add script for pruning old certificates
This commit is contained in:
parent
d536aa9003
commit
b32b15b5b7
3
main.sh
3
main.sh
|
@ -19,6 +19,9 @@ else
|
|||
./get-certs.sh
|
||||
fi
|
||||
|
||||
echo '=== prune old certs ==='
|
||||
./prune-old-certs.sh
|
||||
|
||||
echo '=== cert details ==='
|
||||
./cert-details.sh
|
||||
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Remove certificates of hosts that both:
|
||||
# - have been down for more than 30 days;
|
||||
# - are no longer in the hosts file.
|
||||
|
||||
set -o errexit # (-e) exit immediately if any command has a non-zero exit status
|
||||
set -o nounset # (-u) don't accept undefined variables
|
||||
#set -o xtrace # for debugging
|
||||
|
||||
# Go where this script is.
|
||||
cd "$(dirname "$0")" || exit
|
||||
|
||||
# Go through certs of hosts that have been down for more than 30 days.
|
||||
find certs -mtime +30 -type f -execdir sh -c '
|
||||
cert_file="$1"
|
||||
host=$(expr "$cert_file" : "^\.\/\(.*\)\:[0-9]*\.pem$")
|
||||
port=$(expr "$cert_file" : "^\.\/.*\:\([0-9]*\)\.pem$")
|
||||
|
||||
# Append port if not default
|
||||
if [ "$port" != 1965 ]; then
|
||||
host="$host:$port"
|
||||
fi
|
||||
|
||||
# If it is not in the hosts file, delete it.
|
||||
if ! grep -xq "$host" ../hosts; then
|
||||
echo "Pruning $host"
|
||||
rm "$cert_file"
|
||||
fi
|
||||
' sh {} \;
|
||||
|
||||
echo OK
|
Loading…
Reference in New Issue