#!/bin/bash

####################################
#                                  #
# to be run as root ...            #
# or executed step by step as root #
#                                  #
####################################

set -e

##########################################################
#                                                        #
# check and possibly install root-certificate of jeti100 #
#                                                        #
##########################################################

if ! curl -o /dev/null "https://jeti100.ioq.uni-jena.de/" 2> /dev/null
then
  cert="$(curl -o - "http://jeti100.ioq.uni-jena.de/statisch/ca.crt" 2> /dev/null)"
  if ! echo "${cert}" | \
    sha512sum | \
    grep -q "^c1a9da72183ef6fd87deb506dd93ea3e6247d28ec0720914c97a80369e9e81cb7e9f7ce37fe063756880eb84f402fec20ccb3c2c4fb46f5f707a022f803372be  -\$"
  then
    >&2 echo 'falsches CA-Zertifikat heruntergeladen'
    exit 1
  fi
  echo "${cert}" > /usr/share/ca-certificates/trust-source/anchors/jeti100.crt
  trust extract-compat
fi


################
#              #
# import keys: #
#              #
################

tmpFile="$(mktemp)"
curl -o "${tmpFile}" "https://arch.eckner.net/archlinuxewe/masterkeys.gpg"
pacman-key --add "${tmpFile}"
rm -f "${tmpFile}"

############################
#                          #
# locally sign package-key #
#                          #
############################

pacman-key --lsign-key 0x43BF68D3

###############################
#                             #
# locally sign repository-key #
#                             #
###############################

pacman-key --lsign-key 0x20194BA1

##############################
#                            #
# setup mirror in mirrorlist #
#                            #
##############################

if ! grep -q "^Server = https://arch\.eckner\.net" /etc/pacman.d/mirrorlist
then
  ml="$(
    curl -o - "https://arch.eckner.net/archlinuxewe/os/any/" 2> /dev/null | \
      tr "<>" "\n\n" | \
      grep "^pacman-mirrorlist-.*\.pkg\.tar\.xz\$" | \
      tail -n1
  )"
  curl -o - "https://arch.eckner.net/archlinuxewe/os/any/${ml}" 2> /dev/null | \
    tar -OxJ etc/pacman.d/mirrorlist > \
    /etc/pacman.d/mirrorlist
fi

###################################
#                                 #
# setup repository in pacman.conf #
#                                 #
###################################

if ! grep -q "^\[archlinuxewe\]\$" /etc/pacman.conf
then
  tmpFile="$(mktemp)"
  cat /etc/pacman.conf | \
    (
      while read s
      do
        if [[ "$s" = "# The testing repositories"* ]]
        then
          echo '[archlinuxewe]'
          echo 'SigLevel = Required'
          echo 'Include = /etc/pacman.d/mirrorlist'
          echo ''
        fi
        echo "${s}"
      done
    ) > "${tmpFile}"
  cat "${tmpFile}" > /etc/pacman.conf
  rm -f "${tmpFile}"
fi