# This is recent - Pentoo not Funtoo
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-

BASE_PORTDIR=/usr/portage

keyf=/usr/share/openpgp-keys/gentoo-release.asc
[ -f $keyf ] || exit 1

gpg2 --disable-dirmngr --list-keys --with-sig-check --keyring $keyf >/tmp/G$$.log # 2>&1 || exit 1
# gpg: 1 bad signature on Clipos
# gpg: 1 bad signature on Pentoo19
if grep 'bad signature' /tmp/G$$.log ; then
    echo ERROR: bad signature /tmp/G$$.log # exit 2
    # sig-3  BB572E0E2D182910 2009-08-25  Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
    gpg2 --disable-dirmngr --batch --delete-key BB572E0E2D182910
fi

# numbers 1-3 for certificate check level (see --ask-cert-level)
grep '^sig-[0-9]' /tmp/G$$.log && { echo WARN: bad signature ; exit 3 ;}
# gpg: 104 signatures not checked due to missing keys

[ -f $BASE_PORTDIR/Manifest ] || exit 0
# on stderr!
gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit 3
# DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
# grep 'This key has expired' /tmp/K$$.log && exit 3
grep 'using RSA key' /tmp/K$$.log || exit 4
grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5

if route | grep -q ^default ; then
    . /root/bin/tor.sh
    wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0
    grep "`cat /tmp/K$$.key`" /tmp/K$$.html || {
	echo ERROR: failed  'Primary key fingerprint:' "`cat /tmp/K$$.key`"
	exit 5
	}
  fi

exit 0