#!/bin/sh -ex
NGINX_GPG_KEYS="B0F4253373F8F6F510D42178520A9993A1C052F8"

# NGINX_VERSION is provided by the Nginx Docker image as env var
NGINX_URL="https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"

curl -fSL "$NGINX_URL" -o nginx.tar.gz
curl -fSL "$NGINX_URL.asc" -o nginx.tar.gz.asc

# GnuPG download integrity check
GNUPGHOME="$(mktemp -d)"
export GNUPGHOME
for server in \
	ha.pool.sks-keyservers.net  \
	hkp://keyserver.ubuntu.com:80 \
	hkp://p80.pool.sks-keyservers.net:80 \
	pgp.mit.edu \
; do
	echo "Fetching GPG key $NGINX_GPG_KEYS from $server"
	gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPG_KEYS" && found=yes && break
done
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz
rm -rf "$GNUPGHOME" nginx.tar.gz.asc