#!/bin/sh

# shellcheck source=conf/default.conf
. "${0%/*}/../conf/default.conf"

if [ $# -ne 0 ]; then
  >&2 echo ''
  >&2 echo 'usage: interpret-mail'
  >&2 echo ' Read email from stdin and interpret / execute body.'
  >&2 echo ''
  >&2 echo ' The email needs a valid hashcash-stamp (>=20 bits)'
  >&2 echo ' and valid encryption to buildmaster@archlinux32.org,'
  >&2 echo ' as well as a valid gpg-signature from anyone on the'
  >&2 echo ' list in "conf/admin-gpg-keys". This entry also'
  >&2 echo ' determines what instructions are allowed.'
  >&2 echo ''
  >&2 echo ' Possible instructions are:'
  >&2 echo ''
  >&2 echo '  - "block: <state-file> <reason>":'
  >&2 echo '    Block the given packge for the given reason.'
  >&2 echo ''
  >&2 echo '  - "stabilize: <package-file>":'
  >&2 echo '    Move the given package from testing to stable.'
  >&2 echo ''
  >&2 echo '  - "unblock: <state-file>":'
  >&2 echo '    Unblock the given packge.'
  >&2 echo ''
  >&2 echo '  - ALL: all of the above (only valid in'
  >&2 echo '    "conf/admin-gpg-keys")'
  >&2 echo ''
  exit 1
fi

tmp_dir=$(mktemp -d)
trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT

cat > \
  "${tmp_dir}/mail"

if ! hashcash -qXc -b 20 \
  -d -f "${tmp_dir}/hashcash.db" \
  -r 'archlinux32-buildmaster@eckner.net' \
  -r 'buildmaster@archlinux32.org' < \
  "${tmp_dir}/mail"; then
  >&2 echo 'Invalid stamp - ignoring this message.'
  exit
fi

if ! sed -n '
    /^-----BEGIN PGP MESSAGE-----$/{
      :a
      /\n-----END PGP MESSAGE-----$/!{
        N
        ba
      }
      p
    }
  ' "${tmp_dir}/mail" | \
    chronic gpg --batch --status-file "${tmp_dir}/gpg-status" -q -d -o "${tmp_dir}/plain-content"; then
  exit
fi

grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \
  cut -d' ' -f3 | \
  sort -u > \
  "${tmp_dir}/found-keys"

printf '%s\n' "${admin_gpg_keys}" | \
  sort -k1,1 -u > \
  "${tmp_dir}/admin-gpg-keys"

join -j 1 -o 2.2 \
  "${tmp_dir}/found-keys" \
  "${tmp_dir}/admin-gpg-keys" | \
  tr ',' '\n' | \
  sed 's|^ALL$|'"${possible_email_actions}"'|' | \
  tr ' ,' '\n' | \
  sort -u > \
  "${tmp_dir}/allowed-actions"

if [ ! -s "${tmp_dir}/allowed-actions" ]; then
  >&2 echo 'No valid signature found.'
  grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \
    cut -d' ' -f3 | \
    sort -u >&2
  exit
fi

sed -n '
  /^$/!b
  N
  s/^\n//
  /^--/b
  :a
  N
  /\n$/!ba
  s/\n$//
  p
' "${tmp_dir}/plain-content" |
  sed '
    :start_loop
      $!{
        N
        bstart_loop
      }
    s/=\s*\n//g
    s/:\s*\n/: /g
    s/\n\(\S\+[^: ]\(\s\|\n\|$\)\)/ \1/g
  ' > \
  "${tmp_dir}/raw-content"

sed -n "$(
  while read -r action; do
    if [ -z "${action}" ]; then
      continue
    fi
    printf \
      '/^%s:/{ s/^%s:\s*//; w %s/%s\n }\n' \
      "${action}" \
      "${action}" \
      "${tmp_dir}" \
      "${action}"
  done < \
    "${tmp_dir}/allowed-actions"
)" "${tmp_dir}/raw-content"

if [ -s "${tmp_dir}/block" ]; then
  chronic "${base_dir}/bin/block-package" "${tmp_dir}/block"
fi

if [ -s "${tmp_dir}/stabilize" ]; then
  sed -i '
    /\.pkg\.tar\.xz$/!s/$/.pkg.tar.xz/
  ' "${tmp_dir}/stabilize"
#  chronic "${base_dir}/bin/db-update" -b -f "${tmp_dir}/stabilize"
fi

if [ -s "${tmp_dir}/unblock" ]; then
  chronic "${base_dir}/bin/block-package" -u "${tmp_dir}/unblock"
fi