summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorBjörn Mattsson <bjorn@sunet.se>2023-03-06 11:22:05 +0100
committerBjörn Mattsson <bjorn@sunet.se>2023-03-06 11:22:05 +0100
commit467dbdbf3d7212e25ee69daeaadd8adba7c7c5b8 (patch)
treed3576d5f2d4b5cc676c0a12ef8f8c3c83b474bf5 /scripts
parentbc1d55080e5d42e6ef2bba892d640aa8f68bbc90 (diff)
Moved files to make ths repo signed
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/aggregate.sh31
-rwxr-xr-xscripts/bump-tag43
-rwxr-xr-xscripts/cert-retrieve.sh8
-rwxr-xr-xscripts/create_mxml.sh81
-rwxr-xr-xscripts/do-update.sh13
-rwxr-xr-xscripts/expiration_date.pl11
-rwxr-xr-xscripts/get-metadata.sh111
-rw-r--r--scripts/now_date.pl7
-rwxr-xr-xscripts/pull-and-verify.sh50
-rwxr-xr-xscripts/remove_entity.sh65
-rwxr-xr-xscripts/rename-xml.sh44
-rw-r--r--scripts/unique_id.pl7
-rwxr-xr-xscripts/update-and-validate.sh38
-rwxr-xr-xscripts/update-cron.sh27
-rwxr-xr-xscripts/update-trust29
-rwxr-xr-xscripts/update.sh28
-rw-r--r--scripts/urls2hostport.py6
-rwxr-xr-xscripts/verify-tag14
-rwxr-xr-xscripts/verify-uiinfo-urls.sh16
-rwxr-xr-xscripts/weekly-routines-metadata.sh8
20 files changed, 99 insertions, 538 deletions
diff --git a/scripts/aggregate.sh b/scripts/aggregate.sh
deleted file mode 100755
index 35ac1a7b..00000000
--- a/scripts/aggregate.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-aggregate_interval_min=60
-
-DIR=`pwd`
-ODIR=$1
-
-last_aggregate_ts=$ODIR/last_aggregate.ts
-
-if find $last_aggregate_ts -mmin -$aggregate_interval_min 2>/dev/null | grep -q . ; then
- exit 0
-fi
-
-rm -f $ODIR/*.xml
-
-grep -v -e '^#' $ODIR/metadata.lst | grep . | (while read url cert; do
- cfile=""
- if [ "x$cert" != "x" ]; then
- cfile=$DIR/certs/$cert
- fi
- cmd="$DIR/scripts/pull-and-verify.sh $url $ODIR $cfile"
- $cmd
- ret=$?
- if [ "$ret" != "0" ] ; then
- echo "$cmd returned $ret"
- exit $ret
- fi
-done) || exit $ret
-
-touch $last_aggregate_ts
-
diff --git a/scripts/bump-tag b/scripts/bump-tag
new file mode 100755
index 00000000..7cb85076
--- /dev/null
+++ b/scripts/bump-tag
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+git pull
+
+tagpfx=${tag:="md"}
+
+last_tag=`git tag -l "${tagpfx}-*"|sort|tail -1`
+
+echo "Verifying last tag $last_tag:"
+(git tag -v $last_tag | grep ^gpg:) || true
+# again to not mask exit status of git with grep
+git tag -v $last_tag > /dev/null 2>&1
+echo ""
+
+echo "Differences between tag $last_tag and what you are about to sign:"
+PAGER=cat git diff $last_tag..master
+
+iter=1
+ok=
+while test -z "$ok"; do
+ this_tag=$(date +${tagpfx}-%Y-%m-%d-v`printf "%02d" $iter`)
+ iter=`expr $iter + 1`
+ case `(echo $this_tag; echo $last_tag) | sort | tail -1` in
+ $last_tag)
+ ;;
+ $this_tag)
+ ok=yes
+ ;;
+ esac
+done
+
+echo ""
+echo "Using new tag $this_tag"
+echo ONLY SIGN IF YOU APPROVE OF VERIFICATION AND DIFF ABOVE
+
+# GITTAGEXTRA is for putting things like "-u 2117364A"
+
+git tag $GITTAGEXTRA -m bump. -s $this_tag
+
+git push
+git push --tags
diff --git a/scripts/cert-retrieve.sh b/scripts/cert-retrieve.sh
deleted file mode 100755
index 5440b0f8..00000000
--- a/scripts/cert-retrieve.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# usage: retrieve-cert.sh remote.host.name [port]
-#
-REMHOST=$1
-REMPORT=${2:-443}
-
-echo | openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
diff --git a/scripts/create_mxml.sh b/scripts/create_mxml.sh
deleted file mode 100755
index bb7855d5..00000000
--- a/scripts/create_mxml.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/bash
-# Creates MXML files to be used in signing of Metadata
-if ! test -d swamid-2.0 ; then
- echo "Script should be run from base directory of swamid-metadata"
- exit
-fi
-
-ls swamid-2.0/ swamid-testing/ swamid-edugain | egrep -v "/:|^$" | sort | uniq -c | awk '$1 > 1 {print $2, "exists in more than one feed"}'
-
-#
-# eduGAIN
-#
-cat << EOF > swamid-edugain-idp-1.0.mxml
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- Name="http://md.swamid.se/md/swamid-idp-2.0.xml">
-EOF
-grep -l IDPSSO swamid-edugain/*.xml | LC_ALL=C sort | while read file; do
- echo " <xi:include href=\"$file\"/>" >> swamid-edugain-idp-1.0.mxml
-done
-echo "</md:EntitiesDescriptor>" >> swamid-edugain-idp-1.0.mxml
-
-cat << EOF > swamid-edugain-sp-1.0.mxml
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
-EOF
-grep -l SPSSO swamid-edugain/*.xml | grep -v "`grep -l IDPSSO swamid-edugain/*.xml`" | LC_ALL=C sort | while read file; do
- echo " <xi:include href=\"$file\"/>" >> swamid-edugain-sp-1.0.mxml
-done
-echo "</md:EntitiesDescriptor>" >> swamid-edugain-sp-1.0.mxml
-
-#
-# Swamid-2.0
-#
-cat << EOF > swamid-idp-2.0.mxml
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- Name="http://md.swamid.se/md/swamid-idp-2.0.xml">
- <xi:include href="swamid-edugain-idp-1.0.mxml" xpointer="xpointer(//*[@entityID])"/>
-
- <!-- Opt-out from eduGAIN IDP:s -->
-EOF
-grep -l IDPSSO swamid-2.0/*.xml | LC_ALL=C sort | while read file; do
- echo " <xi:include href=\"$file\"/>" >> swamid-idp-2.0.mxml
-done
-echo "</md:EntitiesDescriptor>" >> swamid-idp-2.0.mxml
-
-cat << EOF > swamid-sp-2.0.mxml
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
- <xi:include href="swamid-edugain-sp-1.0.mxml" xpointer="xpointer(//*[@entityID])"/>
-
- <!-- Opt-out from eduGAIN SP:s -->
-EOF
-grep -l SPSSO swamid-2.0/*.xml | grep -v "`grep -l IDPSSO swamid-2.0/*.xml`" | LC_ALL=C sort | while read file; do
- echo " <xi:include href=\"$file\"/>" >> swamid-sp-2.0.mxml
-done
-echo "</md:EntitiesDescriptor>" >> swamid-sp-2.0.mxml
-
-#
-# Swamid-testing
-#
-cat << EOF > swamid-testing-idp-1.0.mxml
-<?xml version="1.0"?>
-<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xi="http://www.w3.org/2001/XInclude" Name="http://md.swamid.se/md/swamid-testing-idp-1.0.xml">
-EOF
-egrep -l "AttributeAuthorityDescriptor|IDPSSODescriptor" swamid-testing/*.xml | LC_ALL=C sort | while read file; do
- echo " <xi:include href=\"$file\"/>" >> swamid-testing-idp-1.0.mxml
-done
-echo "</EntitiesDescriptor>" >> swamid-testing-idp-1.0.mxml
-
-cat << EOF > swamid-testing-sp-1.0.mxml
-<?xml version="1.0"?>
-<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xi="http://www.w3.org/2001/XInclude" Name="http://md.swamid.se/md/swamid-testing-sp-1.0.xml">
-EOF
-grep -l SPSSO swamid-testing/*.xml | grep -v "`egrep -l "AttributeAuthorityDescriptor|IDPSSODescriptor" swamid-testing/*.xml`" | LC_ALL=C sort | while read file; do
- echo " <xi:include href=\"$file\"/>" >> swamid-testing-sp-1.0.mxml
-done
-echo "</EntitiesDescriptor>" >> swamid-testing-sp-1.0.mxml
diff --git a/scripts/do-update.sh b/scripts/do-update.sh
new file mode 100755
index 00000000..5dc38700
--- /dev/null
+++ b/scripts/do-update.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+cd /var/cache/metadata_git.swamid.se && make update
+rsync -a /opt/metadata/swamid-internal/* /opt/metadata/swamid-qa
+
+./scripts/download-pending
+cd /var/cache/metadata_git.swamid.se/metadata || exit 2
+for file in `ls swamid-internal/` ; do
+ if [ -r swamid-qa/$file ]; then
+ diff swamid-internal/$file swamid-qa/$file || exit 1
+ fi
+done
+#/opt/metadata/scripts/update-and-validate.sh
diff --git a/scripts/expiration_date.pl b/scripts/expiration_date.pl
deleted file mode 100755
index cf297c5f..00000000
--- a/scripts/expiration_date.pl
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env perl
-
-use Date::Calc qw/Today_and_Now Add_Delta_Days/;
-my $delta = $ARGV[0];
-$delta = 30 unless $delta;
-
-($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
-($year,$month,$day) = Add_Delta_Days($year,$month,$day,$delta);
-my $date = sprintf "%s-%02d-%02dT%02d:%02d:%02dZ",$year,$month,$day,$hour,$min,$sec;
-print $date;
-
diff --git a/scripts/get-metadata.sh b/scripts/get-metadata.sh
deleted file mode 100755
index 16379681..00000000
--- a/scripts/get-metadata.sh
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/bash
-#
-# Fetch Service Provider metadata and save into entityid filename
-#
-
-error()
-{
- echo "Error: $*" 1>&2
- exit 1
-}
-
-metadataurl=$1
-if [ -z "$metadataurl" ] ; then
- cat <<EOF
-Usage: `basename $0` <metadataurl>
-Ex: `basename $0` https://shibsp.mysite.com/Shibboleth.sso/Metadata
- `basename $0` https://shibidp.mysite.com/idp/profile/Metadata/SAML
- `basename $0` some-downloaded-metadata.xml
- `basename $0` reep:<entityid>
- `basename $0` <hostname> (tries to pull from standard locations)
-EOF
- exit 1
-fi
-
-xmldir=swamid-2.0
-update_xml=true
-if echo "$metadataurl" | grep -qE '^http://|^https://' ; then
- metadata=`curl -L -s -k -f "$metadataurl"`
-elif echo "$metadataurl" | grep -qE '^reep:' ; then
- id=`echo -n "$metadataurl" | sed 's/^reep://' | sha1sum | awk '{print $1}'`
- metadataurl="http://md.reep.refeds.org/entities/%7Bsha1%7D$id"
- metadata=`curl -L -s -k -f "$metadataurl"`
-else
- if [ -s "${metadataurl}" ]; then
- metadata=`cat "$metadataurl"`
- else
- case $metadataurl in
- [0-9][0-9]*)
- xmldir=$(curl -L -m 5 -s -k -f "https://metadata.swamid.se/?show=feed&id=${metadataurl}")
- urls="https://metadata.swamid.se/?rawXML=${metadataurl}"
- update_xml=false
- ;;
- http*)
- urls="$metadataurl"
- ;;
- *)
- urls="https://${metadataurl}/idp/shibboleth https://${metadataurl}/Shibboleth.sso/Metadata https://${metadataurl}/saml/index/sp-metadata https://${metadataurl}/saml/metadata https://${metadataurl}/federationmetadata/2007-06/federationmetadata.xml"
- ;;
- esac
- for i in ${urls}; do
- metadata=`curl -L -m 5 -s -k -f "${i}"`
- [ -n "${metadata}" ] && break
- done
- fi
-fi
-[ -n "$metadata" ] || error "Failed to fetch metadata from $metadataurl"
-
-script_cwd=`dirname "$0"`
-if test -d $xmldir ; then
- echo "Moving into $xmldir/"
- cd $xmldir
- echo "$script_cwd" | grep -q ^/ || script_cwd=../$script_cwd
-fi
-
-entityid=`echo "$metadata" | sed -n 's/.*entityID=['\''"]\([^"]*\)['\''"].*/\1/p'`
-[ -n "$entityid" ] || error "Failed to find entityID in metadata"
-[ `echo "$entityid" | wc -l` = 1 ] || error "Multiple entityid:s found: `echo $entityid`"
-
-entityidfn=`echo "$entityid" | sed 's;.*://;;' | sed 's/[^a-zwA-ZW0-9_.-]/-/g' | sed 's/$/.xml/'`
-[ -n "$entityidfn" ] || error "Failed to generate filename from entityid $entityid"
-OLDFILE=$(find ../swamid-testing ../swamid-2.0 ../swamid-edugain -name $entityidfn | grep -v $xmldir)
-if [ -n "$OLDFILE" ]; then
- echo "Moving $OLDFILE into $xmldir"
- git mv $OLDFILE $entityidfn
-fi
-[ -r "$entityidfn" ] && new=false || new=true
-if $new ; then
- echo -n "Save metadata into $entityidfn [Y/n]? "
-else
- regdate=$(sed -n 's;.*RegistrationInfo.*registrationInstant="\([^"]*\)".*;\1;p' < "$entityidfn" | head -n 1)
- echo -n "Replace $entityidfn with metadata [Y/n]? "
-fi
-[ -n "$regdate" ] || regdate=$(perl $script_cwd/../scripts/now_date.pl)
-
-read x
-case $x in
- Y|y|"")
- echo "$metadata" > $entityidfn
- tmp=`mktemp`
- if $update_xml ; then
- xsltproc --stringparam regDate "$regdate" $script_cwd/../xslt/add-rpi.xsl ${entityidfn} > ${tmp} && mv ${tmp} ${entityidfn}
- fi
- xsltproc $script_cwd/../xslt/clean-entitydescriptor.xsl ${entityidfn} > ${tmp} && mv ${tmp} ${entityidfn}
-
- if $new ; then
- echo -n "Add ${xmldir}/$entityidfn to git [Y/n]? "
- read x
- case $x in
- Y|y|"")
- git add $entityidfn
- ;;
- *)
- echo "Not added"
- ;;
- esac
- fi
- ;;
- *)
- echo "Nothing done"
- ;;
-esac
diff --git a/scripts/now_date.pl b/scripts/now_date.pl
deleted file mode 100644
index 1a5e6890..00000000
--- a/scripts/now_date.pl
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env perl
-
-use Date::Calc qw/Today_and_Now/;
-
-($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
-my $date = sprintf "%s-%02d-%02dT%02d:%02d:%02dZ",$year,$month,$day,$hour,$min,$sec;
-print $date;
diff --git a/scripts/pull-and-verify.sh b/scripts/pull-and-verify.sh
deleted file mode 100755
index 8994fab1..00000000
--- a/scripts/pull-and-verify.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-URL=$1
-DIR=$2
-CERT=$3
-
-if echo "$DIR" | grep -q "mds.swamid.se" ; then
- publish_name=mds.swamid.se
-else
- publish_name=md.swamid.se
-fi
-
-TMPF=`mktemp`
-curl -s -m 120 -k -L $URL > $TMPF
-if [ $? -ne 0 ]; then
- echo "Unable to download $URL: $?"
- exit 1
-fi
-if [ "x$CERT" != "x" ]; then
- xmlsec1 --verify --pubkey-cert-pem $CERT --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor $TMPF
- #samlsign -c $CERT -f $TMPF
- if [ $? -ne 0 ]; then
- echo "Unable to verify $URL with $CERT: $?"
- exit 1
- fi
-fi
-TMPD=`mktemp -d`
-xsltproc --stringparam output $TMPD xslt/import-metadata.xsl $TMPF
-if [ $? -ne 0 ]; then
- echo "Unable to import metadata from $URL: $?"
- exit 1
-fi
-rsync -avz $TMPD/ $DIR
-(
-echo '<?xml version="1.0"?>'
-echo "<EntitiesDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:xi=\"http://www.w3.org/2001/XInclude\" Name=\"http://$publish_name/md/$DIR.xml\">"
-T=`mktemp`
-for md in $DIR/*.xml; do
- xsltproc xslt/clean-entitydescriptor.xsl $md > $T && mv $T $md
- test=`echo $md | cut -d/ -f2-`
- if [ ! -f "swamid-2.0/$test" -a ! -f "swamid-edugain/$test" ]; then
- echo "<xi:include href=\"$md\"/>"
- fi
-done
-rm -f $T
-echo "</EntitiesDescriptor>"
-) > $DIR.mxml
-#git add $DIR.mxml $DIR
-#git commit -m "$URL into $DIR" $DIR.mxml $DIR
-rm -rf $TMPF $TMPD
diff --git a/scripts/remove_entity.sh b/scripts/remove_entity.sh
deleted file mode 100755
index 60645a7e..00000000
--- a/scripts/remove_entity.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-error()
-{
- echo "Error: $*"
- exit 1
-}
-
-if [ -z "$1" ]; then
- echo "$0 <Filename / id from metadata to remove>"
- exit
-fi
-
-metadataurl=$1
-
-if [ -s "${metadataurl}" ]; then
- entityidfn=$(basename "$metadataurl")
-else
- case $metadataurl in
- [0-9][0-9]*)
- url="https://metadata.swamid.se/?rawXML=${metadataurl}"
- ;;
- https://metadata.swamid.se/?showEntity=*)
- #url=$(echo "$metadataurl" | sed 's;showEntity;rawXML;')
- url=${metadataurl//showEntity/rawXML}
- ;;
- esac
- metadata=$(curl -L -m 5 -s -k -f "${url}")
-
- [ -n "$metadata" ] || error "Failed to fetch metadata from $metadataurl"
-
- entityid=$(echo "$metadata" | sed -n 's/.*entityID=['\''"]\([^"]*\)['\''"].*/\1/p')
- [ -n "$entityid" ] || error "Failed to find entityID in metadata"
- [ "$(echo "$entityid" | wc -l | sed 's/ //g')" = "1" ] || error "Multiple entityid:s found: $entityid"
-
- entityidfn=$(echo "$entityid" | sed 's;.*://;;' | sed 's/[^a-zwA-ZW0-9_.-]/-/g' | sed 's/$/.xml/')
- [ -n "$entityidfn" ] || error "Failed to generate filename from entityid $entityid"
-fi
-file=$(find swamid-testing swamid-2.0 swamid-edugain -name "$entityidfn" | head -1)
-
-if [ -r "$file" ]; then
- echo "---------------------"
- grep "$file" ./*.mxml
- echo "---------------------"
- echo -n "OK to remove ? [Y/n]"
- read -r x
- case $x in
- "Y"|"y"|"") ;;
- *) exit 1 ;;
- esac
-
- echo
- git rm "$file"
-
- grep "$file" ./*.mxml | sed 's/\(.*\.mxml\): <xi:include href=".*"\/>/\1/' | while read -r mxmlfile ; do
- sed -i.bak "/\/$entityidfn/d" "$mxmlfile"
- if [ -f "$mxmlfile".bak ]; then
- rm "$mxmlfile".bak
- fi
- done
- git diff
- git status
-else
- error "File not found: $file"
-fi
diff --git a/scripts/rename-xml.sh b/scripts/rename-xml.sh
deleted file mode 100755
index 4326579f..00000000
--- a/scripts/rename-xml.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash
-#
-# Fetch Service Provider metadata and save into entityid filename
-#
-
-error()
-{
- echo "Error: $*" 1>&2
- exit 1
-}
-
-metadata=$1
-if [ -z "$metadata" ] ; then
- cat <<EOF
-Usage: `basename $0` <file to check>
-Ex: `basename $0` account.eciu.eu.xml
-EOF
- exit 1
-fi
-
-entityid=`cat "$metadata" | sed -n 's/.*entityID=['\''"]\([^"]*\)['\''"].*/\1/p'`
-[ -n "$entityid" ] || error "Failed to find entityID in metadata"
-[ `echo "$entityid" | wc -l` = 1 ] || error "Multiple entityid:s found: `echo $entityid`"
-
-entityidfn=`echo "$entityid" | sed 's;https*://;;' | sed 's/[^a-zA-Z0-9_.-]/-/g' | sed 's/$/.xml/'`
-[ -n "$entityidfn" ] || error "Failed to generate filename from entityid $entityid"
-
-[ -r "$entityidfn" ] && new=false || new=true
-if $new ; then
- echo -n "Move $metadata into $entityidfn [Y/n]? "
-else
- echo "$entityidfn and $metadata are the same"
- exit
-fi
-read x
-case $x in
- Y|y|"")
- git mv $metadata $entityidfn
-
- ;;
- *)
- echo "Nothing done"
- ;;
-esac
diff --git a/scripts/unique_id.pl b/scripts/unique_id.pl
deleted file mode 100644
index 18ec9e13..00000000
--- a/scripts/unique_id.pl
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env perl
-
-use Date::Calc qw/Today_and_Now/;
-
-($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
-print sprintf "swamid%s%02d%02dT%02d%02d%02dZ",$year,$month,$day,$hour,$min,$sec;
-
diff --git a/scripts/update-and-validate.sh b/scripts/update-and-validate.sh
deleted file mode 100755
index a4a1bddb..00000000
--- a/scripts/update-and-validate.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh
-# Used on metadata.swamid.se and metadata.lab.swamid.se
-
-update()
-{
-# echo "git pull"
- git pull -q || return $?
-
- # Remove old entitys from DB
- ls swamid-edugain/*.xml swamid-2.0/*.xml swamid-testing/*.xml | sed 's@swamid-.*/\(.*\).xml@.time/\1.validate@' | sort > /tmp/$$.xml
- ls .time/*.validate > /tmp/$$.time
- comm -13 /tmp/$$.xml /tmp/$$.time | while read file; do
- docker exec swamid-metadata-sp /var/www/scripts/removeEntity.bash /opt/metadata/$file
- done
- rm /tmp/$$.xml /tmp/$$.time
-
- # remove some flag-files to get DB refreshed
- if [ $(find .time/ -ctime +15 -type f | wc -l) -ne 0 ]; then
- rm `find .time/ -ctime +15 -type f | tail -10`
- fi
-
- # Update/Import "new" xml-files
- make -f Makefile.validate -s
-
- # check URL:s
- docker exec swamid-metadata-sp php /var/www/scripts/checkURLs.php
-
- # update TestResults from release-check -> DB
- docker exec swamid-metadata-sp php /var/www/scripts/updateTestResults.php
-
- # Cleanup Pending-queue
- docker exec swamid-metadata-sp php /var/www/scripts/cleanupPending.php
-}
-
-cd /opt/metadata || exit 1
-update
-# to be able to show non-swamid entities on web-page
-wget -qO swamid-2.0.xml https://mds.swamid.se/md/swamid-2.0.xml
diff --git a/scripts/update-cron.sh b/scripts/update-cron.sh
deleted file mode 100755
index f00daa03..00000000
--- a/scripts/update-cron.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-
-update()
-{
- echo "git pull"
- git pull || return $?
- echo
-
- echo "make aggregate"
- make aggregate || return $?
- echo
-
- echo "make (2007) web site for backwards compat"
- env SWAMID_MK_CONFIG=swamid2007.mk make web || return $?
- echo
-
- echo "make (2016)"
- env SWAMID_MK_CONFIG=swamid2016.mk make || return $?
- echo
-
- #echo "make (2016 - test)"
- #env SWAMID_MK_CONFIG=swamid2016-test.mk make # Allow this to fail
- #echo
-}
-
-cd /opt/swamid-metadata || exit 1
-update
diff --git a/scripts/update-trust b/scripts/update-trust
new file mode 100755
index 00000000..bffeaa1b
--- /dev/null
+++ b/scripts/update-trust
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+export GNUPGHOME=/etc/metadata/gnupg
+mkdir -p $GNUPGHOME
+chmod 0700 $GNUPGHOME
+export GPG=gpg
+
+# Install new keys discovered in the keys directory
+for k in keys/*.pub; do
+ fp=`$GPG --with-colons --with-fingerprint --show-key < $k | awk -F: '$1 == "pub" {print $5}'`
+ fp_in_db=`$GPG --with-colons --fingerprint | grep ":$fp:"`
+ if [ "x`echo $fp_in_db | grep '^pub:e:'`" != "x" ]; then
+ echo "$0: Key expired, will re-import it from $k"
+ $GPG --fingerprint $fp
+ fi
+ # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
+ echo $fp_in_db | grep -v "^pub:e:" | grep -q ":$fp:" || $GPG --import < $k
+done
+
+# Delete keys no longer present in keys directory
+for fp in `$GPG --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
+ seen="no"
+ for k in keys/*.pub; do
+ $GPG --with-colons --with-fingerprint --show-key < $k | grep -q ":$fp:" && seen="yes"
+ done
+ if [ "x$seen" = "xno" ]; then
+ $GPG --yes --batch --delete-key $fp || true
+ fi
+done
diff --git a/scripts/update.sh b/scripts/update.sh
deleted file mode 100755
index 5d1a9a2f..00000000
--- a/scripts/update.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-update()
-{
- echo "git pull"
- git pull || return $?
- echo
-
- echo "make aggregate"
- make aggregate || return $?
- echo
-
- echo "make test"
- make test || return $?
- echo
-
- echo "make"
- make || return $?
- echo
-}
-
-cd /opt/swamid-metadata || exit 1
-output=$(update 2>&1)
-ret=$?
-if [ "$ret" != "0" ] ; then
- echo "$output"
- exit $ret
-fi
diff --git a/scripts/urls2hostport.py b/scripts/urls2hostport.py
deleted file mode 100644
index c4ff33bf..00000000
--- a/scripts/urls2hostport.py
+++ /dev/null
@@ -1,6 +0,0 @@
-
-import sys
-from urlparse import urlparse
-for url in sys.stdin:
- o = urlparse(url)
- print o.netloc
diff --git a/scripts/verify-tag b/scripts/verify-tag
new file mode 100755
index 00000000..ddc3ff3b
--- /dev/null
+++ b/scripts/verify-tag
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+export GNUPGHOME=/etc/metadata/gnupg
+mkdir -p $GNUPGHOME
+export GPG=gpg
+
+git config --global gpg.program gpg
+
+tag=$(git tag -l "md-[0-9]*" | sort | tail -1)
+if [ -z "$tag" ]; then
+ echo "no matching tag found"
+ exit 1
+fi
+git checkout $tag && git tag -v $tag
diff --git a/scripts/verify-uiinfo-urls.sh b/scripts/verify-uiinfo-urls.sh
deleted file mode 100755
index b7e1f40a..00000000
--- a/scripts/verify-uiinfo-urls.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-x=$1
-if [ ! -f "$x" ]; then
- exit
-fi
-
-for i in `cat $x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor//Extensions/UIInfo - 2>/dev/null |grep -E "https?://" | awk -F'[><]' '{print $3}' | sort -u`; do
- code=`curl -L --connect-timeout 5 --retry 2 -o /dev/null --silent --head --write-out '%{http_code}\n' $i`
- if [ $code -eq 405 ]; then
- code=`curl -L --connect-timeout 5 --retry 2 -o /dev/null --silent --write-out '%{http_code}\n' $i`
- fi
- if [ $code -ne 200 ]; then
- echo " Code $code: $x: $i" | sed 's/.*/&/'
- fi
-done
diff --git a/scripts/weekly-routines-metadata.sh b/scripts/weekly-routines-metadata.sh
deleted file mode 100755
index e6178165..00000000
--- a/scripts/weekly-routines-metadata.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-# Used on metadata.swamid.se and metadata.lab.swamid.se
-
-# Store statistics
-docker exec swamid-metadata-sp php /var/www/scripts/saveWeekStats.php
-
-#Remove old URLs
-docker exec swamid-metadata-sp php /var/www/scripts/checkOldURLs.php