#!/bin/sh

. $(dirname $0)/conf.sh

mkdir -p $repos || exit 1

test -f "$repos/gpg.key" || {
    tmpfile="/tmp/greenstone-gpg-$(date +%s)"
    if y "GPG key missing. Generate new GPG key"; then
        echo
        y "Show suggested (more secure) GPG config" && echo "Append the following to ~/.gnupg/gpg.conf:

        # Prioritize stronger algorithms for new keys.
        default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
        # Use a stronger digest than the default SHA1 for certifications.
        cert-digest-algo SHA512
        "
        echo
        # hack to get the output in order to get the keyid
        gpg --gen-key | tee $tmpfile
        keyid=$(tail -2 $tmpfile | head -1 | awk -F'[/ ]' '{print $5}')
        rm -f $tmpfile
    else
        echo
        if test -f $base/gpg.key.id && y "Existing Key-id file found. Use that"; then
            keyid=$(cat $base/gpg.key.id)
        else
            gpg --list-keys
            echo "Enter the keyid of the GPG key to use:"
            while test -z $keyid; do
                echo -n "> "
                read keyid
            done
        fi
    fi
    echo "Adding gpg public key"
    tmpfile="/tmp/greenstone-gpg-$(date +%s)"
    gpg --armor --output $tmpfile --export $keyid || exit 1
    cp $tmpfile $repos/gpg.key
    rm -f $tmpfile
    echo $keyid > $base/gpg.key.id
}