#!/bin/sh

if [ -z "$COSMOS_KEYS" ]; then
   COSMOS_KEYS=/etc/cosmos/keys
fi

# Install new keys discovered in the $COSMOS_KEYS directory
for k in $COSMOS_KEYS/*.pub; do
   fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
   # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again.
   cosmos gpg --with-colons --fingerprint | grep -v "^pub:e:" | grep -q ":$fp:" || cosmos gpg --import < $k
done

# Delete keys no longer present in $COSMOS_KEYS directory
for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5 }'`; do
   seen="no"
   for k in $COSMOS_KEYS/*.pub; do
      cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
   done
   if [ "x$seen" = "xno" ]; then
      cosmos gpg --yes --batch --delete-key $fp || true
   fi
done