#!/bin/bash

FILE="${FILE:-canary.txt}"
SALT="${CANARY_SALT_FILE:-canary.salt}"

die() {
	if [[ -z "$1" ]]; then
		>&2 echo "Fatal error"
	else
		>&2 echo "Fatal error: $*"
	fi
	\exit 1
}

hash-extra() (
	local sep=
	case "$1" in
		-sec) 	sep=1
			shift ;;
		*) ;;
	esac
	local salt_file="$1"
	local tag="${2:-"tagged"}"
	if head -c 1 "$salt_file" >/dev/null; then
		[[ -z "$sep" ]] || printf '\n---- extra tags (via %s) ----\n' "$salt_file"
		{ echo -n "$tag: " && \
			sha256sum - "$salt_file" | sha256sum | grep -o '[^- ]*'
		} || die "Failed to write location hash to output"
	else
		die "Specified salt file '$salt_file' cannot be read: $?"
	fi
)

echo "" > $FILE || die "Cannot write to file '$FILE'"
echo "---- $(date -u) ----" >> $FILE || die "Cannot append to file '$FILE'"
echo "$1" >> $FILE || die "Cannot write message: '$1', to '$FILE'"
[[ "$CANARY_ADD_LOCATION" != 0 ]] && eval-with-aliases 'ip-ext 2>/dev/null' | hash-extra -sec "$SALT" "Source location" >> "$FILE" || >&1 echo "[!] Warning: Asked to add location, but failed to hash extra: $?, ignoring"
#sha256sum | 
echo "" >> $FILE || die "Cannot append to file '$FILE'"

gpg --armor --sign "$FILE" || die "GPG signing failed"
cat $FILE.asc >> "$FILE" || die "Failed to append signed message (tmp '${FILE}.asc') to output '$FILE'"

rm $FILE.asc || die "failed to remove temporary signed message file '${FILE}.asc'"

\exit 0