diff options
| author | mh <mh@immerda.ch> | 2015-10-16 15:17:48 +0200 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2015-10-16 15:17:48 +0200 |
| commit | 9a02e527e1803093e25166cdbac753253909065f (patch) | |
| tree | 3aaff885b3f9c72883bab747ef1427e75f768a29 | |
| parent | 77419fa626578d14e55042a39b2b87e5c0904ae2 (diff) | |
Revert "this is handled outside & centrally"
This reverts commit ffca95a6b0281ab49f4a626a1ee6a68257769388.
| -rw-r--r-- | files/plugins/check_gpg | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index 1a8df84..bf4b930 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -82,6 +82,14 @@ if [ -z "$1" ]; then fi key="$1" +# GPG is too stupid to error out when asked to refresh a key that's not in the +# local keyring so we need to perform another call to verify this first. +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +if [ $? -ne 0 ]; then + echo "UNKNOWN: $output" + exit 3 +fi + if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then echo "CRITICAL: key '$key' has been revoked!" exit 1 |