#!/bin/sh

# rsync plugin
#
# ENVIRONMENT VARIABLES:
#	URL		URL to download known_hosts file from
#	SIGURL		URL of the OpenPGP signature
#	KEYRING		path to the OpenPGP keyring with certificates
#

set -e

ln -f current new || true
rsync -vt --timeout=300 "${URL}" new

if [ "${SIGURL}" ]; then
	rsync -vt --timeout=300 "${SIGURL}" new.sig
	if command -v sopv >/dev/null; then
		sopv verify new.sig "${KEYRING}" <new || exit 1
	else
		gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
	fi
	# return 1 because it's not clear what other codes may be safe to
	# use that do not overlap with codes from rsync.
fi	

# vim:set ft=sh: