add script for pruning old certificates

2021-06-24 13:17:02 +00:00 · 2021-06-24 13:17:02 +00:00 · b32b15b5b7
parent d536aa9003
commit b32b15b5b7
2 changed files with 35 additions and 0 deletions
--- a/main.sh
+++ b/main.sh
@ -19,6 +19,9 @@ else
  ./get-certs.sh
 fi

+echo '=== prune old certs ==='
+./prune-old-certs.sh
+
 echo '=== cert details ==='
 ./cert-details.sh

--- a/prune-old-certs.sh
+++ b/prune-old-certs.sh
@ -0,0 +1,32 @@
+#!/bin/sh
+
+# Remove certificates of hosts that both:
+# - have been down for more than 30 days;
+# - are no longer in the hosts file.
+
+set -o errexit  # (-e) exit immediately if any command has a non-zero exit status
+set -o nounset  # (-u) don't accept undefined variables
+#set -o xtrace  # for debugging
+
+# Go where this script is.
+cd "$(dirname "$0")" || exit
+
+# Go through certs of hosts that have been down for more than 30 days.
+find certs -mtime +30 -type f -execdir sh -c '
+  cert_file="$1"
+  host=$(expr "$cert_file" : "^\.\/\(.*\)\:[0-9]*\.pem$")
+  port=$(expr "$cert_file" : "^\.\/.*\:\([0-9]*\)\.pem$")
+
+  # Append port if not default
+  if [ "$port" != 1965 ]; then
+    host="$host:$port"
+  fi
+
+  # If it is not in the hosts file, delete it.
+  if ! grep -xq "$host" ../hosts; then
+    echo "Pruning $host"
+    rm "$cert_file"
+  fi
+' sh {} \;
+
+echo OK