#!/bin/bash
# sign all rpms in the specified pkg list
if  [[ -z $1 ]] ; then
    echo "Must provide a pkg list"
    echo "sign_build_list.sh <pkg list> [<arch=*> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
    exit 1
else
    PKGLIST=$1
fi

ARCHES=
GPG_NAME="kojiadmin@koozali.org"
GPG_KEY=
DEBUG=
DRY_RUN=
ARCHES=
DEBUGINFO="--debuginfo"

for param in $2 $3 $4 $5 $6 $7 ; do
    if [ $param ] ; then
	  case $param in
	    -h | --help )
		    echo "sign_build_list.sh <pkg list> [<arch=x86_64> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
		    exit 
	        ;;
	    debug )
		    DEBUG=true ;;
		dryrun )
		    DRY_RUN=true ;;
        nodebuginfo )
            DEBUGINFO= ;;
	    arch=* )
			arches=${param#*=}
			for arch in ${arches//,/ } ; do
				ARCHES=ARCHES"--arch=$arch "
			done 
			;;
	    gpg_name=* )
		    GPG_NAME=${param#*=} ;;
	    gpg_key=* )
		    GPG_KEY=${param#*=} ;;
	    * )
		    echo "Unkown parameter $param - aborting"
		    exit 1
		    ;;
	  esac
    else
	  break
    fi
done
if [[ $DEBUG ]] ; then 
	echo "PKGLIST=$PKGLIST"
	echo "ARCHES=$ARCHES" 
	echo "DEBUGINFO=$DEBUGINFO"
	echo "GPG_NAME=$GPG_NAME" 
	echo "GPG_KEY=$GPG_KEY" 
	echo "DRY_RUN=$DRY_RUN"
fi

# use a temporary directory to export the rpms for signing
if [[ $DRY_RUN ]] ; then
	echo "mktemp -d /tmp/sign.XXXXXX"
else
	tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
	pushd $tmpdir > /dev/null
fi

if [[ -e "$PKGLIST" ]] ; then
	# extract list of rpms to download
	while read -r pkgline; do
		BUILD=${pkgline##*/}
		if [[ $DEBUG ]] ; then 
			echo "$pkgline" 
			echo "koji download-build $BUILD"
		fi
		# If an rpm name passed assume signing of an individual rpm, else signing all
		RPM=
		if (${BUILD##*.} == "rpm") ; then 
			RPM="--rpm"
		fi
		if [[ $GPG_KEY ]] ; then # check if already signed with this key
        	DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_KEY
        	if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
			EXISTS=
			if ($RPM == "--rpm") ; then 
				if [[ $DEBUG ]] ; then echo "Check for existing $DIR/$BUILD"
				if [[ -f $DIR/$BUILD ]] ; then EXISTS=True ; fi
			else  
				if [[ $DEBUG ]] ; then echo "Check for existing $DIR"
				if [[ -d $DIR ]] ; then EXISTS=True ; fi
			fi
			if [[ $EXISTS ]] ; then
		   		echo "$BUILD already signed with this key - ignoring"
				continue
			fi
		fi
		if [[ $DRY_RUN ]] ; then
				echo "koji download-build $DEBUGINFO $ARCHES $RPM $BUILD"
		   	else
				koji download-build $DEBUGINFO $ARCHES $RPM $BUILD
		   	fi
		fi
	done <$PKGLIST
else
	echo "Cannot find pkglist $PKGLIST - aborting"
	exit 1
fi
if [[ $DRY_RUN ]] ; then
	echo "rpmsign --define \"_gpg_name $GPG_NAME\" --addsign *.rpm"
	echo "koji import-sig *.rpm"
else
	rpmsign --define "_gpg_name $GPG_NAME" --addsign *.rpm
	koji import-sig *.rpm
	popd > /dev/null
fi

exit 0