[opensuse-buildservice] Check signkey is (still) valid
How can I check if a projects signkey is still valid or needs extension. Is there an osc or gpg command I can use to find that out to write a Nagios check to warn me, before the key expires and users complain. Kind regards Ralf -- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
On 2019-01-24 11:41:54 +0100, Ralf Becker wrote:
How can I check if a projects signkey is still valid or needs extension.
Is there an osc or gpg command I can use to find that out to write a Nagios check to warn me, before the key expires and users complain.
You could do something like osc signkey <project> | gpg --show-keys and then extract the expiration date. (Maybe there's a more clever way to directly read the expiration date...) Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Jan 24 2019, Marcus Hüwe
On 2019-01-24 11:41:54 +0100, Ralf Becker wrote:
How can I check if a projects signkey is still valid or needs extension.
Is there an osc or gpg command I can use to find that out to write a Nagios check to warn me, before the key expires and users complain.
You could do something like
osc signkey <project> | gpg --show-keys
and then extract the expiration date. (Maybe there's a more clever way to directly read the expiration date...)
You can use --with-colons, this makes the output easily machine parsed. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Am 24.01.19 um 14:29 schrieb Marcus Hüwe:
On 2019-01-24 11:41:54 +0100, Ralf Becker wrote:
How can I check if a projects signkey is still valid or needs extension.
Is there an osc or gpg command I can use to find that out to write a Nagios check to warn me, before the key expires and users complain.
You could do something like
osc signkey <project> | gpg --show-keys
and then extract the expiration date. (Maybe there's a more clever way to directly read the expiration date...)
Marcus
gpg on our private build-server (openSUSE Leap 42.2) does not know --show-keys :( gpg --list-keys lists the keys in it's key-ring, not the one on the command line. This is what I found to analyse the key piped into gpg: obs:~> osc signkey server:eGroupWare | gpg --list-packets :public key packet: version 4, algo 1, created 1478096796, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] keyid: 3545DFD68B5C64E0 :user ID packet: "server:eGroupWare OBS Project server:eGroupWare@build.opensuse.org" :signature packet: algo 1, keyid 3545DFD68B5C64E0 version 4, created 1548317362, md5len 0, sigclass 0x13 digest algo 2, begin of digest f3 fc hashed subpkt 2 len 4 (sig created 2019-01-24) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 9 len 4 (key expires after 4y152d17h42m) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 3545DFD68B5C64E0) data: [2046 bits] :signature packet: algo 17, keyid 3B3011B76B9D6523 version 4, created 1478096796, md5len 0, sigclass 0x13 digest algo 2, begin of digest 47 cd hashed subpkt 2 len 4 (sig created 2016-11-02) subpkt 16 len 8 (issuer key ID 3B3011B76B9D6523) data: [156 bits] data: [160 bits] sig created 2019-01-24 --> created or in my case extended today key expires after 4y152d17h42m --> this probably means it expires in ~4.5 years Ralf -- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
participants (3)
-
Andreas Schwab
-
Marcus Hüwe
-
Ralf Becker