From 12ab51351edfea56acfa9f7ef8c730bd6c54b327 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sun, 1 May 2016 19:41:45 +0100
Subject: [PATCH] Refresh gpg keys every few hours

---
 src/freedombone     | 14 ++++++++++++++
 src/freedombone-sec |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/freedombone b/src/freedombone
index ba4f88c2..879c20f4 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -540,6 +540,9 @@ RSS_READER_PATH=/etc/share/tt-rss
 RSS_READER_GNUSOCIAL_REPO="https://github.com/bashrc/ttrss-gnusocial"
 RSS_READER_GNUSOCIAL_COMMIT='8b92b8f5db7b0d12459c7bd86a50f48815efe642'
 
+# refresh gpg keys every few hours
+REFRESH_GPG_KEYS_HOURS=2
+
 function show_help {
 	echo ''
 	echo $"${PROJECT_NAME} -c [configuration file]"
@@ -1076,6 +1079,9 @@ function read_configuration {
 		if [[ $CONFIGURATION_FILE != "/root/${PROJECT_NAME}.cfg" ]]; then
 			cp $CONFIGURATION_FILE /root/${PROJECT_NAME}.cfg
 		fi
+		if grep -q "REFRESH_GPG_KEYS_HOURS" $CONFIGURATION_FILE; then
+			REFRESH_GPG_KEYS_HOURS=$(grep "REFRESH_GPG_KEYS_HOURS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+		fi
 		if grep -q "WEBMAIL_REPO" $CONFIGURATION_FILE; then
 			WEBMAIL_REPO=$(grep "WEBMAIL_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
 		fi
@@ -5307,6 +5313,13 @@ function configure_gpg {
 	echo 'configure_gpg' >> $COMPLETION_FILE
 }
 
+function refresh_gpg_keys {
+	if ! grep -q "gpg --refresh-keys" /etc/crontab; then
+		echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $MY_USERNAME /usr/bin/gpg --refresh-keys > /dev/null" >> /etc/crontab
+		systemctl restart cron
+	fi
+}
+
 function configure_backup_key {
 	if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
 		return
@@ -10741,6 +10754,7 @@ spam_filtering
 configure_imap
 #configure_imap_client_certs
 configure_gpg
+refresh_gpg_keys
 configure_backup_key
 install_monkeysphere
 encrypt_incoming_email
diff --git a/src/freedombone-sec b/src/freedombone-sec
index f0c658bd..f3fcf402 100755
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -617,7 +617,7 @@ function enable_monkeysphere {
 		# The admin user is the identity certifier
 		fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
 		monkeysphere-authentication add-identity-certifier $fpr
-
+        monkeysphere-host publish-key
 	else
 		sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
 		sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config