[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ¿Timeout en GPG? (Script de Bash)

Después de mucho investigar, y de dar mucha tabarra ;-) tengo un script
operativo, que hace más o menos lo que quiero y que no funciona del todo
mal.

Lo adjunto por si queréis hacerme algún comentario o por si os resulta
útil. Le he añadido la funcionalidad de que compruebe las firmas que
tienen las claves del anillo público y que si nos falta alguna clave, se
la baje.

Sobre todo me interesa saber qué aspectos se pueden mejorar respecto a
que funcione en otras shells, y sea portable.

Está todavía un poco verde, pero me resulta muy útil.

Un saludo!

-- 
        I stole all those good days, that's why they were taken away from me,
 .''`.  and they were replaced by the ones I deserve. 
: :' :                               Speaker for the dead - Orson Scott Card
`. `'          Proudly running Debian GNU/Linux Sid (Kernel 2.4.9)  
  `-        www.amayita.com  www.malapecora.com  www.chicasduras.com

#!/bin/sh
# Amaya Rodrigo <amaya@debian.org>, November 2001 
# Help and comments from all the people below. Thanks!
# Santiago Vila <sanvila@debian.org>
# Juantomás García <juantomas@juantomas.com>
# Manuel García <caronte@eresmas.net>
# Santiago Vila <sanvila@debian.org>
# David Muriel <dmuriel@andago.com>
# This is free software, under the terms of the GPL v2 or later
# See http://www.gnu.org/copyleft/gpl.html
# Comments on this script are highly appreciated.

# Define files to use as temporary files as I am still debbuging
# Temp files will not be needed in a later stage
file=/tmp/ids
file2=/tmp/sigs
file3=/tmp/processed
file4=/tmp/failed
file5=/tmp/failed.old
# Set default keyserver
keyserver=pgpkeys.mit.edu
#keyserver=keyserver.pgp.com
#keyserver=wwwkeys.eu.pgp.net
#keyserver=keyring.debian.org

# Set GPG timeout while connecting to server
TIMEOUT=30

# Functions to obtain listings
checkSigs(){
  # Output everything to one file
  echo "Getting unkown key ids from the signatures in your public ring." 
  echo "This may take a LONG while..."
  gpg --check-sigs | grep \? | cut -b 12-20 | sort > $file2
  # Another extra check:
  uniq -u $file2 >> $file3
  echo "Finished getting."
  # Find out how many keys
  max=`cat $file3 | wc -l `
  #real=`echo $[$max-1]`
  echo "We have $max keys to obtain."
}

checkKeys(){
  # Output everything to one file
  echo "Getting keys from our public ring."
  echo "This may take a while..."
  gpg --list-public-keys | grep ^pub | cut -b 12-20 | sort > $file
  uniq -u $file >> $file3
  echo "Finished getting keys from our public ring"
  # I now have all the keys
  # Find out how many keys
  max=`cat $file3 | wc -l `
  #real=`echo $[$max-1]`
  echo "We have $max keys in our public ring"
}

# Funtions to set timeouts
killGpg(){
	kill $gpgId 2> /dev/null
	output=$?
	if [ "$output" = "0" ]; then
		echo $i >> $file4
		echo "************************************************************"
		echo "   Retrieval of key $i failed: Operation timed out."
		echo "************************************************************"
	fi
        TIMEOUT=30
}

# Fuction to actually update keys
getKeys(){
    mv $file4 $file5
    # Get each key and update it. If we get no response from server in
    # $TIMEOUT seconds, get next one.
    for i in `cat $file3` ;
        do
          # If key is not an empty string:
          if [ "$i" != "" ]; then
              gpg --recv-key --keyserver $keyserver $i & 
	      gpgId=$!
              sleep $TIMEOUT
              killGpg
          fi
        done
   gpg --update-trustdb
}

retry(){
	for i in `cat $file4` ;
        do
          # If key is not an empty string:
          if [ "$i" != "" ]; then
              gpg --recv-key --keyserver $keyserver $i &
              gpgId=$!
              sleep $TIMEOUT
              killGpg
          fi
        done
   gpg --update-trustdb
}

case "$1" in
	  dump-sigs)
	  	checkSigs
		;;
	  dump-keys)
	  	checkKeys
		;;
	  sigs)
		checkSigs
		getKeys
	        ;;
	 keys)
		checkKeys
		getKeys
	        ;;	
	 all)
	 	checkSigs
		checkKeys
		getKeys
	 	;;
	 get)
	 	getKeys
		;;
	retry)
		retry
		;;
         *)
	 	echo ""
                echo "Usage: $0 [keys|sigs|all|dump-sigs|dump-keys|get|retry]"
                echo ""
                echo "This script updates your GPG public ring retrieving the keys from"
                echo "a server."
		echo ""
		echo "Default keyserver is pgpkeys.mit.edu. Edit the script to change it."
                echo ""
                echo "Options:"
		echo "  keys       - Gets all keys on your public ring and updates them."
                echo "  sigs       - Checks all the signatures on those keys and retrieves"
                echo "               those not found on your public ring."
		echo "  all        - Updates both public keys and signatures on them."
		echo "  dump-sigs  - Just creates the file with the sigs."
		echo "  dump-keys  - Just creates the file with the keys."
		echo "  get        - Gets the keys from the files created above."
		echo "  retry      - Gets the keys that failed before."
		echo ""
		echo "This is free software, under the terms of the GPL v2 or later."
		echo "See http://www.gnu.org/copyleft/gpl.html";
		echo ""
                exit 1
         ;;
esac

echo "Not removing temporal data: [ $file | $file2 | $file3 ]. Still debbuging"
#rm $file
# Name starts in column 21
Reply to: