Ticket #27293: tor-check-gpg-keys.sh

File tor-check-gpg-keys.sh, 2.4 KB (added by traumschule, 15 months ago)
Line 
1set -e
2debug=0
3n=0 # number of expired keys
4f=0 # failed to read key / malformed / no gpg data
5
6function debug {
7  [ $debug -gt 0 ] && echo $@
8}
9
10debug "Writing expired keys to expired.txt"
11echo "List created: $(date)" > expired.txt
12debug "Writing failed keys to failed.txt"
13echo "= Failed to read" > failed.txt
14
15function test_key {
16  file="$1"
17  url="$2"
18  [ -z "$file" ] && return
19  if [ ! -f "$file" ]
20  then
21    echo "File $file not found."
22    exit 1
23  else
24    debug -n "Testing $file: "
25    id=$(cat $file|gpg --show-keys 2>/dev/null|grep pub|head -n1)
26    uid=$(cat $file|gpg --show-keys 2>/dev/null|grep uid|head -n1)
27    if [ -z "$uid" ] ; then
28      f=$((f+1))
29      echo -e "* [$url $file]\n{{{\n$(cat $file|gpg --show-keys 2>&1)\n}}}" >> failed.txt
30      return
31    fi
32    expire="$(cat $file|gpg --show-keys|grep pub|grep expired|wc -l)"
33    if [ $((expire+0)) -gt 0 ]
34    then
35      n=$((n+1))
36      date=$(echo $id|rev|cut -d'[' -f1|rev)
37      name=$(echo $uid|sed -r "s/uid\s+(.+)/\1/")
38      echo -e "* [$url $name] [$date" >> expired.txt
39    else
40      debug "OK"
41    fi
42  fi
43}
44
45# Receive list
46[ -f "corepeople.html.en" ] || torify wget https://www.torproject.org/about/corepeople.html.en
47
48echo "= Key files on tpo" >> expired.txt
49for key in $(grep "pgp key" corepeople.html.en | sed -r 's/.+"icon"><a href="([^\"]+)"><img.+/\1/g'|grep "../keys")
50do
51  url="expyuzz4wqqyqhjn.onion/$key"
52  file=$(basename $url)
53  if [ ! -f $file ] ; then
54    debug "Fetching $url"
55    torify wget -q $url
56  fi
57  test_key $file http://$url
58  #gpg --list-packets $file | grep expire
59done
60
61echo -e "\n= Self-hosted keys (db.torproject.org)" >> expired.txt
62for url in $(grep "pgp key" corepeople.html.en | sed -r 's/.+"icon"><a href="([^\"]+)"><img.+/\1/g'|grep "https://db.torproject.org/fetchkey.cgi?fingerprint=")
63do
64  id=$(echo $url|cut -f2 -d'=')
65  if [ ! -f $id.asc ] ; then
66    debug "Fetching $id"
67    torify curl -s $url > $id.asc
68  fi
69  test_key $id.asc $url
70done
71
72echo -e "\n= Keys hosted somewhere else" >> expired.txt
73for url in $(grep "pgp key" corepeople.html.en | sed -r 's/.+"icon"><a href="([^\"]+)"><img.+/\1/g'|grep "http"|grep -v "db.torproject.org")
74do
75  debug $url
76  file=$(basename $url)
77  if [ ! -f $file ] ; then
78    debug "Fetching $url"
79    torify curl -s $url > $file
80  fi
81  test_key $file $url
82done
83#  if [ ! $(gpg --list-key $id >/dev/null) ; then
84
85echo "$n expired keys found."
86echo "Failed to read $f keys."