subkey handling? #2

New issue

Closed

opened 2023-03-03 12:40:24 +01:00 by mf · 0 comments

mf commented 2023-03-03 12:40:24 +01:00

Owner

Copy link

gpg --show-keys --no-secmem-warning --with-colons foerste@schlittermann.de/93632C800F51DA21.asc 
pub:-:4096:1:93632C800F51DA21:1393919690:1720599710::-:::scESC::::::23::0:
fpr:::::::::590C5DF1C3B8D072555B54F593632C800F51DA21:
uid:-::::1676362910::CC7E97078121891D25D2DB344C457CCC16317913::Matthias Förste <foerste@schlittermann.de>::::::::::0:
sub:-:4096:1:29B9349CF373C4D7:1393919690:1679039199:::::e::::::23:
fpr:::::::::9DBB0D9A277ECD6FC2D9467E29B9349CF373C4D7

date -d @1679039199
Fri 17 Mar 2023 08:46:39 AM CET

/usr/lib/nagios/plugins/ius/check_gpgexpire -c 32 /srv/www/hosts/www.schlittermann.de/htdocs/keys|grep -Fi foerste
/srv/www/hosts/www.schlittermann.de/htdocs/keys/gpg/foerste@schlittermann.de/93632C800F51DA21.asc expires in 494 days

I forgot to extend the expiry of the subkey used for encryption, but the check still reports OK

On a side note: supplying the command --show-keys to gpg would be the more 'correct' way to suppress the warning gpg: WARNING: no command supplied. Trying to guess what you mean ... inside the fh_gpg_colons funtion, and also give more information about the key (the usage type for instance).

``` gpg --show-keys --no-secmem-warning --with-colons foerste@schlittermann.de/93632C800F51DA21.asc pub:-:4096:1:93632C800F51DA21:1393919690:1720599710::-:::scESC::::::23::0: fpr:::::::::590C5DF1C3B8D072555B54F593632C800F51DA21: uid:-::::1676362910::CC7E97078121891D25D2DB344C457CCC16317913::Matthias Förste <foerste@schlittermann.de>::::::::::0: sub:-:4096:1:29B9349CF373C4D7:1393919690:1679039199:::::e::::::23: fpr:::::::::9DBB0D9A277ECD6FC2D9467E29B9349CF373C4D7 ``` ``` date -d @1679039199 Fri 17 Mar 2023 08:46:39 AM CET ``` ``` /usr/lib/nagios/plugins/ius/check_gpgexpire -c 32 /srv/www/hosts/www.schlittermann.de/htdocs/keys|grep -Fi foerste /srv/www/hosts/www.schlittermann.de/htdocs/keys/gpg/foerste@schlittermann.de/93632C800F51DA21.asc expires in 494 days ``` I forgot to extend the expiry of the subkey used for encryption, but the check still reports OK On a side note: supplying the command `--show-keys` to gpg would be the more 'correct' way to suppress the warning `gpg: WARNING: no command supplied. Trying to guess what you mean ...` inside the `fh_gpg_colons` funtion, and also give more information about the key (the usage type for instance).

mo referenced this issue from a commit 2023-03-06 10:43:05 +01:00

Also warn about expiring subkeys. Fixes #2

mo closed this issue 2023-03-06 10:43:06 +01:00

mo referenced this issue from a commit 2023-03-06 10:46:16 +01:00

replace gpg --quiet with --show-keys. Suggestion from #2

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

user/heiko

debian/0.2

Labels

Clear labels

  

bug

Something is not working

  

doc

Missing or wrong documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

This is security relevant

  

wontfix

This won't be fixed

No labels

bug

doc

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

IUS/monitoring-plugin-gpgexpire#2

No description provided.