Merge branch 'master' of git.nordu.net:sunet-opssunet-ops-2014-06-30-v02

1 files changed, 5 insertions, 2 deletions

diff --git a/global/post-tasks.d/015cosmos-trust b/global/post-tasks.d/015cosmos-trust
index 447d875..5c3359b 100755
--- a/global/post-tasks.d/015cosmos-trust
+++ b/global/post-tasks.d/015cosmos-trust
@@ -4,12 +4,15 @@ if [ -z "$COSMOS_KEYS" ]; then
    COSMOS_KEYS=/etc/cosmos/keys
 fi
 
+# Install new keys discovered in the $COSMOS_KEYS directory
 for k in $COSMOS_KEYS/*.pub; do
    fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
-   cosmos gpg --with-colons --fingerprint | grep -q ":$fp:" || cosmos gpg --import < $k
+   # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
+   cosmos gpg --with-colons --fingerprint | grep -v "^pub:e:" | grep -q ":$fp:" || cosmos gpg --import < $k
 done
 
-for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
+# Delete keys no longer present in $COSMOS_KEYS directory
+for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5 }'`; do
    seen="no"
    for k in $COSMOS_KEYS/*.pub; do
       cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"