#!/bin/bash
# Cross-check for key-signing party followup
# Currently tuned for KVM Forum 2017

ME=${0##*/}

case $# in
  1) my_id=$1 ;;
  *) echo "Usage: $ME YOUR_GPG_KEY_ID" 1>&2; exit 1;;
esac

: ${use_temp_keyring=y}
: ${refresh=y}

# Key IDs of the people who participated in the kvm gpg key-signing.
keys='
be86ebb415104fdf
a7a16b4a2527436a
b90bc7abe7c41e65
0d8721d82838c7d8
0516331ebc5bfde7
ad1270cc4dd0279b
64df38e8af7e215f
9ca4abb381ab73c8
71d4d5e5822f73d6
dae8e10975969ce5
5bca8ae0f14191d4
3c2525ed14360cde
df32e7c0f0fff9a2
f407db0061d5cf40
7f09b272c88f2fd6
ca35624c6a9171c6
'

# Given gpg --list-sig ... output, print only those lines that start
# with "uid" and contain an "@"; print each unique name only once.
uid_name_filter() { grep '^uid.*@' | sort -t'<' -u -k1,1 |
			sed 's/^uid[[:space:]]*/  /'; }

if test "$use_temp_keyring" = y; then
  # Create a temporary directory in which to download keys.
  export GNUPGHOME=$(mktemp -d)

  # Remove it upon interrupt and upon normal termination.
  for sig in 1 2 3 13 15; do eval "trap 'exit $(expr $sig + 128)' $sig";
done
  trap 'rm -fr "$GNUPGHOME"' 0

  # Use a server that's better than the default.
  echo keyserver hkp://pool.sks-keyservers.net > "$GNUPGHOME/gpg.conf"

  # Get latest keys/signatures from key servers.
  gpg --recv-keys $(echo $keys)
else
  test "$refresh" = y \
    && gpg --refresh-keys $(echo $keys)
fi

echo
echo who appears not to have signed $my_id:
s=$(gpg --list-sig $my_id)
gpg --list-keys \
    $(for i in $(echo $keys); do echo "$s" | grep -qi $i || echo $i; done) \
  | uid_name_filter
echo

echo who has not yet uploaded a signature by $my_id on their key:
for i in $(echo $keys); do
  gpg --list-sig $i | grep -qi $my_id || gpg --list-key $i
done | uid_name_filter