#!/bin/bash

# Copyright 2016 Matthew Thode
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail

[ -n "${ARCH}" ]
[ -n "${TARGET_ROOT}" ]

P_SUFFIX="${GENTOO_PROFILE#$GENTOO_BASE_PROFILE}"
F_SUFFIX="${P_SUFFIX//\//\-}"
if [[ ${F_SUFFIX} != *"-systemd" ]]; then
    # NOTE(JayF): OpenRC is implied, and appended to the filename, unless systemd is specified.
    F_SUFFIX="${F_SUFFIX}-openrc"
fi

DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"https://distfiles.gentoo.org/releases/${ARCH}/autobuilds/latest-stage3-${ARCH}${F_SUFFIX}.txt"}
echo "Fetching available stages from ${DIB_CLOUD_SOURCE} for profile ${GENTOO_PROFILE}"

STAGE_LIST=$(curl "${DIB_CLOUD_SOURCE}" -s -f || true)
if [[ -z ${STAGE_LIST} ]]; then
    echo "Unable to find a stage list for ${GENTOO_PROFILE} at ${DIB_CLOUD_SOURCE}."
    echo "This element only currently supports profiles included in the periodic"
    echo "Gentoo autobuilds."
    exit 1
fi

UPSTREAM_FILENAME=$(echo "${STAGE_LIST}" | grep -B1 'BEGIN PGP SIGNATURE' | head -n1 | cut -d\  -f1)

echo "Chose ${UPSTREAM_FILENAME} as candidate stage tarball"
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"https://distfiles.gentoo.org/releases/${ARCH}/autobuilds/${UPSTREAM_FILENAME}"}
BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename "${BASE_IMAGE_FILE}" | cut -d. -f 2,3)"}
FILENAME_BASE="gentoo-${GENTOO_PROFILE//\//\-}.${BASE_IMAGE_FILE_SUFFIX}"
SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.asc}"
CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"

if [[ -n "${DIB_OFFLINE}" ]] && [[ -f "${CACHED_FILE}" ]] ; then
    echo "Not checking freshness of cached ${CACHED_FILE}"
else
    echo 'Fetching Base Image'
    "${TMP_HOOKS_PATH}"/bin/cache-url "${SIGNATURE_FILE}" "${CACHED_SIGNATURE_FILE}"
    "${TMP_HOOKS_PATH}"/bin/cache-url "${BASE_IMAGE_FILE}" "${CACHED_FILE}"
    pushd "${DIB_IMAGE_CACHE}"
    # import the key
    # this key can be verified at one of the following places
    # https://wiki.gentoo.org/wiki/Project:RelEng#Keys
    # https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
    # https://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
    # check the sig file
    if ! gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}" "${CACHED_FILE}"; then
        echo 'invalid signature file'
        exit 1
    fi
    echo 'base image file verified'
    popd
fi

# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
# image tarball and host OS)
sudo tar -C "${TARGET_ROOT}" --numeric-owner --xattrs -xf "${CACHED_FILE}"

# Put in a dummy /etc/resolv.conf over the temporary one we used
# to bootstrap.  systemd has a bug/feature [1] that it will assume
# you want systemd-networkd as the network manager and create a
# broken symlink to /run/... if the base image doesn't have one.
# This broken link confuses things like dhclient.
# [1] https://bugzilla.redhat.com/show_bug.cgi?id=1197204
echo -e "# This file intentionally left blank\n" | sudo tee "${TARGET_ROOT}"/etc/resolv.conf

