#!/bin/sh

# Copyright (c) 2013 Gunnar Wolf <gwolf@debian.org>,
#      Based on 2008 Jonathan McDowell <noodles@earth.li>
# GNU GPL; v2 or later
# Moves an existing key to another keyring directory

set -e

if [ -z "$1" ] || [ -z "$2" ]; then
	echo "Usage: move-key keyid dir" >&2
	exit 1
fi

key=$1
destdir=$(readlink -f $2)

# avoid gnupg touching ~/.gnupg
GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
export GNUPGHOME
trap cleanup exit
cleanup () {
	rm -rf "$GNUPGHOME"
}

keyfp="<fixme>"
if [ $(echo -n $key|wc -c) -eq 16 ]; then
    key='0x'$(echo $key|tr a-z A-Z)
elif [ $(echo -n $key|wc -c) -eq 40 ] ; then
    keyfp=$key
    key='0x'$(echo -n $key | cut -b 25-)
fi

if [ ! -d "$destdir" ] || echo "$destdir"|grep -q -- '-pgp/?$'; then
    echo "Error: $destdir is not a valid keyring directory" >& 2
    exit 1
fi

for dir in *-pgp/; do
    if [ -f $dir/$key ]; then
	keyfile=$(readlink -f "$dir/$key")
	srcdir=$(readlink -f $dir)
	break
    fi
done

if [ "$srcdir" = "$destdir" ]; then
    echo "Source and destination directories are the same: $srcdir" >& 2
    exit 1
fi

if [ -z "$keyfile" ]; then
    echo "Requested key '$key' not found"
    exit 1
fi

keyuser=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $keyfile| grep '^pub' | cut -d : -f 10)

echo ""
echo "About to move key $key ($keyuser)"
echo "   FROM $srcdir"
echo "     TO $destdir"
echo "Are you sure you want to update this key? (y/n)"
read n

if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
    add_to_keyid=""
    echo -n "Enter full name of new key's owner: "
    read name
    echo -n 'RT issue ID this change closes, if any: '
    read rtid

    if ( echo $destdir | egrep -q 'debian-keyring-pgp/?$' ); then
	log="Add new DD key $key ($name) (RT #$rtid)"
	add_to_keyid=yes
	dest=DD
	action=add
    elif ( echo $destdir | egrep -q 'debian-nonupload-pgp/?$' ); then
	log="Add new nonuploading key $key ($name) (RT #$rtid)"
	add_to_keyid=yes
	dest=DN
	action=add
    elif ( echo $destdir | egrep -q 'debian-maintainer-pgp/?$' ); then
	log="Add new DM key $key ($name) (RT #$rtid)"
	dest=DM
	action=add
    elif ( echo $destdir | egrep -q 'emeritus-keyring-pgp/?$' ); then
	log="Move $key to emeritus ($name) (RT #$rtid)"
	action=remove
    fi

    git mv $keyfile $destdir
    VERSION=$(head -1 debian/changelog | awk '{print $2}' | sed 's/[\(\)]//g')
    RELEASE=$(head -1 debian/changelog | awk '{print $3}' | sed 's/;$//')
    case $RELEASE in
	UNRELEASED)
	    dch  --multimaint-merge -D UNRELEASED -a "$log"
	    ;;
	unstable)
	    NEWVER=$(date +%Y.%m.xx)
	    if [ "$VERSION" = "$NEWVER" ]
	    then
		echo '* Warning: New version and previous released version are'
		echo "  the same: $VERSION. This should not be so!"
		echo '  Check debian/changelog'
	    fi
	    dch -D UNRELEASED -v $NEWVER "$log"
	    ;;
	*)
	    echo "Last release $VERSION for unknown distribution «$RELEASE»."
	    echo "Not calling dch, do it manually."
	    ;;
    esac
    git add debian/changelog

    if [ ! -z "$add_to_keyid" ]; then
	if oldkey=$(grep $key keyids); then
	    echo "Key already present in the keyids file:"
	    echo $oldkey
	else
	    echo -n "Enter Debian login of new key: "
	    read login
	    echo "$key $name <$login>" >> keyids
	    sort keyids > keyids.$$ && mv keyids.$$ keyids
	    git add keyids
	fi
    fi

    cat > git-commit-template <<EOF
$log

Action: $action
Subject: $name
Username: $login
Role: $dest
Key: $keyfp
Key-type: 
RT-Ticket: $rtid
Request-signed-by: 
Details: 
Notes: Move from <src> keyring
EOF
else
    echo "Not moving key."
fi
