diff options
author | Aeryxium | 2021-04-16 17:28:59 -0400 |
---|---|---|
committer | Aeryxium | 2021-04-16 17:38:41 -0400 |
commit | ced3346a5f6a1f04beb2a9ebdde54c263e8eec29 (patch) | |
tree | 18fbb86becc8e3a7a1881e7e6e5aa49edd5ea9ec /tgr | |
download | aur-ced3346a5f6a1f04beb2a9ebdde54c263e8eec29.tar.gz |
Initial commit.
Diffstat (limited to 'tgr')
-rwxr-xr-x | tgr | 85 |
1 files changed, 85 insertions, 0 deletions
@@ -0,0 +1,85 @@ +#!/usr/bin/env bash + +# Refreshes GPG keys randomly over unique TOR circuits. + +# MIT License +# +# Copyright 2021 Aeryxium <aeryxium+foss@gmail.com> +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +set +Eeu -o pipefail +shopt nullglob + +# populate_keylist - If the keylist file is empty or doesn't exist, gets a list +# of all keys in the keyring, randomizes them,and saves the ranom list to +# the keylist file. +# Arguments: +# None +populate_keylist() { + if ! keylist=( $(gpg --list-public-keys --with-colons --fixed-list-mode \ + --with-fingerprint --with-fingerprint --with-key-data \ + | grep -a -A 1 '^pub:' \ + | grep -E '^fpr:+[0-9a-fA-F]{40,}:' \ + | sed -r 's/^fpr:+([0-9a-fA-F]+):+$/\1/') ); then + echo "ERROR: Failed getting list of public keys." >&2 + exit 1 + fi + keylist=( $(shuf -e ${keylist[@]}) ) + if (( "${#keylist[@]}" < 1 )); then + echo "ERROR: Failed getting list of public keys." >&2 + exit 1 + fi +} + +# refresh_key - Attempts to update first key from KEYLIST_FILE. If successful, +# resets attempt counter. Otherwise increment attempt counter. on 3 failed +# attempts, display error and remove key from keylist. +# Arguments: +# None +refresh_key() { + (( $(pgrep -c tor) < 1 )) && return + (( ${#keylist[@]} < 1 )) && populate_keylist + key="${keylist[0]}" + while [[ ! "${key:-}" =~ ^[0-9a-fA-F]{40,}$ ]]; do + echo "ERROR: Invalid key fingerprint '$key'." >&2 + unset $keylist[0] + return + done + if ! torsocks --isolate gpg --refresh-keys "$key" &>/dev/null; then + echo "gpgrefresh - Failed refreshing $key $refresh_count time(s)." >&2 + (( refresh_count++ )) + # If we've tried 3 times, skip to the next one + (( refresh_count > 3 )) \ + && keylist=( "${keylist[@]:1}" ) \ + && refresh_count=1 + return + fi + refresh_count=1 + echo "gpgrefresh - Refreshed $key." + keylist=( "${keylist[@]:1}" ) +} + +# On initial startup, populate the keylist. Then loop over refreshing forever. +populate_keylist +refresh_count=1 +while true; do + refresh_key + sleep "$(( 15 + $RANDOM % 45 ))m" +done |