
}
|
}
|
||||||
|
|
||||||
# 60 days
|
else if (($7 - now) < (60 * 60 * 24 * threshold )) {
|
||||||
else if (($7-now)<(60*60*24*60)) {
|
remaining_days = int(($7 - now) / (60 * 60 * 24))
|
||||||
print key ": expires soon:", $5 >"/dev/stderr";
|
message_prefix = MAGENTA key RESET ":" YELLOW " expires in "
|
||||||
fail=1
|
message_suffix = remaining_days " days" RESET ": " $5
|
||||||
if (nlines==nr) { if (fail==1) { exit 1; }; }
|
message = message_prefix message_suffix
|
||||||
|
print message >"/dev/stderr"
|
||||||
|
fail = 1
|
||||||
|
if (nlines == nr ) { if (fail == 1) { exit 1 } }
|
||||||
next
|
next
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fail==1) {
|
if (fail == 1) {
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
}' || fail="1"
|
}' || fail="1"
|
||||||
|
Loading…
Reference in New Issue
Block a user