#!/bin/bash
# Re-sign the .cvmfswhitelist of given repository, or all repositories 
#  if none is specified.  Should be run about every 20 days on the
#  oasis machine as root and also when adding a new repository.

ME="`basename $0`"

usage()
{
    echo "Usage: $ME [reponame]" >&2
    exit 1
}

case $# in
    0) set -- `cd /srv/cvmfs && ls -d *.*`;;
    1) ;;
    *) usage;;
esac

MASTERKEY=/etc/cvmfs/keys/oasis.opensciencegrid.org.masterkey
# masterkeycard access sometimes fails, so check it twice if needed
if [ ! -f $MASTERKEY ] && ! cvmfs_server masterkeycard -k >/dev/null &&
        ! cvmfs_server masterkeycard -k >/dev/null; then
    echo "$ME: this should only be run on the stratum 0 when the masterkey is available" >&2
    exit 1
fi

RET=0
for name; do
    if [ ! -d "/srv/cvmfs/$name" ]; then
	echo "$ME: invalid repository name $name" >&2
	exit 1
    fi

    REPOKEY=""
    if [ -f $MASTERKEY ]; then
        # just in case masterkeycard isn't working
        REPOKEY=/etc/cvmfs/keys/$name.masterkey
        if [ ! -f $REPOKEY ]; then
            cp $MASTERKEY $REPOKEY
        else
            REPOKEY=""
        fi
    fi
    echo -n "$name: "
    if ! cvmfs_server resign -w /srv/cvmfs/$name/.cvmfswhitelist $name; then
        # if one fails, try the others but exit with an error code
        RET=1
    fi
    if [ -n "$REPOKEY" ]; then
        rm -f $REPOKEY
    fi
done

exit $RET
