TRUSTED-LIST := $(patsubst active-keys/add-%,trusted.gpg/x2go-archive-%.gpg,$(wildcard active-keys/add-*))
TMPRING := trusted.gpg/build-area

GPG_OPTIONS := --no-options --no-default-keyring --no-auto-check-trustdb --trustdb-name ./trustdb.gpg
GPG := gpg
GPG1 := gpg1

build: verify-indices keyrings/x2go-archive-keyring.gpg keyrings/x2go-archive-removed-keys.gpg verify-results $(TRUSTED-LIST)
maintonly: keyrings/x2go-maintainers-keyring.gpg1 keyrings/x2go-maintainers-removed-keys.gpg1 keyrings/x2go-archive-keyring.gpg1 keyrings/x2go-archive-removed-keys.gpg1

verify-indices: keyrings/x2go-maintainers-keyring.gpg
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg \
		--verify active-keys/index.gpg active-keys/index
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg \
		--verify removed-keys/index.gpg removed-keys/index
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg \
		--verify x2go-maintainers/index.gpg x2go-maintainers/index
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg \
		--verify x2go-maintainers-removed-keys/index.gpg x2go-maintainers-removed-keys/index

verify-results: keyrings/x2go-maintainers-keyring.gpg keyrings/x2go-maintainers-removed-keys.gpg keyrings/x2go-archive-keyring.gpg keyrings/x2go-archive-removed-keys.gpg
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
		keyrings/x2go-archive-keyring.gpg.asc \
		keyrings/x2go-archive-keyring.gpg || \
		${GPG} ${GPG_OPTIONS} \
			--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
			keyrings/x2go-archive-keyring.gpg1.asc \
			keyrings/x2go-archive-keyring.gpg
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
		keyrings/x2go-archive-removed-keys.gpg.asc \
		keyrings/x2go-archive-removed-keys.gpg || \
		${GPG} ${GPG_OPTIONS} \
			--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
			keyrings/x2go-archive-removed-keys.gpg1.asc \
			keyrings/x2go-archive-removed-keys.gpg
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
		keyrings/x2go-maintainers-keyring.gpg.asc \
		keyrings/x2go-maintainers-keyring.gpg || \
		${GPG} ${GPG_OPTIONS} \
			--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
			keyrings/x2go-maintainers-keyring.gpg1.asc \
			keyrings/x2go-maintainers-keyring.gpg
	${GPG} ${GPG_OPTIONS} \
		--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
		keyrings/x2go-maintainers-removed-keys.gpg.asc \
		keyrings/x2go-maintainers-removed-keys.gpg || \
		${GPG} ${GPG_OPTIONS} \
			--keyring keyrings/x2go-maintainers-keyring.gpg --verify \
			keyrings/x2go-maintainers-removed-keys.gpg1.asc \
			keyrings/x2go-maintainers-removed-keys.gpg
	#FIXME: Do we need to verify the created keyrings in trusted.gpg.d, too?
	#	Maybe "just" checking that no key is added if we merge, but how…

keyrings/x2go-archive-keyring.gpg: active-keys/index
	if [ -e 'active-keys/index' ] && [ ! -s 'active-keys/index' ]; then \
		touch $@; \
	else \
		jetring-build -I $@ active-keys; \
		{ \
			${GPG} ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp; \
		} || \
		{ \
			$$(: "The command above should only fail if GnuPG 2 is too old."); \
			${GPG} ${GPG_OPTIONS} --keyring $@ --export | ${GPG} ${GPG_OPTIONS} --keyring $@.tmp --import; \
		}; \
		mv -f $@.tmp $@; \
	fi

keyrings/x2go-archive-keyring.gpg1: keyrings/x2go-archive-keyring.gpg
	touch $@
	if [ -s $< ]; then \
		${GPG1} ${GPG_OPTIONS} --keyring $< --export | ${GPG1} ${GPG_OPTIONS} --keyring $@ --import; \
	fi

keyrings/x2go-archive-removed-keys.gpg: removed-keys/index
	if [ -e 'removed-keys/index' ] && [ ! -s 'removed-keys/index' ]; then \
		touch $@; \
	else \
		jetring-build -I $@ removed-keys; \
		{ \
			${GPG} ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp; \
		} || \
		{ \
			$$(: "The command above should only fail if GnuPG 2 is too old."); \
			${GPG} ${GPG_OPTIONS} --keyring $@ --export | ${GPG} ${GPG_OPTIONS} --keyring $@.tmp --import; \
		}; \
		mv -f $@.tmp $@; \
	fi

keyrings/x2go-archive-removed-keys.gpg1: keyrings/x2go-archive-removed-keys.gpg
	touch $@
	if [ -s $< ]; then \
		${GPG1} ${GPG_OPTIONS} --keyring $< --export | ${GPG1} ${GPG_OPTIONS} --keyring $@ --import; \
	fi

keyrings/x2go-maintainers-keyring.gpg: x2go-maintainers/index
	if [ -e 'x2go-maintainers/index' ] && [ ! -s 'x2go-maintainers/index' ]; then \
		touch $@; \
	else \
		jetring-build -I $@ x2go-maintainers; \
		{ \
			${GPG} ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp; \
		} || \
		{ \
			$$(: "The command above should only fail if GnuPG 2 is too old."); \
			${GPG} ${GPG_OPTIONS} --keyring $@ --export | ${GPG} ${GPG_OPTIONS} --keyring $@.tmp --import; \
		}; \
		mv -f $@.tmp $@; \
	fi

keyrings/x2go-maintainers-keyring.gpg1: keyrings/x2go-maintainers-keyring.gpg
	touch $@
	if [ -s $< ]; then \
		${GPG1} ${GPG_OPTIONS} --keyring $< --export | ${GPG1} ${GPG_OPTIONS} --keyring $@ --import; \
	fi

keyrings/x2go-maintainers-removed-keys.gpg: x2go-maintainers-removed-keys/index
	if [ -e 'x2go-maintainers-removed-keys/index' ] && [ ! -s 'x2go-maintainers-removed-keys/index' ]; then \
		touch $@; \
	else \
		jetring-build -I $@ x2go-maintainers-removed-keys; \
		{ \
			${GPG} ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp; \
		} || \
		{ \
			$$(: "The command above should only fail if GnuPG 2 is too old."); \
			${GPG} ${GPG_OPTIONS} --keyring $@ --export | ${GPG} ${GPG_OPTIONS} --keyring $@.tmp --import; \
		}; \
		mv -f $@.tmp $@; \
	fi

keyrings/x2go-maintainers-removed-keys.gpg1: keyrings/x2go-maintainers-removed-keys.gpg
	touch $@
	if [ -s $< ]; then \
		${GPG1} ${GPG_OPTIONS} --keyring $< --export | ${GPG1} ${GPG_OPTIONS} --keyring $@ --import; \
	fi

$(TRUSTED-LIST) :: trusted.gpg/x2go-archive-%.gpg : active-keys/add-% active-keys/index
	mkdir -p $(TMPRING) trusted.gpg
	grep -F $(shell basename $<) -- active-keys/index > $(TMPRING)/index
	cp $< $(TMPRING)
	jetring-build -I $@ $(TMPRING)
	rm -rf $(TMPRING)
	{ \
		${GPG} ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp; \
	} || \
	{ \
		$$(: "The command above should only fail if GnuPG 2 is too old."); \
		${GPG} ${GPG_OPTIONS} --keyring $@ --export | ${GPG} ${GPG_OPTIONS} --keyring $@.tmp --import; \
	}
	mv -f $@.tmp $@

clean:
	rm -f keyrings/x2go-archive-keyring.gpg \
		keyrings/x2go-archive-keyring.gpg~ \
		keyrings/x2go-archive-keyring.gpg.lastchangeset \
		keyrings/x2go-archive-keyring.gpg1 \
		keyrings/x2go-archive-keyring.gpg1~
	rm -f keyrings/x2go-archive-removed-keys.gpg \
		keyrings/x2go-archive-removed-keys.gpg~ \
		keyrings/x2go-archive-removed-keys.gpg.lastchangeset \
		keyrings/x2go-archive-removed-keys.gpg1 \
		keyrings/x2go-archive-removed-keys.gpg1~
	rm -f keyrings/x2go-maintainers-keyring.gpg \
		keyrings/x2go-maintainers-keyring.gpg~ \
		keyrings/x2go-maintainers-keyring.gpg.lastchangeset \
		keyrings/x2go-maintainers-keyring.gpg1 \
		keyrings/x2go-maintainers-keyring.gpg1~
	rm -f keyrings/x2go-maintainers-removed-keys.gpg \
		keyrings/x2go-maintainers-removed-keys.gpg~ \
		keyrings/x2go-maintainers-removed-keys.gpg.lastchangeset \
		keyrings/x2go-maintainers-removed-keys.gpg1 \
		keyrings/x2go-maintainers-removed-keys.gpg1~
	rm -rf $(TMPRING) trusted.gpg trustdb.gpg
	rm -f keyrings/*.cache

install: build
	install -d $(DESTDIR)/usr/share/keyrings/
	cp trusted.gpg/x2go-archive-*.gpg $(DESTDIR)/usr/share/keyrings/
	cp keyrings/x2go-archive-keyring.gpg $(DESTDIR)/usr/share/keyrings/
	cp keyrings/x2go-archive-removed-keys.gpg $(DESTDIR)/usr/share/keyrings/
	cp keyrings/x2go-maintainers-keyring.gpg $(DESTDIR)/usr/share/keyrings/
	cp keyrings/x2go-maintainers-removed-keys.gpg $(DESTDIR)/usr/share/keyrings/
	install -d $(DESTDIR)/etc/apt/trusted.gpg.d/
	cp $(shell find trusted.gpg/ -name '*.gpg' -type f) $(DESTDIR)/etc/apt/trusted.gpg.d/

test:
	./runtests

.PHONY: verify-indices verify-results clean build install test
