#!/bin/bash

export GNUPGHOME=/etc/metadata/gnupg
mkdir -p $GNUPGHOME
chmod 0700 $GNUPGHOME
export GPG=gpg

# Install new keys discovered in the keys directory
for k in keys/*.pub; do
   fp=`$GPG --with-colons --with-fingerprint --show-key < $k | awk -F: '$1 == "pub" {print $5}'`
   fp_in_db=`$GPG --with-colons --fingerprint | grep ":$fp:"`
   if [ "x`echo $fp_in_db | grep '^pub:e:'`" != "x" ]; then
       echo "$0: Key expired, will re-import it from $k"
       $GPG --fingerprint $fp
   fi
   # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
   echo $fp_in_db | grep -v "^pub:e:" | grep -q ":$fp:" || $GPG --import < $k
done

# Delete keys no longer present in keys directory
for fp in `$GPG --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
   seen="no"
   for k in keys/*.pub; do
      $GPG --with-colons --with-fingerprint --show-key < $k | grep -q ":$fp:" && seen="yes"
   done
   if [ "x$seen" = "xno" ]; then
      $GPG --yes --batch --delete-key $fp || true
   fi
done