#!/bin/bash

## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -x
set -e

true "INFO: Currently running script: $BASH_SOURCE $@"

MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

cd "$MYDIR"
cd ..
cd help-steps

dist_build_internal_run="true"

source pre
source colors
source variables

main() {
   true "dist_local_signing_key_folder: $dist_local_signing_key_folder"
   true "dist_build_reprepro_signing_options: $dist_build_reprepro_signing_options"
   true "make_use_debsign: $make_use_debsign"

   sq-git policy describe &>/dev/null

   true "INFO: Attempting to test digital signature creation using --signer-email $DEBEMAIL"

   printf '%s\n' "test" | tee -- "$binary_build_folder_dist/test_sign_file" >/dev/null
   safe-rm --force -- "$binary_build_folder_dist/test_sign_file.asc"
   chown -- "$user_name:$user_name" "$binary_build_folder_dist/test_sign_file"

   sq inspect --cert-email "$DEBEMAIL" &>/dev/null
   sq cert lint --cert-email "$DEBEMAIL" &>/dev/null

   ## Not possible to use 'sqop' (stateless). derivative_signing_public_key_item is only the public key. Not the private key.
   #sqop sign "${derivative_signing_public_key_item}" < "$binary_build_folder_dist/test_sign_file" > "$binary_build_folder_dist/test_sign_file.asc"
   ## 'sqop' (stateless) cannot be used. 'sq' (keystore) must be used for 'split-gpg-2' compatibility.
   sq sign --signature-notation testvar testcontent --signer-email "$DEBEMAIL" --signature-file="$binary_build_folder_dist/test_sign_file.asc" -- "$binary_build_folder_dist/test_sign_file"

   sq verify --signer-email "$DEBEMAIL" --signature-file="$binary_build_folder_dist/test_sign_file.asc" -- "$binary_build_folder_dist/test_sign_file"
   ## Not possible when using '--signer-email'.
   #sqop verify "$binary_build_folder_dist/test_sign_file.asc" -- "${derivative_signing_public_key_item}" < "$binary_build_folder_dist/test_sign_file"

   safe-rm -- "$binary_build_folder_dist/test_sign_file"
   safe-rm -- "$binary_build_folder_dist/test_sign_file.asc"

   ## TODO: stub
   test -d ~/.signify
}

main "$@"
