diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:19:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:19:41 +0000 |
commit | a27c8b00ebf173659f22f53ce65679e94e7dfb1b (patch) | |
tree | 02c68ec259348b63c6328896aa73265eb7b3d730 /t/at-least-2048.t | |
parent | Initial commit. (diff) | |
download | debian-keyring-a27c8b00ebf173659f22f53ce65679e94e7dfb1b.tar.xz debian-keyring-a27c8b00ebf173659f22f53ce65679e94e7dfb1b.zip |
Adding upstream version 2022.12.24.upstream/2022.12.24upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 't/at-least-2048.t')
-rwxr-xr-x | t/at-least-2048.t | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/t/at-least-2048.t b/t/at-least-2048.t new file mode 100755 index 0000000..07be53b --- /dev/null +++ b/t/at-least-2048.t @@ -0,0 +1,22 @@ +#!/bin/sh +# Looks for revoked keys in our active keyrings +set -e + +find_too_short () { + k=$1 + gpg --no-options --no-auto-check-trustdb --no-default-keyring \ + --keyring "./output/keyrings/$k" --list-keys --with-colons \ + | awk -F: -v keyring=$1 \ + 'BEGIN { ok = 1 } \ + /^pub/ { fpr = $5 ; if ($3 < 2048 && $4 < 18) { print keyring ":\t0x" $5 " is smaller than 2048 bits"; ok = 0 } } \ + /^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 18) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \ + END { if (!ok) { exit 1 } }' +} + +fail=0 +for keyring in debian-keyring.gpg debian-maintainers.gpg \ + debian-nonupload.gpg debian-role-keys.gpg; do + find_too_short $keyring +done + +exit $fail |