Skip to content

Commit

Permalink
update files of remote gt to version v1.0.3 via gt
Browse files Browse the repository at this point in the history
  • Loading branch information
tegonal-bot authored and robstoll committed Nov 20, 2024
1 parent fb22e15 commit 9bc854c
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 33 deletions.
61 changes: 29 additions & 32 deletions .github/workflows/gt-update.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# \__/\__/\_, /\___/_//_/\_,_/_/ It is licensed under European Union Public License v. 1.2
# /___/ Please report bugs and contribute back your improvements
#
# Version: v1.0.2
# Version: v1.0.3
###################################
name: "gt update"
on:
Expand Down Expand Up @@ -40,8 +40,8 @@ jobs:
echo "public key trusted" && \
mkdir ./gpg && \
gpg --homedir ./gpg --import ./signing-key.public.asc && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh.sig" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh.sig" && \
gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh && \
chmod +x ./install.sh && \
echo "verification successful" || (printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!"; exit 1) && \
Expand Down Expand Up @@ -79,8 +79,8 @@ jobs:
echo "public key trusted" && \
mkdir ./gpg && \
gpg --homedir ./gpg --import ./signing-key.public.asc && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh.sig" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh.sig" && \
gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh && \
chmod +x ./install.sh && \
echo "verification successful" || (printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!"; exit 1) && \
Expand Down Expand Up @@ -141,35 +141,32 @@ jobs:
set -euo pipefail
currentDir="$(pwd)"
signingKey=".gt/signing-key.public.asc"
if ! [[ -f "$currentDir/$signingKey" ]]; then
echo "$signingKey does not exist in this repo"
return 0
fi
tmpDir=$(mktemp -d -t gt-check-gpg-XXXXXXXXXX)
gpg --homedir "$tmpDir" --import "$currentDir/$signingKey"
limitTimestamp=$(date -d "+3 month" +%s)
limitDate=$(date -d "@$limitTimestamp" +"%Y-%m-%dT%H:%M:%S")
echo "checking if the following public keys defined in $signingKey are valid until $limitDate"
gpg --homedir "$tmpDir" --list-keys \
--list-options show-sig-expire,show-unusable-subkeys,show-unusable-uids,show-usage,show-user-notations \
--keyid-format LONG
echo ""
if [[ -f "$currentDir/$signingKey" ]]; then
tmpDir=$(mktemp -d -t gt-check-gpg-XXXXXXXXXX)
gpg --homedir "$tmpDir" --import "$currentDir/$signingKey"
expired=0
while read -r key; do
keyId=$(cut -d ':' -f5 <<<"$key")
expirationTimestamp=$(cut -d ':' -f7 <<<"$key")
if (( expirationTimestamp < $limitTimestamp )); then
expirationDate=$(date -d "@$((expirationTimestamp + 0))" +"%Y-%m-%dT%H:%M:%S")
printf >&2 "\033[0;31mERROR\033[0m: expiration date (%s) of key %s is before the given limit %s\n" "$expirationDate" "$keyId" "$limitDate"
((++expired))
fi
done < <(gpg --homedir "$tmpDir" --list-keys --list-options show-unusable-subkeys --with-colons | grep -E '^(pub|sub)')
[[ $expired -eq 0 ]]
limitTimestamp=$(date -d "+3 month" +%s)
limitDate=$(date -d "@$limitTimestamp" +"%Y-%m-%dT%H:%M:%S")
echo "checking if the following public keys defined in $signingKey are valid until $limitDate"
gpg --homedir "$tmpDir" --list-keys \
--list-options show-sig-expire,show-unusable-subkeys,show-unusable-uids,show-usage,show-user-notations \
--keyid-format LONG
echo ""
expired=0
while read -r key; do
keyId=$(cut -d ':' -f5 <<<"$key")
expirationTimestamp=$(cut -d ':' -f7 <<<"$key")
if (( expirationTimestamp < $limitTimestamp )); then
expirationDate=$(date -d "@$((expirationTimestamp + 0))" +"%Y-%m-%dT%H:%M:%S")
printf >&2 "\033[0;31mERROR\033[0m: expiration date (%s) of key %s is before the given limit %s\n" "$expirationDate" "$keyId" "$limitDate"
((++expired))
fi
done < <(gpg --homedir "$tmpDir" --list-keys --list-options show-unusable-subkeys --with-colons | grep -E '^(pub|sub)')
[[ $expired -eq 0 ]]
else
echo "$signingKey does not exist in this repo, nothing to check"
fi
trusted_keys:
name: "Check trusted-key(s)"
Expand Down
2 changes: 1 addition & 1 deletion .gt/remotes/gt/pulled.tsv
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#@ Version: 1.1.0
tag file relativeTarget tagFilter sha512
v1.0.2 .github/workflows/gt-update.yml ../.github/workflows/gt-update.yml .* 18ccdb1dd544a47a939e342747d9436c5e9e7b121001b0c8f331b7792799c93e172d4ac1cdef1f566d5bad52ac4bc55983c157ae4b7885d63d40fc4a1a71ebb2
v1.0.3 .github/workflows/gt-update.yml ../.github/workflows/gt-update.yml .* cc2ac667bbc089731622efa32b780bf7c784ba82bccad4d3c7e83becb27b9f744dea3d4ec5a7bfdaf2c500df2d2fdc78a681d8bead19f2c29cd6c7abc09dcb9f

0 comments on commit 9bc854c

Please sign in to comment.