Adding upstream version 2022.12.24.upstream/2022.12.24 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 09:19:41 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 09:19:41 +0000
commit: a27c8b00ebf173659f22f53ce65679e94e7dfb1b (patch)
tree: 02c68ec259348b63c6328896aa73265eb7b3d730 /t/at-least-2048.t
parent: Initial commit. (diff)
download: debian-keyring-upstream.tar.xz
debian-keyring-upstream.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/t/at-least-2048.t b/t/at-least-2048.t
new file mode 100755
index 0000000..07be53b
--- /dev/null
+++ b/t/at-least-2048.t
@@ -0,0 +1,22 @@
+#!/bin/sh
+# Looks for revoked keys in our active keyrings
+set -e
+
+find_too_short () {
+	k=$1
+	gpg --no-options --no-auto-check-trustdb --no-default-keyring \
+		--keyring "./output/keyrings/$k" --list-keys --with-colons \
+		| awk -F: -v keyring=$1 \
+		'BEGIN { ok = 1 } \
+		/^pub/ { fpr = $5 ; if ($3 < 2048 && $4 < 18) { print keyring ":\t0x" $5 " is smaller than 2048 bits"; ok = 0 } } \
+		/^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 18) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \
+		END { if (!ok) { exit 1 } }'
+}
+
+fail=0
+for keyring in debian-keyring.gpg debian-maintainers.gpg \
+		debian-nonupload.gpg debian-role-keys.gpg; do
+	find_too_short $keyring
+done
+
+exit $fail
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 09:19:41 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 09:19:41 +0000
commit	a27c8b00ebf173659f22f53ce65679e94e7dfb1b (patch)
tree	02c68ec259348b63c6328896aa73265eb7b3d730 /t/at-least-2048.t
parent	Initial commit. (diff)
download	debian-keyring-upstream.tar.xz debian-keyring-upstream.zip