Bug#892058: debian-keyring: please automatically send reminder emails to people whose keys will expire soon

[Ximin Luo]

Package: debian-keyring
Version: 2018.01.24
Severity: wishlist
Tags: patch

Dear Maintainer,

For security, I set a short validity period on my key and renew this every year
by repeatedly extending the expiry date. However I keep forgetting to send the
key to keyring.debian.org, and it's the second time this has happened. Since
the keyring-maint team usually updates debian-keyring once a month, it means I
can't do any uploads for a month, which is pretty inconvenient.

I've attached a script that prints the soon-to-expire keys from 
debian-keyring.gpg.
You can run it like this:

$ ./dd-expiry "2 months" now
5394479DD3524C51 1520360331 2018-03-06T19:18:51+01:00
88237A6A53AB1B2E 1521137128 2018-03-15T19:05:28+01:00
2FD8BEDAC020EED1 1521756999 2018-03-22T23:16:39+01:00
FF55C8F4DAE92422 1522357905 2018-03-29T23:11:45+02:00
6C8F74AE87700B7E 1522940258 2018-04-05T16:57:38+02:00
9AF46B3025771B31 1523261856 2018-04-09T10:17:36+02:00
8CBF9A322861A790 1523450637 2018-04-11T14:43:57+02:00
D04BA3A00125D5C0 1523561253 2018-04-12T21:27:33+02:00
792152527B75921E 1524162229 2018-04-19T20:23:49+02:00
AB645F406286A7D0 1524227017 2018-04-20T14:23:37+02:00
965522B9D49AE731 1524351803 2018-04-22T01:03:23+02:00
9EDCC991D9AB457E 1524389562 2018-04-22T11:32:42+02:00
025AFE95AC9DF31B 1524721803 2018-04-26T07:50:03+02:00
0ABA650372FD9571 1524748809 2018-04-26T15:20:09+02:00
003A1A2DAA41085F 1525086689 2018-04-30T13:11:29+02:00
3F9219A67F36C68B 1525192781 2018-05-01T18:39:41+02:00
39091E8123CE1C09 1525312214 2018-05-03T03:50:14+02:00

It would be good if you could hook up the output of this script to an automatic
email reminder script, that emails those people to renew their keys.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

debian-keyring depends on no packages.

Versions of packages debian-keyring recommends:
ii  gnupg  2.2.5-1

debian-keyring suggests no packages.

-- no debconf information

#!/bin/sh
set -e
later=$(date -d "${1:-2 months}" +%s)
earlier=$(date -d "${2:-@0}" +%s)
now=$(date +%s)
gpg 2>/dev/null \
  --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg \
  --with-colons --fixed-list-mode --keyid-format=long \
  --list-keys |
grep ^pub |
cut -d: -f5,7 |
tr : ' ' | {
while read key exp; do
  if [ -n "$exp" -a "0$exp" -lt "$later" -a "0$exp" -gt "$earlier" ]; then
    echo $key $exp $(date -d "@$exp" -Is);
  fi;
done
if [ "$earlier" -lt "$now" ]; then
  echo "------now------- $now $(date -Is)";
fi
} |
sort -k2