#!/bin/bash

# Copyright (c) 2008 Jonathan McDowell <noodles@earth.li>
# GNU GPL; v2 or later
# Cleans all keys in a keyring dir by importing into GPG and exporting
# again with import-minimal/export-minimal

set -e

if [ -z "$1" ]; then
	echo "Usage: clean-keys dir" >&2
	exit 1
fi

# avoid gnupg touching ~/.gnupg
GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
export GNUPGHOME
trap cleanup exit
cleanup () {
	rm -rf "$GNUPGHOME"
}

keydir="$1"

# Check we have up to date keyrings available for checking the signatures
echo Making keyrings
make

for key in $keydir/0x*; do
	keyid=${key##$keydir/}
	# This should be a no-op, but doesn't hurt.
	echo Importing key $keyid
	if gpg --keyring output/keyrings/debian-keyring.gpg \
		--keyring output/keyrings/debian-keyring.pgp \
		--keyring output/keyrings/emeritus-keyring.gpg \
		--keyring output/keyrings/emeritus-keyring.pgp \
		--keyring output/keyrings/extra-keys.pgp \
		--import-options import-clean \
		--no-auto-check-trustdb --options /dev/null \
		--import $key; then
		echo Exporting combined key
		gpg --keyring output/keyrings/debian-keyring.gpg \
			--keyring output/keyrings/debian-keyring.pgp \
			--keyring output/keyrings/emeritus-keyring.gpg \
			--keyring output/keyrings/emeritus-keyring.pgp \
			--keyring output/keyrings/extra-keys.pgp \
			--export-options export-clean \
			--no-auto-check-trustdb --options /dev/null \
			--export $keyid > $GNUPGHOME/$keyid

		mv $GNUPGHOME/$keyid $keydir/$keyid
	fi
done
