Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update files of remote gt to version v1.0.3 via gt #20

Merged
merged 1 commit into from
Nov 16, 2024
Merged

update files of remote gt to version v1.0.3 via gt #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 29 additions & 32 deletions .github/workflows/gt-update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# \__/\__/\_, /\___/_//_/\_,_/_/ It is licensed under European Union Public License v. 1.2
# /___/ Please report bugs and contribute back your improvements
#
# Version: v1.0.2
# Version: v1.0.3
###################################
name: "gt update"
on:
Expand Down Expand Up @@ -40,8 +40,8 @@ jobs:
echo "public key trusted" && \
mkdir ./gpg && \
gpg --homedir ./gpg --import ./signing-key.public.asc && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh.sig" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh.sig" && \
gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh && \
chmod +x ./install.sh && \
echo "verification successful" || (printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!"; exit 1) && \
Expand Down Expand Up @@ -79,8 +79,8 @@ jobs:
echo "public key trusted" && \
mkdir ./gpg && \
gpg --homedir ./gpg --import ./signing-key.public.asc && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.2/install.sh.sig" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh" && \
wget "https://raw.githubusercontent.com/tegonal/gt/v1.0.3/install.sh.sig" && \
gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh && \
chmod +x ./install.sh && \
echo "verification successful" || (printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!"; exit 1) && \
Expand Down Expand Up @@ -141,35 +141,32 @@ jobs:
set -euo pipefail
currentDir="$(pwd)"
signingKey=".gt/signing-key.public.asc"
if ! [[ -f "$currentDir/$signingKey" ]]; then
echo "$signingKey does not exist in this repo"
return 0
fi

tmpDir=$(mktemp -d -t gt-check-gpg-XXXXXXXXXX)
gpg --homedir "$tmpDir" --import "$currentDir/$signingKey"


limitTimestamp=$(date -d "+3 month" +%s)
limitDate=$(date -d "@$limitTimestamp" +"%Y-%m-%dT%H:%M:%S")
echo "checking if the following public keys defined in $signingKey are valid until $limitDate"
gpg --homedir "$tmpDir" --list-keys \
--list-options show-sig-expire,show-unusable-subkeys,show-unusable-uids,show-usage,show-user-notations \
--keyid-format LONG
echo ""
if [[ -f "$currentDir/$signingKey" ]]; then
tmpDir=$(mktemp -d -t gt-check-gpg-XXXXXXXXXX)
gpg --homedir "$tmpDir" --import "$currentDir/$signingKey"

expired=0
while read -r key; do
keyId=$(cut -d ':' -f5 <<<"$key")
expirationTimestamp=$(cut -d ':' -f7 <<<"$key")
if (( expirationTimestamp < $limitTimestamp )); then
expirationDate=$(date -d "@$((expirationTimestamp + 0))" +"%Y-%m-%dT%H:%M:%S")
printf >&2 "\033[0;31mERROR\033[0m: expiration date (%s) of key %s is before the given limit %s\n" "$expirationDate" "$keyId" "$limitDate"
((++expired))
fi
done < <(gpg --homedir "$tmpDir" --list-keys --list-options show-unusable-subkeys --with-colons | grep -E '^(pub|sub)')
[[ $expired -eq 0 ]]
limitTimestamp=$(date -d "+3 month" +%s)
limitDate=$(date -d "@$limitTimestamp" +"%Y-%m-%dT%H:%M:%S")
echo "checking if the following public keys defined in $signingKey are valid until $limitDate"
gpg --homedir "$tmpDir" --list-keys \
--list-options show-sig-expire,show-unusable-subkeys,show-unusable-uids,show-usage,show-user-notations \
--keyid-format LONG
echo ""

expired=0
while read -r key; do
keyId=$(cut -d ':' -f5 <<<"$key")
expirationTimestamp=$(cut -d ':' -f7 <<<"$key")
if (( expirationTimestamp < $limitTimestamp )); then
expirationDate=$(date -d "@$((expirationTimestamp + 0))" +"%Y-%m-%dT%H:%M:%S")
printf >&2 "\033[0;31mERROR\033[0m: expiration date (%s) of key %s is before the given limit %s\n" "$expirationDate" "$keyId" "$limitDate"
((++expired))
fi
done < <(gpg --homedir "$tmpDir" --list-keys --list-options show-unusable-subkeys --with-colons | grep -E '^(pub|sub)')
[[ $expired -eq 0 ]]
else
echo "$signingKey does not exist in this repo, nothing to check"
fi

trusted_keys:
name: "Check trusted-key(s)"
Expand Down
2 changes: 1 addition & 1 deletion .gt/remotes/gt/pulled.tsv
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#@ Version: 1.1.0
tag file relativeTarget tagFilter sha512
v1.0.2 .github/workflows/gt-update.yml ../.github/workflows/gt-update.yml .* 18ccdb1dd544a47a939e342747d9436c5e9e7b121001b0c8f331b7792799c93e172d4ac1cdef1f566d5bad52ac4bc55983c157ae4b7885d63d40fc4a1a71ebb2
v1.0.3 .github/workflows/gt-update.yml ../.github/workflows/gt-update.yml .* cc2ac667bbc089731622efa32b780bf7c784ba82bccad4d3c7e83becb27b9f744dea3d4ec5a7bfdaf2c500df2d2fdc78a681d8bead19f2c29cd6c7abc09dcb9f