#!/bin/bash
#
Usage() {
    cat <<EOF
Usage: ${0##*/} keyring pubkeys
   create a keyring at 'keyring' with public keys in pubkeys imported.
   does not touch your ~/.gnupg

   if a keyring is named 'NONE' or 'NONE.gpg' it is just skipped.
EOF
}
# create a keyring at $1 with publieput public keys into keyring
# keyring pubkeys

TEMP_D=$(mktemp -d "${TMPDIR:-/tmp}/${0##*/}.XXXXXX")
WORKING_KEYRING="${TEMP_D}/target.gpg"
cleanup() {
   [ ! -d "${TEMP_D}" ] || rm -Rf "${TEMP_D}"
}
fail() { echo "$@" 1>&2; exit 1; }
trap cleanup EXIT

keyring="$1"
shift;

gpg_opts=(
   --ignore-time-conflict --no-options --no-default-keyring
   --homedir "$TEMP_D"
   "--primary-keyring=$WORKING_KEYRING" "--keyring=$WORKING_KEYRING"
)

if [ -f "$keyring" ]; then
   cp "$keyring" "${WORKING_KEYRING}" ||
      fail "failed cp '$keyring' to working dir"
else
   : > "${WORKING_KEYRING}"
fi

for pubkey in "$@"; do
   case "${pubkey##*/}" in
      NONE|NONE.gpg) continue;;
   esac
   gpg "${gpg_opts[@]}" --import "$pubkey" ||
      fail "failed to import '$pubkey' to '$keyring'"
done

mv "$WORKING_KEYRING" "$keyring" ||
   fail "failed to move populated target keyring to '$keyring'"

exit
