opt/tests/assert-gpg-expiration.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

#!/bin/sh
set -eu


SECRET_KEY='81F90EC3CD356060'
NEXT_6_MONTHS="$(echo "$(date '+%s') + (60 * 60 * 24 * 30 * 6)" | bc)"

gpg --with-colons --fixed-list-mode --list-keys "$SECRET_KEY" |
	grep -e ^pub -e ^sub |
	while read -r subkey; do
		EXPIRY="$(echo "$subkey" | cut -d: -f7)"
		if [ -z "$EXPIRY" ]; then
			continue
		fi

		if [ "$EXPIRY" -gt "$(date '+%s')" ] &&
				[ "$EXPIRY" -lt "$NEXT_6_MONTHS" ]; then
			printf 'Key %s to expire soon!.\n' \
				"$(echo "$subkey" | cut -d: -f5)" >&2
			exit 1
		fi
	done