#!/bin/sh

# shellcheck source=conf/default.conf
. "${0%/*}/../conf/default.conf"

tmp_dir=$(mktemp -d)
trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT

cat > \
  "${tmp_dir}/mail"

if ! hashcash -qXc -b 20 \
  -d -f "${tmp_dir}/hashcash.db" \
  -r 'archlinux32-buildmaster@eckner.net' \
  -r 'buildmaster@archlinux32.org' < \
  "${tmp_dir}/mail"; then
  >&2 echo 'Invalid stamp - ignoring this message.'
  exit
fi

if ! sed -n '
    /^-----BEGIN PGP MESSAGE-----$/{
      :a
      /\n-----END PGP MESSAGE-----$/!{
        N
        ba
      }
      p
    }
  ' "${tmp_dir}/mail" | \
    chronic gpg --batch --status-file "${tmp_dir}/gpg-status" -q -d -o "${tmp_dir}/plain-content"; then
  exit
fi

if [ -z "$(
  (
    grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \
      cut -d' ' -f3 | \
      sort -u
    printf '%s\n' "${admin_gpg_keys}" | \
      sort -u
  ) | \
    sort | \
    uniq -d
  )" ]; then
  >&2 echo 'No valid signature found.'
  grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \
    cut -d' ' -f3 | \
    sort -u >&2
  exit
fi

sed -n '
  /^$/!b
  N
  s/^\n//
  /^--/b
  :a
  N
  /\n$/!ba
  s/\n$//
  p
' "${tmp_dir}/plain-content" > \
  "${tmp_dir}/raw-content"

sed -n '
  /^stabilize:/{
    s/^stabilize:\s*//
    /\.pkg\.tar\.xz$/!s/$/.pkg.tar.xz/
    w '"${tmp_dir}/stabilize"'
  }
' "${tmp_dir}/raw-content"

if [ -s "${tmp_dir}/stabilize" ]; then
  chronic "${base_dir}/bin/db-update" -b -f "${tmp_dir}/stabilize"
fi