Fix some bugs (especially processing a downloaded file)
This commit is contained in:
parent
df2a25a876
commit
597e47bb82
|
|
@ -4,5 +4,5 @@ A check script for icinga2 to check for the expiration of GPG keys (local or onl
|
|||
|
||||
Check gpg expiration date. Arguments:
|
||||
--url URL: Where to find the GPG key. Path to a local file or an URL to download from.
|
||||
--warn DAYS: Warning threshold (integer in days)
|
||||
--crit DAYS: Critical threshold (integer in days)
|
||||
--warning DAYS: Warning threshold (integer in days)
|
||||
--critical DAYS: Critical threshold (integer in days)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,19 @@
|
|||
|
||||
function echoerr { echo "$@" 1>&2; }
|
||||
|
||||
function cleanup {
|
||||
if [ -n "$TMPFILE" -a -f "$TMPFILE" ]; then
|
||||
rm -f "$TMPFILE"
|
||||
fi
|
||||
if [ -n "$TMPFILE2" -a -f "$TMPFILE2" ]; then
|
||||
rm -f "$TMPFILE2"
|
||||
fi
|
||||
if [ -n "$TMPDIR" -a -d "$TMPDIR" ]; then
|
||||
rm -rf "$TMPDIR"
|
||||
fi
|
||||
}
|
||||
trap 'cleanup' EXIT
|
||||
|
||||
function checkEnvironment {
|
||||
### Check the environment ###
|
||||
if ! which gpg 2>&1 >/dev/null; then
|
||||
|
|
@ -12,7 +25,11 @@ function checkEnvironment {
|
|||
# Command to download a file
|
||||
DOWNLOAD=""
|
||||
if which curl 2>&1 >/dev/null; then
|
||||
DOWNLOAD="curl -s -o "
|
||||
if $DEBUG; then
|
||||
DOWNLOAD="curl -o "
|
||||
else
|
||||
DOWNLOAD="curl -s -o "
|
||||
fi
|
||||
elif which wget 2>&1 >/dev/null; then
|
||||
DOWNLOAD="wget -o /dev/null -O "
|
||||
else
|
||||
|
|
@ -21,6 +38,8 @@ function checkEnvironment {
|
|||
fi
|
||||
|
||||
# Command to get information about all subkeys
|
||||
TMPDIR=$(mktemp -d) || exit 3
|
||||
export GNUPGHOME=$TMPDIR # don't create ~/.gnupg directory
|
||||
GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys"
|
||||
}
|
||||
|
||||
|
|
@ -36,15 +55,15 @@ function parseArguments {
|
|||
CRIT=2 # days
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
-u|--url) URL="$2"; shift;;
|
||||
-w|--warn) WARN=$2; shift;;
|
||||
-c|--crit) CRIT=$2; shift;;
|
||||
-d|--debug) DEBUG=true;;
|
||||
-u|--url|--file) URL="$2"; shift;;
|
||||
-w|--warn|--warning) WARN=$2; shift;;
|
||||
-c|--crit|--critical) CRIT=$2; shift;;
|
||||
-d|--debug) DEBUG=true;;
|
||||
-?|--help)
|
||||
echo "Check gpg expiration date. Arguments:"
|
||||
echo "--url URL: Where to find the GPG key"
|
||||
echo "--warn DAYS: Warning threshold (integer in days)"
|
||||
echo "--crit DAYS: Critical threshold (integer in days)"
|
||||
echo "--url URL: Where to find the GPG key (URL or path to file)"
|
||||
echo "--warning DAYS: Warning threshold (integer in days)"
|
||||
echo "--critical DAYS: Critical threshold (integer in days)"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
|
|
@ -145,7 +164,7 @@ function metrics {
|
|||
local expirationDate=$2
|
||||
local remaining_s=$3
|
||||
|
||||
METRICS="${METRICS}'$key expiration date'=$(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate) "
|
||||
METRICS="${METRICS}'$key expiration date: $(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate)'=0 "
|
||||
METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s "
|
||||
}
|
||||
|
||||
|
|
@ -179,26 +198,26 @@ function getAndParseKey {
|
|||
|
||||
# for appropriate error handling we cannot use pipes (at least I don't know how to)
|
||||
TMPFILE=$(mktemp) || exit 3
|
||||
#trap 'rm -f "$TMPFILE"' RETURN
|
||||
#trap 'rm -f "$TMPFILE"' EXIT
|
||||
|
||||
# If the URL is a local path, use it as input to GPG_SHOW
|
||||
if [ ! -f "$URL" ]; then
|
||||
log "Downloading $URL"
|
||||
$DOWNLOAD "$TMPFILE" "$URL"
|
||||
TMPFILE2=$(mktemp) || exit 3
|
||||
log "Downloading $URL to $TMPFILE2: $DOWNLOAD \"$TMPFILE2\" \"$URL\""
|
||||
$DOWNLOAD "$TMPFILE2" "$URL"
|
||||
exit=$?
|
||||
if [ $exit -ne 0 ]; then
|
||||
echo "ERROR - Downloading failed with $exit"
|
||||
exit 3
|
||||
fi
|
||||
infile="$TMPFILE"
|
||||
infile="$TMPFILE2"
|
||||
else
|
||||
log "Using local file $URL"
|
||||
infile="$URL"
|
||||
fi
|
||||
|
||||
# Process with GPG
|
||||
cat "$infile" | $GPG_SHOW > "$TMPFILE"
|
||||
log "Processing $infile: cat \"$infile\" | $GPG_SHOW > \"$TMPFILE\""
|
||||
cat "$infile" | $GPG_SHOW > "$TMPFILE" 2> /dev/null
|
||||
exit=$?
|
||||
if [ $exit -ne 0 ]; then
|
||||
echo "ERROR - gpg failed with $exit"
|
||||
|
|
@ -209,7 +228,10 @@ function getAndParseKey {
|
|||
parseLine "$line"
|
||||
done < "$TMPFILE"
|
||||
|
||||
trap - EXIT
|
||||
rm -f "$TMPFILE" && TMPFILE=""
|
||||
if [ -n "$TMPFILE2" ]; then
|
||||
rm -f "$TMPFILE2" && TMPFILE2=""
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -228,8 +250,8 @@ function printResult {
|
|||
|
||||
|
||||
|
||||
checkEnvironment
|
||||
parseArguments "$@"
|
||||
checkEnvironment
|
||||
getAndParseKey
|
||||
printResult
|
||||
exit $RESULT
|
||||
|
|
|
|||
Loading…
Reference in New Issue