#!/bin/bash

# Rebuild the SKS keyserver databases
# [JNZ] Modified 08-Sep-2018

set -e

SKSUSER=${SKSUSER:-debian-sks}
SKSHOME=${SKSHOME:-/var/lib/sks}
SKSBIN=${SKSBIN:-/usr/sbin/sks}
SKSETC=${SKSETC:-/etc/sks}

SKSCONF=$SKSETC/sksconf
SKSDBCONFIG=$SKSETC/DB_CONFIG


function run_as_sks () {
    su $SKSUSER -c "$*"
}

# Process command line options

if [ "$1" == "--help" ]; then
    cat <<EOF
Usage: $0 [-n] WHICHKEYS
Rebuild the SKS keyserver databases.

Options:
    -n       - dry run only

WHICHKEYS is one of:
    local    - use existing keys database
    mattrude - use key dump from keyserver.mattrude.com
EOF
    exit 0
fi

if [ "$1" == "-n" ]; then
    DRYRUN="echo DRYRUN:"
    shift
else
    DRYRUN=
fi

if [ $# -ne 1 ]; then
    echo "$0: incorrect number of arguments" 1>&2
    exit 1
fi

WHICHKEYS="$1"
case "$WHICHKEYS" in
    local)
	LOCALKEYS=true
	;;
    mattrude)
	LOCALKEYS=false
	REMOTEHOST=keyserver.mattrude.com
	WGETPARAMS="-m -nH --cut-dirs=3 ftp://keyserver.mattrude.com/current"
	;;
    *)
	echo "$0: unknown value for WHICHKEYS parameter" 1>&2
	exit 1
	;;
esac

# Preliminary checks

if [ $(id -u) != 0 ]; then
    echo "$0: must run as root" 1>&2
    exit 1
fi

if [ ! -f $SKSCONF ]; then
    echo "$0: $SKSCONF: no such file" 1>&2
    exit 1
fi

if [ ! -d $SKSHOME ]; then
    echo "$0: $SKSHOME: no such directory" 1>&2
    exit 1
fi

# Rebuild the SKS databases

echo "**** Stopping SKS keyserver"
$DRYRUN systemctl stop sks.service sks-recon.service

echo "**** Checking SKS configuration files"
if ! grep -q -P '^pagesize:\s*32\b' $SKSCONF; then
    echo "     Changing the pagesize parameter"
    $DRYRUN sed -e 's/^pagesize:.*$/pagesize: 32/' $SKSCONF >$SKSCONF.new
    $DRYRUN mv $SKSCONF.new $SKSCONF
fi

if ! grep -q -P '^ptree_pagesize:\s*16\b' $SKSCONF; then
    echo "     Changing the ptree_pagesize parameter"
    $DRYRUN sed -e 's/^ptree_pagesize:.*$/ptree_pagesize: 16/' $SKSCONF >$SKSCONF.new
    $DRYRUN mv $SKSCONF.new $SKSCONF
fi

if [ ! -f $SKSDBCONFIG ]; then
    echo "     Creating $SKSDBCONFIG"
    $DRYRUN cat <<EOF >$SKSDBCONFIG
set_flags DB_LOG_AUTOREMOVE
EOF
fi

if [ $LOCALKEYS = true ]; then
    echo "**** Dumping existing keys database"
    run_as_sks $DRYRUN rm -f $SKSHOME/dump/*
    run_as_sks $DRYRUN $SKSBIN dump 32768 $SKSHOME/dump
else
    echo "**** Downloading key dump from $REMOTEHOST"
    run_as_sks $DRYRUN rm -f $SKSHOME/dump/*
    run_as_sks "$DRYRUN wget -P $SKSHOME/dump $WGETPARAMS"
fi

echo "**** Preserving old database directories"
run_as_sks $DRYRUN rm -f $SKSHOME/DB.old $SKSHOME/PTree.old
run_as_sks $DRYRUN mv $SKSHOME/DB $SKSHOME/DB.old
run_as_sks $DRYRUN mv $SKSHOME/PTree $SKSHOME/PTree.old

echo "**** Building new keys (DB) database"
run_as_sks $DRYRUN $SKSBIN build $SKSHOME/dump/*.pgp -n 1 -cache 100
run_as_sks $DRYRUN ln -s $SKSDBCONFIG $SKSHOME/DB/DB_CONFIG

echo "**** Cleaning keys database"
run_as_sks $DRYRUN $SKSBIN cleandb

echo "**** Building new PTree database"
run_as_sks $DRYRUN $SKSBIN pbuild -cache 50 -ptree_cache 100
run_as_sks $DRYRUN ln -s $SKSDBCONFIG $SKSHOME/PTree/DB_CONFIG

echo "**** Starting SKS keyserver"
$DRYRUN systemctl start sks.service