Mailinglist Archive: opensuse-buildservice (66 mails)

< Previous Next >
Re: [opensuse-buildservice] Check signkey is (still) valid
Am 24.01.19 um 14:29 schrieb Marcus Hüwe:
On 2019-01-24 11:41:54 +0100, Ralf Becker wrote:
How can I check if a projects signkey is still valid or needs extension.

Is there an osc or gpg command I can use to find that out to write a
Nagios check to warn me, before the key expires and users complain.

You could do something like

osc signkey <project> | gpg --show-keys

and then extract the expiration date. (Maybe there's a more clever way
to directly read the expiration date...)


Marcus


gpg on our private build-server (openSUSE Leap 42.2) does not know
--show-keys :(

gpg --list-keys lists the keys in it's key-ring, not the one on the
command line.

This is what I found to analyse the key piped into gpg:

obs:~> osc signkey server:eGroupWare | gpg --list-packets
:public key packet:
    version 4, algo 1, created 1478096796, expires 0
    pkey[0]: [2048 bits]
    pkey[1]: [17 bits]
    keyid: 3545DFD68B5C64E0
:user ID packet: "server:eGroupWare OBS Project
<server:eGroupWare@xxxxxxxxxxxxxxxxxx>"
:signature packet: algo 1, keyid 3545DFD68B5C64E0
    version 4, created 1548317362, md5len 0, sigclass 0x13
    digest algo 2, begin of digest f3 fc
    hashed subpkt 2 len 4 (sig created 2019-01-24)
    hashed subpkt 27 len 1 (key flags: 03)
    hashed subpkt 9 len 4 (key expires after 4y152d17h42m)
    hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
    hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
    hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
    hashed subpkt 30 len 1 (features: 01)
    hashed subpkt 23 len 1 (key server preferences: 80)
    subpkt 16 len 8 (issuer key ID 3545DFD68B5C64E0)
    data: [2046 bits]
:signature packet: algo 17, keyid 3B3011B76B9D6523
    version 4, created 1478096796, md5len 0, sigclass 0x13
    digest algo 2, begin of digest 47 cd
    hashed subpkt 2 len 4 (sig created 2016-11-02)
    subpkt 16 len 8 (issuer key ID 3B3011B76B9D6523)
    data: [156 bits]
    data: [160 bits]

sig created 2019-01-24 --> created or in my case extended today

key expires after 4y152d17h42m --> this probably means it expires in
~4.5 years

Ralf

--
Ralf Becker
EGroupware GmbH [www.egroupware.org]
Handelsregister HRB Kaiserslautern 3587
Geschäftsführer Birgit und Ralf Becker
Leibnizstr. 17, 67663 Kaiserslautern, Germany
Telefon +49 631 31657-0


< Previous Next >