sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
cdn-ops/global/post-tasks.d/015cosmos-trust
John Van de Meulebrouck Brendgard b56799bcc6
Added automatic re-import of expired keys as in eduID
2016-08-27 23:52:14 +02:00

29 lines
1 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
if [ -z "$COSMOS_KEYS" ]; then
COSMOS_KEYS=/etc/cosmos/keys
fi
# Install new keys discovered in the $COSMOS_KEYS directory
for k in $COSMOS_KEYS/*.pub; do
fp=`cosmos gpg --with-colons --with-fingerprint < $k | awk -F: '$1 == "pub" {print $5}'`
fp_in_db=`cosmos gpg --with-colons --fingerprint | grep ":$fp:"`
if [ "x`echo $fp_in_db | grep '^pub:e:'`" != "x" ]; then
echo "$0: Key expired, will re-import it from $k"
cosmos gpg --fingerprint $fp
fi
# The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
echo $fp_in_db | grep -v "^pub:e:" | grep -q ":$fp:" || cosmos gpg --import < $k
done
# Delete keys no longer present in $COSMOS_KEYS directory
for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
seen="no"
for k in $COSMOS_KEYS/*.pub; do
cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
done
if [ "x$seen" = "xno" ]; then
cosmos gpg --yes --batch --delete-key $fp || true
fi
done
Reference in a new issue View git blame Copy permalink