#!/bin/sh -efu
#
# Copyright (C) 2025 Evgeny Sinelnikov <sin@altlinux.org>
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
#

. shell-error
. shell-quote
. shell-args

PROG="${0##*/}"
PROG_VERSION='0.1'

short_options='h,v,V'
long_options='help,verbose,version'

apt_gpgkeys_data_dir="/usr/share/pki/apt-gpg"
apt_gpgkeys_data_sources="$apt_gpgkeys_data_dir/sources"
apt_gpgkeys_data_blacklist="$apt_gpgkeys_data_dir/blacklist"

apt_gpgkeys_dir="/etc/pki/apt-gpg"
apt_gpgkeys_sources="$apt_gpgkeys_dir/sources"
apt_gpgkeys_blacklist="$apt_gpgkeys_dir/blacklist"

alt_gpgkeys="/usr/lib/alt-gpgkeys"
apt_gpgkeys_extracted="$apt_gpgkeys_dir/extracted"

print_version()
{
	cat <<EOF
$PROG version $PROG_VERSION
Written by Evgeny Sinelnikov <sin@altlinux.org>

Copyright (C) 2025 Evgeny Sinelnikov <sin@altlinux.org>
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
EOF
	exit
}

show_help()
{
	cat <<EOF
$PROG - APT Public Key Infrastructure for external GnuPG utility.

Usage: $PROG [options] list
or:    $PROG [options] update

Options:
  -v, --verbose             print a message for each action;
  -V, --version             print program version and exit;
  -h, --help                show this text and exit.

Report bugs to https://bugzilla.altlinux.org/

EOF
	exit
}

TEMP=$(getopt -n $PROG -o "$short_options" -l "$long_options" -- "$@") ||
	show_usage
eval set -- "$TEMP"

verbose=
while :; do
	case "$1" in
		--) shift; break
			;;
		-h|--help) show_help
			;;
		-v|--verbose) verbose=-v; quiet=
			;;
		-V|--version) print_version
			;;
		*) fatal "Unrecognized option: $1"
			;;
	esac
	shift
done

[ $# -ge 1 ] ||
	show_usage 'Not enough arguments.'
[ $# -eq 1 ] ||
	show_usage 'Too many arguments.'

command="$1"

case "$command" in
	'list') ;;
	'update') ;;
	*) show_usage 'Unknown command.' ;;
esac

tempdir=
cleanup_handler()
{
	trap - EXIT
	[ -z "$tempdir" ] || rm -rf "$tempdir"
	exit "$@"
}

exit_handler()
{
	cleanup_handler $?
}

signal_handler()
{
	cleanup_handler 1
}

update_gpgkeys()
{
	trap exit_handler EXIT
	trap signal_handler HUP PIPE INT QUIT TERM
	tempdir="$(mktemp -td apt-gpgkeys.XXXXXX)"

	export LANG=C
	export GNUPGHOME="$tempdir"

	cp "$alt_gpgkeys"/{gpg.conf,pubring.gpg,secring.gpg} "$tempdir/"

	find "$apt_gpgkeys_sources/" -mindepth 1 -maxdepth 1 | while read keyfile;
	do
		gpg --import "$keyfile" 2>/dev/null ||
			warning "$keyfile: Invalid gpg key file"
	done

	find "$apt_gpgkeys_data_sources/" -mindepth 1 -maxdepth 1 | while read keyfile;
	do
		gpg --import "$keyfile" 2>/dev/null ||
			warning "$keyfile: Invalid gpg key file"
	done

	cp "$tempdir"/{gpg.conf,pubring.gpg,secring.gpg} "$apt_gpgkeys_extracted/"
}

print_gpgkeys()
{
	export GNUPGHOME="$apt_gpgkeys_extracted/"

	gpg --no-permission-warning --list-keys --with-colons | grep -E '^(pub|uid):' | cut -f10 -d:
}

case "$command" in
	'list') print_gpgkeys
		;;
	'update') update_gpgkeys
		;;
esac

exit 0
