#!/usr/bin/python3.13
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

import argparse
import sys

import portage
import portage.exception

portage._internal_caller = True
from portage import gpkg


def main(
    gpkg_file, keep_current_signature=False, allow_unsigned=False, skip_signed=False
):
    eout = portage.output.EOutput()

    if not portage.settings.get("BINPKG_GPG_SIGNING_GPG_HOME"):
        eout.eerror("BINPKG_GPG_SIGNING_GPG_HOME is not set")
        exit(1)

    if not portage.settings.get("BINPKG_GPG_SIGNING_KEY"):
        eout.eerror("BINPKG_GPG_SIGNING_KEY is not set")
        exit(1)

    try:
        package = gpkg.gpkg(settings=portage.settings, gpkg_file=gpkg_file)
        if allow_unsigned:
            package.request_signature = False
        package._verify_binpkg()
        if skip_signed and package.signature_exist:
            eout.einfo(f"{gpkg_file} already signed, skipping.")
            return
        package.update_signature(keep_current_signature=keep_current_signature)
        eout.einfo(f"{gpkg_file} signed.")
    except portage.exception.FileNotFound:
        eout.eerror(f"File not found: {gpkg_file}")
        exit(1)
    except portage.exception.InvalidBinaryPackageFormat:
        eout.eerror(f"Invalid binary package format: {gpkg_file}")
        exit(1)
    except portage.exception.SignatureException:
        eout.eerror(f"Signature exception: {gpkg_file}")
        exit(1)


if __name__ == "__main__":
    usage = "gpkg-sign [options] <gpkg package file>"
    parser = argparse.ArgumentParser(usage=usage)
    parser.add_argument(
        "--keep-current-signature",
        action="store_true",
        help="Keep existing signature when updating signature (default: false)",
    )
    parser.add_argument(
        "--allow-unsigned",
        action="store_true",
        help="Allow signing from unsigned packages when binpkg-request-signature is enabled (default: false)",
    )
    parser.add_argument(
        "--skip-signed",
        action="store_true",
        help="Skip signing if a package is already signed (default: false)",
    )
    options, args = parser.parse_known_args(sys.argv[1:])

    if not args:
        parser.error("no GPKG oackage file specified")

    main(
        args[0],
        keep_current_signature=options.keep_current_signature,
        allow_unsigned=options.allow_unsigned,
        skip_signed=options.skip_signed,
    )
