Design for check and canary

author Silvio Rhatto <rhatto@riseup.net>

Sun, 23 Feb 2014 15:26:32 +0000 (12:26 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Sun, 23 Feb 2014 15:26:32 +0000 (12:26 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Sun, 23 Feb 2014 15:26:32 +0000 (12:26 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Sun, 23 Feb 2014 15:26:32 +0000 (12:26 -0300)
diff --git a/lib/keyringer/actions/canary b/lib/keyringer/actions/canary

new file mode 100755 (executable)

index 0000000..a27d562
--- /dev/null
+++ b/lib/keyringer/actions/canary
@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# Keyringer's canary warrant implementation.
+#
+# Inspired by:
+#
+#   https://en.wikipedia.org/wiki/Warrant_canary
+#   http://www.rsync.net/resources/notices/canary.txt
+#
+# A canary is:
+#
+#   - Generated using any combination of public available RSS
+#     feeds configured by user preferences.
+#
+#   - Configured to generate new information once a day.
+#     If you run it more than that interval, no canary will
+#     be updated.
+#
+# A canary is stored:
+#
+#   - In a folder called "canaries" followed by the user ID.
+#
+#   - With an addiditonal timestamp stored plain+signed so it
+#     can be easily checked.
+#
+#   - Can optionally be uploaded (encrypted or plain+signed) to a
+#     remote url via scp.
+#
+#   - Can optinally be included in another git repository
+#     (encrypted or plain+signed), commited and pushed
+#     to a remote repository (ikiwiki instance, etc).
+#
+# How to run:
+#
+#  - First, "keyringer <keyringe> preferences edit # basic canary preferences".
+#
+#  - Then, add the following at your ~/.profile or wherever you want your canary
+#    be called from: "keyringer <keyring> canary".
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# TODO: code!
+echo "Not implemented :("
+exit 1
diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check

new file mode 100755 (executable)

index 0000000..669b994
--- /dev/null
+++ b/lib/keyringer/actions/check
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Check a keyring.
+#
+# See also some useful OpenPGP maintenance scripts:
+#
+#   - git://lair.fifthhorseman.net/~mjgoins/cur
+#   - https://gitorious.org/key-report
+#   - https://github.com/ilf/gpg-maintenance.git
+#
+# This script can run from a crontab, client of server side to check
+# keyringer health status.
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# TODO: Automatically fetch absent keys from all recipients.
+# TODO: Automatically pull a repository.
+# TODO: Check if keys in all recipients files are about to expire.
+# TODO: Time to expire can be configured via repository options.
+# TODO: Users can be alerted by mail if configured by user preferences.
+# TODO: Check canaries' timestamps, warning by mail if configured by user preferences.
+# TODO: Outgoing emails can be encrypted.
+echo "Not implemented :("
+exit 1
author	Silvio Rhatto <rhatto@riseup.net>
	Sun, 23 Feb 2014 15:26:32 +0000 (12:26 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sun, 23 Feb 2014 15:26:32 +0000 (12:26 -0300)
lib/keyringer/actions/canary	[new file with mode: 0755]	patch \| blob
lib/keyringer/actions/check	[new file with mode: 0755]	patch \| blob