#!/bin/bash
#
# vim:tabstop=3:expandtab:shiftwidth=3
#

Args="$*"

RpmGpgDir=/etc/pki/rpm-gpg
RefreshDir=.refresh
UrlsFile=urls.txt

# Get the -- options (into vars all - chars are converted to _)
while [ "${1:0:2}" = '--' ]
do
   eval "$(sed -e 's|=.*||' -e 's|-|_|g' <<< "$1" | tr '\n' '='
           sed -e 's|^--[^=]\+$|'"'yes|" -e \
           's|^[^=]\+=|'"'|" -e "s|$|'|" <<< "$1")"
   shift
done

# Little help
if [ "$__help" = "yes" ] || [ "$1" = '-h' ]
then
   echo
   echo "  Usage: $(basename $BASH_SOURCE) [OPTIONS] [GPGFILE] .."
   echo
   echo "  Options:"
   echo
   grep -v '^#' $BASH_SOURCE | tr '$' '\n' | grep '^__[a-z]' | \
   sed -e 's|^\([_a-z]\+\)[^_a-z].*yes.*|\1|' \
       -e 's|^\([_a-z]\+\)[^_a-z].*|\1[=VAL]|' \
       -e 's|_|-|g' -e 's|^|   |' | sort -u
   echo
   exit 0
fi

if [ $(id -u) -ne 0 ]
then
   exec sudo $0 $Args
fi

# Value based options check
unset Exit
for ValOpt in $(grep -v '^#' $BASH_SOURCE | tr '$' '\n' | grep '^__[a-z]' | \
                sed -e 's|^\([_a-z]\+\)[^_a-z].*yes.*||' \
                -e 's|^\([_a-z]\+\)[^_a-z].*|\1|')
do
   if [ "$(eval echo "\$$ValOpt")" = "yes" ]
   then
      echo "! [CHECK] $ValOpt missing =VAL" | tr '_' '-' >&2
      Exit=1
   fi
done

RegExpr=''
while [ $# -gt 0 ]
do
   RegExpr="$(sed 's~.$~\0|~' <<< "$RegExpr")^$(basename $1)\$"
   shift
done

if [ ! -d $RpmGpgDir/$RefreshDir ] && \
   [   -f $RpmGpgDir/.$UrlsFile ]
then
   echo "# Migrating to $RpmGpgDir/$RefreshDir"
   mkdir -p $RpmGpgDir/$RefreshDir
   mv $RpmGpgDir/.$UrlsFile $RpmGpgDir/$RefreshDir/$UrlsFile
fi

echo "## Check for new RPM-GPG signing keys"
for U in $(grep '^\s*https://' $RpmGpgDir/$RefreshDir/$UrlsFile 2> /dev/null)
do
   F="$(basename $U)"
   if grep -q -E "$RegExpr" <<< "$F"
   then
      UrlMd5="$(wget -O - -q $U | md5sum | awk '{print $1}')"
      FileMd5="$(md5sum "$RpmGpgDir/$F" 2> /dev/null | awk '{print $1}')"
      FileDate="$(date -r "$RpmGpgDir/$F" +%Y-%m-%d_%H.%M.%S)"
      if [ "$UrlMd5" != "$FileMd5" ]
      then
      (
         echo "# Updating GPG signing key $F (from $U)"
         cd $RpmGpgDir
         if [ -f $F ]
         then
            echo "# mv $F $RefreshDir/$F.$FileDate"
            mv $F $RefreshDir/$F.$FileDate
         fi
         echo "# wget $U"
         wget -nv $U
         if file $F | grep -q 'PGP public key'
         then
            echo "# [OK] $F is a PGP public key"
            if [ -f $RefreshDir/$F.$FileDate ]
            then
               Rpm="$(rpm -q "$(gpg --show-keys "$RefreshDir/$F.$FileDate" | \
                      grep '^\s' | sed 's|.*\(........\)$|gpg-pubkey-\1-*|' | \
                      tr '[[:upper:]]' '[[:lower:]]')" 2> /dev/null | \
                      grep '^gpg-pubkey-')"
               if [ ${#Rpm} -gt 0 ]
               then
                  echo "# $RefreshDir/$F.$FileDate imported as RPM $Rpm," \
                       "removing RPM"
                  echo "# rpm -e $Rpm"
                  rpm -e $Rpm
               fi
            fi
            echo "# rpm --import $F"
            rpm --import "$F"
         else
            echo "! [FAIL] $F is not a PGP public key"
            echo "# rm -f $F" 
            rm -f $F
            if [ -f $RefreshDir/$F.$FileDate ]
            then
               echo "# mv $RefreshDir/$F.$FileDate $F"
               mv $RefreshDir/$F.$FileDate $F
            fi
         fi
      ) >&2
      fi
   fi
done

