#!/bin/sh

set -e

KEYRING=/usr/share/keyrings/i2p-archive-keyring.gpg
REMOVED_KEYS=/usr/share/keyrings/i2p-archive-removed-keys.gpg
TRUSTDB=`mktemp --tmpdir trustdb.gpg.XXXXXXXXXX`

# Run cleanup function on exit
trap cleanup 0

run_gpg() {
	if [ -f "$TRUSTDB" ] && [ ! -s "$TRUSTDB" ]; then
		rm -f "$TRUSTDB"
	fi
	gpg --homedir=/dev/null --secret-keyring=/dev/null --trustdb-name="$TRUSTDB" \
		--batch --ignore-time-conflict --no-options --lock-never --no-auto-check-trustdb \
		--no-default-keyring --no-use-agent "$@" 2>/dev/null
}

cleanup() {
	if [ -f "$TRUSTDB" ]; then
		rm -f "$TRUSTDB"
	fi
}

list_keys() {
	run_gpg --with-colons --list-keys "$@" | grep ^pub
}

print_key() {
	echo "$1" | awk -F: 'BEGIN { ORS = "" } { print "  " $5, $6, $10; if ($7) print " [ expires " $7 " ]"; }'
}

remove_keys() {
	list_keys "$@" | while read key; do
		id=`echo "$key" | cut -d: -f5`
		if [ -n "`apt-key export $id 2>/dev/null`" ]; then
			print_key "$key"
			echo -n " ... "
			apt-key del $id
		fi
	done
}

sync_keys() {
	action="$1"
	if [ -s "$KEYRING" ]; then
		if [ "$action" = "update" ]; then
			echo "Adding/refreshing keys:"
			list_keys --keyring $KEYRING | while read key; do
				print_key "$key"
				echo
			done
			echo -n "... "
			# doesn't work with new GPG
			# apt-key add $KEYRING
			run_gpg --keyring $KEYRING --export -a | apt-key add -
		elif [ "$action" = "remove" ]; then
			echo "Removing keys (if exist):"
			remove_keys  --keyring $KEYRING
		else
			echo "Internal error: unknown sync action '$action'" >&2
			exit 2
		fi
	fi
	
	if [ -s "$REMOVED_KEYS" ]; then
		echo "Removing old keys (if exist):"
		remove_keys --keyring $REMOVED_KEYS
	fi
}

postinst() {
	case "$1" in
		configure)
			sync_keys update
		;;
		abort-upgrade|abort-remove|abort-deconfigure)
		;;
		*)
			echo "unrecognized postinst argument: $1" >&2
			exit 1
		;;
	esac
}

prerm() {
	case "$1" in
		remove|purge)
			sync_keys remove
		;;

		upgrade|deconfigure)
		;;

		failed-upgrade)
		;;

		*)
			echo "unrecognized prerm argument: $1" >&2
			exit 1
		;;
	esac
}

if [ ! -x /usr/bin/apt-key ]; then
	exit 0
fi

case "$0" in
	*prerm)
		prerm "$@"
	;;
	*postinst)
		postinst "$@"
	;;
	*)
		echo "Unhandled script: $0" >&2
		exit 1
	;;
esac

exit 0