#!/bin/sh
#
# No copyright is claimed.  This code is in the public domain; do with
# it what you wish.
#
# Author: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
#
# This is a wrapper around gpgv as invoked by apt. It turns EXPKEYSIG results
# from gpgv into GOODSIG results. This is necessary for apt to access very old
# timestamps from snapshot.debian.org for which the GPG key is already expired:
#
#     Get:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease [242 kB]
#     Err:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease
#       The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
#     Reading package lists...
#     W: GPG error: http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
#     E: The repository 'http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease' is not signed.
#
# To use this script, call apt with
#
#    -o Apt::Key::gpgvcommand=/usr/libexec/mmdebstrap/gpgvnoexpkeysig
#
# Scripts doing similar things can be found here:
#
#  * debuerreotype as /usr/share/debuerreotype/scripts/.gpgv-ignore-expiration.sh
#  * derivative census: salsa.d.o/deriv-team/census/-/blob/master/bin/fakegpgv

set -eu

find_gpgv_status_fd() {
  while [ "$#" -gt 0 ]; do
    if [ "$1" = '--status-fd' ]; then
      echo "$2"
      return 0
    fi
    shift
  done
  # default fd is stdout
  echo 1
}
GPGSTATUSFD="$(find_gpgv_status_fd "$@")"

case $GPGSTATUSFD in
  '' | *[!0-9]*)
    echo "invalid --status-fd argument" >&2
    exit 1
    ;;
esac

if ! command -v gpgv >&2; then
  eval 'echo "[GNUPG:] ERROR gpgv executable not found" >&'"$GPGSTATUSFD"
  exit 1
fi

# we need eval because we cannot redirect a variable fd
eval 'exec gpgv "$@" '"$GPGSTATUSFD"'>&1 | sed "s/^\[GNUPG:\] EXPKEYSIG /[GNUPG:] GOODSIG /" >&'"$GPGSTATUSFD"
