#!/bin/bash -e

if [[ -z $SANDBOXED ]]; then
  [[ -d /run/user/$UID/gnupg ]] && bind_gnupg=("--ro-bind" "/run/user/$UID/gnupg" "/run/user/$UID/gnupg")
  exec bwrap --unshare-all --ro-bind / / --tmpfs /home --tmpfs /tmp \
    --tmpfs /run "${bind_gnupg[@]}" \
    --proc /proc --dev /dev --die-with-parent \
    --ro-bind "$0" /tmp/recv_gpg_keys \
    --bind ~/.lilac/gnupg "$HOME/.gnupg" \
    --ro-bind PKGBUILD /tmp/PKGBUILD --chdir /tmp --setenv SANDBOXED 1 \
    /tmp/recv_gpg_keys "$@"
fi

. /usr/share/makepkg/util.sh
. ./PKGBUILD
for key in "${validpgpkeys[@]}"; do
  echo "Receiving key ${key}..."
  # try both servers as some keys exist one place and others another
  # we also want to always try to receive keys to pick up any update
  timeout -v 60 gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" || true
  timeout -v 60 gpg --keyserver hkps://keys.openpgp.org --recv-keys "$key" || true
done
