#!/bin/sh

# Download a list of Gemini hosts from gemini://geminispace.info/known-hosts

set -o errexit  # (-e) exit immediately if any command has a non-zero exit status
set -o nounset  # (-u) don't accept undefined variables
#set -o xtrace  # for debugging

# Go where this script is.
cd "$(dirname "$0")" || exit

# If Agunua is installed, use it.
if command -v agunua >/dev/null; then
  # Using Agunua is more secure, because it does certificate pinning.
  hosts=$(agunua --insecure --binary gemini://geminispace.info/known-hosts \
    | grep "gemini://" | cut -d ' ' -f 3)
else
  # If Agunua is not installed, pipe the request into OpenSSL s_client.
  hosts=$(printf "gemini://geminispace.info/known-hosts\r\n" \
    | timeout 5 openssl s_client -quiet -connect "geminispace.info:1965" 2>/dev/null \
    | grep "gemini://" | cut -d ' ' -f 3)
fi

if [ -z "$hosts" ]; then
  >&2 echo "hosts file download failed."
  exit 1
fi

# Add a few hosts that are missing from geminispace.info
hosts="$hosts
illegaldrugs.net
feeds.drewdevault.com"

# Remove a host which changes its cert every few minutes.
hosts=$(echo "$hosts" | grep -v 'tofu-tester.random-projects.net:1966')

# Save to file.
echo "$hosts" | sort | uniq > hosts

echo OK