Am 24.01.19 um 14:29 schrieb Marcus Hüwe:
On 2019-01-24 11:41:54 +0100, Ralf Becker wrote:
How can I check if a projects signkey is still valid or needs extension.
Is there an osc or gpg command I can use to find that out to write a Nagios check to warn me, before the key expires and users complain.
You could do something like
osc signkey <project> | gpg --show-keys
and then extract the expiration date. (Maybe there's a more clever way to directly read the expiration date...)
Marcus
gpg on our private build-server (openSUSE Leap 42.2) does not know --show-keys :( gpg --list-keys lists the keys in it's key-ring, not the one on the command line. This is what I found to analyse the key piped into gpg: obs:~> osc signkey server:eGroupWare | gpg --list-packets :public key packet: version 4, algo 1, created 1478096796, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] keyid: 3545DFD68B5C64E0 :user ID packet: "server:eGroupWare OBS Project <server:eGroupWare@build.opensuse.org>" :signature packet: algo 1, keyid 3545DFD68B5C64E0 version 4, created 1548317362, md5len 0, sigclass 0x13 digest algo 2, begin of digest f3 fc hashed subpkt 2 len 4 (sig created 2019-01-24) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 9 len 4 (key expires after 4y152d17h42m) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 3545DFD68B5C64E0) data: [2046 bits] :signature packet: algo 17, keyid 3B3011B76B9D6523 version 4, created 1478096796, md5len 0, sigclass 0x13 digest algo 2, begin of digest 47 cd hashed subpkt 2 len 4 (sig created 2016-11-02) subpkt 16 len 8 (issuer key ID 3B3011B76B9D6523) data: [156 bits] data: [160 bits] sig created 2019-01-24 --> created or in my case extended today key expires after 4y152d17h42m --> this probably means it expires in ~4.5 years Ralf -- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0