#!/bin/sh

if [ -x /usr/bin/apt-key ]; then

  export LC_ALL=C

  gpg_check_command='gpg --dry-run --no-options --no-default-keyring --secret-keyring /dev/null --trustdb-name /etc/apt/trustdb.gpg --primary-keyring /etc/apt/trusted.gpg'
  gpg_output_tmpfile=$(tempfile)

  for keyfile in $(ls /usr/share/keyrings/fliwi-apt-keyring/valid);
  do
    ### Add the key to apt
    /usr/bin/apt-key add /usr/share/keyrings/fliwi-apt-keyring/valid/$keyfile

    ### Check for repositories we now trust... //start
    if [ -d "/var/lib/apt/lists/partial" ]; then
      added_keyid=$($gpg_check_command /usr/share/keyrings/fliwi-apt-keyring/valid/$keyfile 2>/dev/null | grep -E -e "^pub" | cut -d '/' -f 2 | cut -d " " -f 1)
      if [ "$added_keyid" != '' ] && \
         [ $(apt-key list | grep -c $added_keyid) -gt 0 ]; then
        for sign_file in $(ls /var/lib/apt/lists/partial/)
        do
          release_file=$(echo "$sign_file" | sed -r 's/\.gpg$//')
          if [ -f "/var/lib/apt/lists/$release_file" ]; then
            gpg --dry-run --no-options --no-default-keyring --trustdb-name /etc/apt/trustdb.gpg --primary-keyring /etc/apt/trusted.gpg --verify /var/lib/apt/lists/partial/$sign_file /var/lib/apt/lists/$release_file 2>$gpg_output_tmpfile
            if [ $? -eq 0 ] && \
               [ $(cat $gpg_output_tmpfile | grep -c -E -e 'gpg: Signature made.*key ID '$added_keyid'$') -eq 1 ] && \
               [ ! -e "/var/lib/apt/lists/$sign_file" ]; then
              mv /var/lib/apt/lists/partial/$sign_file /var/lib/apt/lists/$sign_file
            fi
          fi
        done
      fi
    fi
    ### Check for repositories we now trust... //end
  done

  for keyfile in $(ls /usr/share/keyrings/fliwi-apt-keyring/invalid);
  do
    keyid=$($gpg_check_command /usr/share/keyrings/fliwi-apt-keyring/invalid/$keyfile 2>/dev/null | grep -E -e "^pub" | cut -d '/' -f 2 | cut -d " " -f 1)
    if [ "$keyid" != '' ] && \
       [ $(apt-key list | grep $keyid | wc -l) -gt 0 ]; then
      /usr/bin/apt-key remove $keyid
    fi
  done

  if [ -e "$gpg_output_tmpfile" ]; then
    rm $gpg_output_tmpfile
  fi

fi
