#!/bin/sh -eu
# SYNTAX: [--forget|--preset] $uid_email [...]
# DESCRIPTION: encapsuleur de gpg-preset-passphrase(1) facilitant son usage.
# XXX: il faut que gpg-agent(1) soit configuré avec allow-preset-passphrase.
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh

if ! grep -Fqx allow-preset-passphrase $HOME/.gnupg/gpg-agent.conf &&
 ! pgrep -fx >/dev/null '.*gpg-agent .*--allow-preset-passphrase.*'
 then
	cat >&2 <<-EOF
		${tput_rev-}WARNING${tput_sgr0-}: you MUST configure gpg-agent(1) with allow-preset-passphrase.
		EOF
	#exit 1
 fi

command=$1; shift
PATH="$PATH$(find /usr/lib/ -mindepth 2 -maxdepth 3 -type f -executable -name gpg-preset-passphrase -printf ':%h')"
for uid in "$@"
 do
	pass_file="$tool"/var/sec/openpgp/"$uid".pass.gpg
	test -e "$pass_file"
	
	IFS= read -r pass <<-EOF
		$(gpg --decrypt "$pass_file")
		EOF
	for fpr in $("$tool"/remote/gpg --list-secret-keys \
	 --with-colons --with-fingerprint --with-fingerprint \
	 -- "$@" | grep '^fpr:' | cut -d : -f 10)
	 do gpg-preset-passphrase $command ${TRACE:+--verbose} $fpr <<-EOF
		$pass
		EOF
	 done
 done