#!/bin/sh
# sign all RPMS with the right key

REPO="/mnt/BIG/dis/official/2010.0"
PATHSIGN="/root/bin"

# first arg is Architecture (i586/x86_64)
VARCH=$1

# main non-free and restricted must be signed with the main key
main_key="main
non-free
restricted"

debug_main="debug_main
debug_non-free"

# contrib media must be signed by the contrib key
contrib_key="contrib"

debug_contrib="debug_contrib"

usage() {
if [ $# -ne 1 ];then
	echo
	echo "** Working repositery is: $REPO **"
	echo "** $PATHSIGN/resign(_contrib) script will be used to sign **"
	echo
	echo " First arg should be arch i586 or x86_64, SRPMS"
	echo
	echo " Second arg must be the media:
  main: sign main, non-free and restricted media
  contrib: sign contrib media
  debug: sign all debug packages (in main/contrib media)
  chk: check package signature (all media, log are in /tmp/log_ARCH_media files)"
echo "# 26752624 main cooker key # 26752624 contrib cooker key 
# 70771ff3 main official key # 78d019f5 contrib official key"
	echo
	echo " ie: $0 i586 contrib"
	echo " will sign all contrib packages in $REPO/i586/media/contrib/release
 with the $PATHSIGN/resign_contrib script"
	echo
	echo " NOTE: this script only sign release sub media, it don't sign testing/backports sub media"
	echo
	exit 1
fi
}

parse_main() {
    for media in `echo ${main_key}`
    do
	sign $media resign
    done
}

parse_contrib() {
    for media in `echo ${contrib_key}`
    do
	sign $media resign_contrib
    done
}

parse_debug() {
    for media in `echo ${debug_main}`
    do
        sign $media resign
    done
    for media in `echo ${debug_contrib}`
    do
        sign $media resign_contrib
    done
}

parse_sig() {
    for media in `echo ${main_key}`
    do
        check_sig $media
    done
    for media in `echo ${contrib_key}`
    do
        check_sig $media
    done
    for media in `echo ${debug_main}`
    do
        check_sig $media
    done
    for media in `echo ${debug_contrib}`
    do
        check_sig $media
    done
}

sign() {
    # first arg must be the media to sign (main or contrib)
    # second is the name of the script to use
    mediaincoming=$1
    ARG=$2
    
    for media in `echo ${mediaincoming}`
    do
	CPT=1
	if [ $VARCH = "SRPMS" ]; then
		WPATH="$REPO/$VARCH/$media/release"
	else
		WPATH="$REPO/$VARCH/media/$media/release"
	fi
        # number of RPM to sign
	NB=`find $WPATH -type f -name \*.rpm | wc -w`
	echo " - $media, signing $NB"
        # list of all RPM to sign
	DATA=`find $WPATH -print -type f -iname \*.rpm`
        # parse an sign all RPM
	for i in `echo $DATA`
	do
            echo "- $CPT / $NB -- $i"
            $PATHSIGN/$2 $i
            let CPT+=1
	done
    done
}

check_sig() {
    mediaincoming=$1
    WPATH="$REPO/$VARCH/media/$media/release"
    for media in `echo ${mediaincoming}`
    do
	echo "$REPO $VARCH ${mediaincoming}"
	find $WPATH -name \*.rpm -exec rpm -v -K {} \; > ~/tmp/log_${VARCH}_${mediaincoming}
    done
}

# 26752624 main cooker key
# 26752624 contrib cooker key 
# ---------------------------------
# 70771ff3 main official key
# 78d019f5 contrib official key
# find . -name \*.rpm -exec rpm -v -K {} \;


############## MAIN

date
case $2 in
	main)
	# SIGN all main/non-free/restricted packages
	parse_main
	;;
	contrib)
	# SIGN all contrib packages
	parse_contrib
	;;
	debug)
	# SIGN all debug packages
	parse_debug
	;;
	chk)
	# check signature
	# log store in /tmp/log_ARCH_media
	parse_sig
	;;
	*)
	usage
	;;
esac
date