#!/bin/bash

if [ $# -eq 1 ] && [[ "$1" == *".kernel.org/"* ]]
then
  curl "$1" | \
    gpg --verify - "$0" 2>&1 | \
    grep '^gpg: Signature made .* using \S\+ key ID [0-9A-F]\+$' | \
    sed 's|^gpg: Signature made .* using \S\+ key ID \([0-9A-F]\+\)$|0x\1|'
  exit 0
fi

[ $# -eq 1 ] && lvl=$1 || lvl=2

signatures="$(
  curl 'https://kernel.org/' 2>/dev/null | \
    tr '"' '\n' | \
    grep '\.sign$'
)"

keyIds=$(
  echo "${signatures}" | \
    parallel -j0 "$0" "{}" \; 2> /dev/null | \
    sort -u
)

for ((i=0; i<$lvl; i++))
do
  keyIds=$(
    gpg --list-sigs ${keyIds} | \
      grep '^sig\s' | \
      sed 's|^sig\s.\{8\}\s\([0-9A-F]\{8\}\)\s.*$|0x\1|' | \
      sort -u
  )
  echo "${keyIds}" | \
    xargs -n50 gpg --recv-keys
done