#!/usr/bin/env bash
#
# Check a keyring.
#
# See also some useful OpenPGP maintenance scripts:
#
#   - git://lair.fifthhorseman.net/~mjgoins/cur
#   - https://gitorious.org/key-report
#   - https://github.com/ilf/gpg-maintenance.git
#   - https://github.com/EtiennePerot/parcimonie.sh
#   - https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
#
# This script can run from a crontab, client or server side to check
# keyringer health status.

# Load functions
LIB="`dirname $0`/../functions"
source "$LIB" maintenance $* || exit 1

# The following should run automatically from keyringer_check_recipients
# and keyringer_check_repository:
#
# Pull the keyring repository.
# Git maintenance operations.
# Fetch absent keys from all recipients.
# Check key expirations

# This should be done here:
# TODO: Check canaries' timestamps, warning by mail if configured by user preferences.

# Since this is the check action, it should exit whenever there's a warning
if [ "$KEYRINGER_HAS_EXPIRING_KEYS" == "1" ]; then
  exit 1
fi
