#!/bin/bash
#  sign-lots-o-keys version 0.1.3
#  Copyright (c) 2007 Lamont R. Peterson <peregrine@openbrainstem.net>
#  P.O. Box 1043, Centerville, Utah, U.S.A.  84014-5043
# 
#  This program is free software.  You can redistribute it, or modify it,
#  or both, under the terms of the GNU General Public License version 3
#  (or any later version) as published by the Free Software Foundation.
# 
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#  General Public License for more details.
# 
#  You should have received a copy of the GNU General Public License
#  along with this program.  If not, see <URL:http://www.gnu.org/licenses>.

print_help () {
	echo "$0 usage:" >&2
	echo "  Specify keys to be signed using -k:" >&2
	echo "    -k keyid [-k keyid [-k keyid [...]]]" >&2
	echo "  Specify keys to sign with using -s:" >&2
	echo "    -s keyid [-s keyid [-s keyid [...]]]" >&2
	echo >&2
	echo "  -r    receive keys before signing" >&2
	echo "  -u    upload keys after signing" >&2
	echo "  -n    no signing" >&2
}

OPTS_FROM_GETOPT=$(getopt -o hk:s:run -- "$@")

exit_me="$?"
if [ $exit_me != 0 ]
then
#	if [ $exit_me -eq ]
#	then
#		
#	fi
#else
	echo "Terminating..." >&2
	exit $exit_me
fi

# Note the quotes around `$OPTS_FROM_GETOPT': they are essential!
eval set -- "$OPTS_FROM_GETOPT"

while true
do
	case "$1" in
		-h)
			print_help
			exit 0
			;;
		-k)
			KEYS_TO_SIGN="$KEYS_TO_SIGN $2"
			shift 2
			;;
		-s)
			SIGNING_KEYS="$SIGNING_KEYS $2"
			shift 2
			;;
		-r)
			RECV_KEYS="1"
			shift
			;;
		-n)
			NO_SIGN="1"
			shift
			;;
		-u)
			UPLOAD_AFTER_SIGNING="1"
			shift
			;;
		--)
			break
			;;
		*)
			echo "$0 internal error"
			exit 1
			;;
	esac
done

# Handle errors
helpthem=0
exitcode=0
if [ "$KEYS_TO_SIGN" = "" ]
then
	echo "You must specify at least one key to be signed (use -k)." >&2
helpthem=1
exitcode=1
fi
if [ "$SIGNING_KEYS" = "" ]
then
	echo "You must specify at least one key to sign with (use -s)." >&2
helpthem=1
# TODO:  Make exitcode a binary map.
exitcode=1
fi

# Should we print out the help?
if [ $helpthem -eq 1 ]
then
	print_help
fi
# Should we exit?
if [ $exitcode -ne 0 ]
then
	exit $exitcode
fi

# Were we instructed to attempt to --recv-keys first?
if [ "$RECV_KEYS" = 1 ]
then
	echo "Downloading keys $KEYS_TO_SIGN ..."
	gpg --recv-keys $KEYS_TO_SIGN >/dev/null 2>&1
	echo "done"
fi

if [ "$NO_SIGN" != "1" ]
then
	for i in $KEYS_TO_SIGN
	do
		# Fingerprint of a key to sign
		sign_me="$(gpg --fingerprint $i | grep "Key fingerprint" | grep -v ^uid | cut -d'=' -f2 | sed 's/ //g')"
		for j in $SIGNING_KEYS
		do
	echo "\$i == [$i]; \$sign_me == [$sign_me]"
			gpg -u $j --sign-key "$sign_me"
		done
		echo "===================================================="
	done
fi

if [ "$UPLOAD_AFTER_SIGNING" = "1" ]
then
	echo -e "Uploading $KEYS_TO_SIGN to keyserver ..."
	gpg --send-keys $KEYS_TO_SIGN >/dev/null
	echo
	echo "done"
fi