#!/bin/bash -e
# Mostly inspired from https://earthly.dev/blog/creating-and-hosting-your-own-deb-packages-and-apt-repo/#pgp-gpg-and-gnupgp

if [ -f "signing.key" ]; then
	echo "signing.key exists, refuse to override" 1>&2
	exit 1
fi

# Create temporary directory
GNUPGHOME="$(mktemp --directory /tmp/pgpkeys-XXXXXX)"
export GNUPGHOME
echo "Creating a temporary keyring at $GNUPGHOME..."
chmod 700 "$GNUPGHOME"

# Create the request
echo "Key-Type: RSA
Key-Length: 4096
Name-Real: supercow signing key
Name-Email: supercow@example.com
Expire-Date: 0
%no-ask-passphrase
%no-protection
%commit" > "$GNUPGHOME/batchrequest"

# Execute request
gpg --no-tty --batch --gen-key "$GNUPGHOME/batchrequest"
gpg --armor --export-secret-keys > signing.key

# Cleanup
echo "Removing temporary keyring at $GNUPGHOME..."
rm -rf "$GNUPGHOME"