#!/bin/sh

# Enforce that the default gnome keyring is in plaintext format.
# The rationale for this is that people generally do not know what keyring
# is and how it works, and if user password is changed (from Puavo), the
# keys in keyring will be locked and the user is repeatedly prompted to
# open keyring, not knowing what that means (the old password should be
# used for opening the keyring).  Only the default keyring will be forced
# to plaintext, other keyrings can be used normally.

set -eu

keyringdir=~/.local/share/keyrings
default_keyring_file="${keyringdir}/Default_keyring.keyring"

mkdir -m 700 -p "$keyringdir"

echo -n Default_keyring > "${keyringdir}/default"

first_line="$(head -1 "$default_keyring_file" 2>/dev/null || true)"
if [ "$first_line" != "[keyring]" ]; then
  # $default_keyring_file is either missing or in wrong format, so we
  # initialize it to provide plaintext saving of passwords.
  (
    umask 0077
    mtime=$(date +%s)
    cat <<EOF > "$default_keyring_file"
[keyring]
display-name=Default keyring
ctime=0
mtime=${mtime}
lock-on-idle=false
lock-after=false
EOF
  )
fi

# As we plan to delete the login keyring (because we can not properly use it),
# backup these once and then delete these perpetually.  (The problem in using
# the login keyring is that Puavo passwords are changed independently from
# the keyring, and "can not open keyring" messages are pointless and
# confusing to users.)
keyring_backupdir=~/.local/share/keyrings.puavobackup1
if [ ! -d "$keyring_backupdir" ]; then
  mkdir -p "$keyring_backupdir"
  cp -p "${keyringdir}/login.keyring" "$keyring_backupdir" 2>/dev/null || true
  cp -p "${keyringdir}/user.keystore" "$keyring_backupdir" 2>/dev/null || true
fi

# For Trixie+: remove pam_gnome_keyring.so from PAM rules and replace the
# logic above with this:
# rm -f "${keyring_backupdir}/login.keyring" \
#       "${keyring_backupdir}/user.keystore"
# if [ -d "$keyring_backupdir" ]; then
#   rmdir "$keyring_backupdir"
# fi
# keep this for Trixie:
rm -f "${keyringdir}/login.keyring" "${keyringdir}/user.keystore"

exit 0
