summaryrefslogtreecommitdiffstats
path: root/scripts/chk_expiry
blob: fffbb098df70a4311d23dab24f62f43b4bf0319b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

#!/usr/bin/perl
use strict;
use Date::Calc qw(Today Delta_Days Add_Delta_YM);

my (%conf);
%conf = (keyrings => ['debian-keyring.gpg', 'debian-nonupload.gpg',
		      'debian-maintainers.gpg'],
	 basedir => 'output/keyrings',
 	 cmd => 'gpg --no-default-keyring --keyring %s/%s --list-key|grep expire[ds]:'
#	 basedir => '/tmp',
#	 cmd => 'cat %s/%s'
    );

for my $keyring (@{$conf{keyrings}}) {
    my ($keys, @expired, @nextmonth, @threemonths);
    $keys = {};
    print "============================================================\n";
    print "Processing keyring: $keyring\n\n";
    for my $line (query_keyring($keyring)) {
	chomp($line);
	my ($key, $y, $m, $d);
	unless ($line =~ m![ps]ub\s+(?:rsa|dsa|elg|cv|ed)\d+/
                           (?:0x)?([\dABCDEF]{16})
                           \s.+expire[ds]:\s
                           (\d{4})-(\d{2})-(\d{2})!x) {
	    warn "Unrecognized: «$line»";
	    next;
	}
	($key, $y, $m, $d) = ($1, $2, $3, $4);
	$keys->{$key} = [$y, $m, $d];
    }
    print "\nAlready expired keys:\n";
    report($keys, [Today()]);
    print "\nKeys expiring soon (one month from today):\n";
    report($keys, [Add_Delta_YM(Today(),0,1)], [Today()]);
    print "\nKeys expiring after a month but within three months:\n";
    report($keys, [Add_Delta_YM(Today(),0,1)], [Add_Delta_YM(Today(),0,3)]);
}

sub query_keyring {
    my ($keyring, $cmd);
    $keyring = shift;
    $cmd = sprintf($conf{cmd}, $conf{basedir}, $keyring);
    return `$cmd`;
}

# Called with three parameters:
# - $keys: Hash keyed by keyid, with the expiry date in [y,m,d] form as its 
#   value
# - $before: [y,m,d] form. Keys expiring before this date will be reported
# - $limit: Optional, [y,m,d] form. Keys expiring before this date will be 
#   ignored.
sub report {
    my ($keys, $before, $limit, %res);
    $keys = shift;
    $before = shift;
    $limit = shift;
    for my $key (keys %$keys) {
	next if Delta_Days(@{$keys->{$key}}, @{$before}) < 0;
	next if $limit and Delta_Days(@{$keys->{$key}}, @{$limit}) > 0;
	$res{$key} = {expiry => $keys->{$key}, 
		      days_to_exp => Delta_Days(Today, @{$keys->{$key}}) };
    }

    foreach my $key (sort {$res{$a}{days_to_exp} <=> $res{$b}{days_to_exp}}
		     keys %res) {
	printf("%s: %s (%s days)\n", $key, join('-', @{$res{$key}{expiry}}),
	       $res{$key}{days_to_exp});
    }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 20:07:44 +0000