#!/bin/bash

# Ugly key exporter/splitter for APT's keyring
# (c) 2022 by crt0mega
if [ $(command -v sudo) ]; then
	declare SU=$(command -v sudo)
else
	declare SU="$(command -v su) -c"
fi

if ! [ $(id -u) == 0 ]; then
	echo "This script must be run as root."
	$SU $0
	exit
fi

declare KEYFILE="/etc/apt/trusted.gpg"
declare NEWPATH="/etc/apt/trusted.gpg.d"
declare GPG_CMD=$(command -v gpg)
declare GPG_LIST="--keyring $KEYFILE --no-default-keyring --list-public-keys --with-colons"
declare GPG_EXPORT="--keyring $KEYFILE --no-default-keyring --export --armor"

declare i=0
declare e=0

# Get a list of all public keys
echo "Getting list of keys from $KEYFILE ..."
declare KEY_LIST=$($GPG_CMD $GPG_LIST | grep "pub" | cut -d: -f 5)

# Export each key in an ASCII armored file
for key in $KEY_LIST; do
	echo "Exporting $key ..."
	$GPG_CMD $GPG_EXPORT --output $NEWPATH/$key.asc $key

	if ! [ $? == 0 ]; then
		echo Error exporting key $key
		((e++))
	fi

	((i++))
done

echo "$((i - e)) keys exported."

if ! [ $e == 0 ]; then
	echo "There have $e been errors. Exiting."
	exit
fi

if [ $i == 0 ]; then
	echo "No keys have been exported. Exiting."
	exit
fi

read -n 1 -p "All keys have been exported. Do you wish to delete APT's deprecated keyring? (Y/N) "
echo

if [ "${REPLY^^}" == "Y" ]; then
	rm $KEYFILE
fi

read -n 1 -p "APT needs to be refreshed. Run apt-get update now? (Y/N) "
echo

if [ "${REPLY^^}" == "Y" ]; then
	apt-get update
fi

echo "Finished."