#!/bin/sh

set -e

dump_source="${1:-https://pgp.key-server.io/sks-dump/}"

if [ "$(id -un)" != debian-sks ]; then
    printf "SKS db setup script (%s) should only be run by debian-sks user\n" "$0" >&2
    exit 1
fi

for dbloc in /var/lib/sks/DB /var/lib/sks/PTree; do
    if [ -e "$dbloc" ]; then
        printf "Database location %s is already present; you have probably already set up SKS.\nAborting $0\n" "$dbloc" "$0" >&2
        exit 1
    fi
done

if ls /var/lib/sks/dump/*.pgp 2>/dev/null >/dev/null; then
    printf "It looks like a keydump has already been fetched, so we will skip that part.\nIf you want a fresh keydump, remove the following files and re-run %s\n" "$0" >&2
    ls /var/lib/sks/dump/*.pgp >&2
else
    printf "Fetching keydump from %s to /var/lib/sks/dump...\n" "$dump_source"

    (cd /var/lib/sks/dump &&
            wget --quiet -recursive --no-parent --no-directories \
                 --accept pgp --execute robots=off "$dump_source")
fi
/usr/lib/sks/sks_build.sh

cat >&2 <<EOF
The sks database is now configured but the daemons aren't yet running!

If you're using systemd, you can start the daemons with:

   systemctl start sks

and you can enable them permanently (so that they start automatically
at every boot) with:

   systemctl enable sks

If you're using SKS on the public Internet, please subscribe to the
operators mailing list <sks-devel@nongnu.org>
(https://lists.nongnu.org/mailman/listinfo/sks-devel/) and read the
current advice on server configuration:

  https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering

EOF
