From 597e47bb82aaf8d0d8f28ebc27a8e354cdfbaff9 Mon Sep 17 00:00:00 2001
From: Jonny007-MKD <me@jonny007-mkd.de>
Date: Sun, 6 Mar 2022 22:19:20 +0100
Subject: [PATCH] Fix some bugs (especially processing a downloaded file)

---
 README.md                   |  4 +--
 check_gpg_key_expiration.sh | 56 ++++++++++++++++++++++++++-----------
 2 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 9bd4f1e..3fcd994 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ A check script for icinga2 to check for the expiration of GPG keys (local or onl
 
     Check gpg expiration date. Arguments:
     --url URL: Where to find the GPG key. Path to a local file or an URL to download from.
-    --warn DAYS: Warning threshold (integer in days)
-    --crit DAYS: Critical threshold (integer in days)
+    --warning DAYS: Warning threshold (integer in days)
+    --critical DAYS: Critical threshold (integer in days)
diff --git a/check_gpg_key_expiration.sh b/check_gpg_key_expiration.sh
index b0ab143..cf33056 100755
--- a/check_gpg_key_expiration.sh
+++ b/check_gpg_key_expiration.sh
@@ -2,6 +2,19 @@
 
 function echoerr { echo "$@" 1>&2; }
 
+function cleanup {
+	if [ -n "$TMPFILE" -a -f "$TMPFILE" ]; then
+		rm -f "$TMPFILE"
+	fi
+	if [ -n "$TMPFILE2" -a -f "$TMPFILE2" ]; then
+		rm -f "$TMPFILE2"
+	fi
+	if [ -n "$TMPDIR" -a -d "$TMPDIR" ]; then
+		rm -rf "$TMPDIR"
+	fi
+}
+trap 'cleanup' EXIT
+
 function checkEnvironment {
     ### Check the environment ###
     if ! which gpg 2>&1 >/dev/null; then
@@ -12,7 +25,11 @@ function checkEnvironment {
     # Command to download a file
     DOWNLOAD=""
     if which curl 2>&1 >/dev/null; then
-        DOWNLOAD="curl -s -o "
+		if $DEBUG; then
+			DOWNLOAD="curl -o "
+		else
+			DOWNLOAD="curl -s -o "
+		fi
     elif which wget 2>&1 >/dev/null; then
         DOWNLOAD="wget -o /dev/null -O "
     else 
@@ -21,6 +38,8 @@ function checkEnvironment {
     fi
 
     # Command to get information about all subkeys
+	TMPDIR=$(mktemp -d) || exit 3
+	export GNUPGHOME=$TMPDIR # don't create ~/.gnupg directory
     GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys"
 }
 
@@ -36,15 +55,15 @@ function parseArguments {
     CRIT=2 # days
     while [[ $# -gt 0 ]]; do
         case $1 in
-            -u|--url)		URL="$2"; shift;;
-            -w|--warn)      WARN=$2; shift;;
-            -c|--crit)      CRIT=$2; shift;;
-            -d|--debug) 	DEBUG=true;;
+            -u|--url|--file)		URL="$2"; shift;;
+            -w|--warn|--warning)    WARN=$2; shift;;
+            -c|--crit|--critical)   CRIT=$2; shift;;
+            -d|--debug) 			DEBUG=true;;
             -?|--help)
                 echo "Check gpg expiration date. Arguments:"
-                echo "--url URL: Where to find the GPG key"
-                echo "--warn DAYS: Warning threshold (integer in days)"
-                echo "--crit DAYS: Critical threshold (integer in days)"
+                echo "--url URL: Where to find the GPG key (URL or path to file)"
+                echo "--warning DAYS: Warning threshold (integer in days)"
+                echo "--critical DAYS: Critical threshold (integer in days)"
                 exit 0
                 ;;
             *)
@@ -145,7 +164,7 @@ function metrics {
     local expirationDate=$2
     local remaining_s=$3
 
-    METRICS="${METRICS}'$key expiration date'=$(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate) "
+    METRICS="${METRICS}'$key expiration date: $(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate)'=0 "
     METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s "
 }
 
@@ -179,26 +198,26 @@ function getAndParseKey {
 
     # for appropriate error handling we cannot use pipes (at least I don't know how to)
     TMPFILE=$(mktemp) || exit 3
-    #trap 'rm -f "$TMPFILE"' RETURN
-    #trap 'rm -f "$TMPFILE"' EXIT
 
     # If the URL is a local path, use it as input to GPG_SHOW
     if [ ! -f "$URL" ]; then
-        log "Downloading $URL"
-        $DOWNLOAD "$TMPFILE" "$URL"
+		TMPFILE2=$(mktemp) || exit 3
+        log "Downloading $URL to $TMPFILE2: $DOWNLOAD \"$TMPFILE2\" \"$URL\""
+        $DOWNLOAD "$TMPFILE2" "$URL"
         exit=$?
         if [ $exit -ne 0 ]; then
             echo "ERROR - Downloading failed with $exit"
             exit 3
         fi
-        infile="$TMPFILE"
+        infile="$TMPFILE2"
     else
         log "Using local file $URL"
         infile="$URL"
     fi
 
     # Process with GPG
-    cat "$infile" | $GPG_SHOW > "$TMPFILE"
+	log "Processing $infile: cat \"$infile\" | $GPG_SHOW > \"$TMPFILE\""
+    cat "$infile" | $GPG_SHOW > "$TMPFILE" 2> /dev/null
     exit=$?
     if [ $exit -ne 0 ]; then
         echo "ERROR - gpg failed with $exit"
@@ -209,7 +228,10 @@ function getAndParseKey {
         parseLine "$line"
     done < "$TMPFILE"
 
-    trap - EXIT
+	rm -f "$TMPFILE" && TMPFILE=""
+	if [ -n "$TMPFILE2" ]; then
+		rm -f "$TMPFILE2" && TMPFILE2=""
+	fi
 }
 
 
@@ -228,8 +250,8 @@ function printResult {
 
 
 
-checkEnvironment
 parseArguments "$@"
+checkEnvironment
 getAndParseKey
 printResult
 exit $RESULT