#!/bin/bash -e

cat <<EOF >&2
WARNING: It's DISCOURAGED to use this remote signing workflow, as it
requires the usually untrusted (build) machine to have access to the
trusted signing machine. It's more secure to connect from the
trusted machine only.
See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855320, debsign(1)
EOF

# Usage
trap "printf '%s\n' 'Usage: ui-auto-rsign [USER@]REMOTEHOST TARBALL SIGNFILE [EXTRA_GPG_OPTIONS]'" ERR

# Parse options
RHOST="${1}"
TARBALL_ABS="${2}"
TARBALL="$(basename "${TARBALL_ABS}")"
SIGNFILE_ABS="${3}"
SIGNFILE="$(basename "${SIGNFILE_ABS}")"
shift 3
EXTRA_GPG_OPTIONS="${@}"

# Check options
[ -n "${RHOST}" ]
[ -n "${TARBALL}" ]
[ -n "${SIGNFILE}" ]

# Never auto-overwrite on remote
ui_auto_rsign_check_rfile()
{
	if ssh "${RHOST}" test -e "${1}"; then
		printf "W: Remote file ${RHOST}:${TARBALL} exists!\n" >&2
		ssh "${RHOST}" rm -i "${1}"
	fi
}
ui_auto_rsign_check_rfile "${TARBALL}"
ui_auto_rsign_check_rfile "${SIGNFILE}"

# Ok. lets do it
scp "${TARBALL_ABS}" ${RHOST}:
ssh -t "${RHOST}" gpg --sign --detach --armor ${EXTRA_GPG_OPTIONS} --output="${SIGNFILE}" "${TARBALL}"
scp "${RHOST}:${SIGNFILE}" "${SIGNFILE_ABS}"
ssh "${RHOST}" rm "${TARBALL}" "${SIGNFILE}"
