#!/bin/sh

# lh_chroot_sources(1) - manage /etc/apt/sources.list
# Copyright (C) 2006-2008 Daniel Baumann <daniel@debian.org>
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
# This is free software, and you are welcome to redistribute it
# under certain conditions; see COPYING for details.

set -e

# Including common functions
LH_BASE="${LH_BASE:-/usr/share/live-helper}"

for FUNCTION in "${LH_BASE}"/functions/*.sh
do
	. "${FUNCTION}"
done

# Setting static variables
DESCRIPTION="manage /etc/apt/sources.list"
HELP=""
USAGE="${PROGRAM} {install|remove} [--force]"

Arguments "${@}"

# Reading configuration files
Read_conffile config/all config/common config/bootstrap config/chroot config/binary config/source
Set_defaults

# Requiring stage file
Require_stagefile .stage/config .stage/bootstrap

_LH_LOCAL_KEY_EMAIL="live-helper-local-key@invalid"

case "${1}" in
	install)
		Echo_message "Configuring file /etc/apt/sources.list"

		# Checking stage file
		Check_stagefile .stage/chroot_sources

		# Checking lock file
		Check_lockfile .lock

		# Creating lock file
		Create_lockfile .lock

		# Configure custom sources.list
		echo "deb ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_CATEGORIES}" > chroot/etc/apt/sources.list

		if [ "${LH_SOURCE}" = "enabled" ]
		then
			echo "deb-src ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_CATEGORIES}" >> chroot/etc/apt/sources.list
		fi

		if [ "${LH_SECURITY}" = "enabled" ]
		then
			if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ]
			then
				echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_CATEGORIES}" >> chroot/etc/apt/sources.list

				if [ "${LH_SOURCE}" = "enabled" ]
				then
					echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_CATEGORIES}" >> chroot/etc/apt/sources.list
				fi
			fi
		fi

		# Check local sources.list
		if Find_files config/chroot_sources/*.chroot
		then
			echo "" >> chroot/etc/apt/sources.list
			echo "# Custom repositories" >> chroot/etc/apt/sources.list

			for FILE in config/chroot_sources/*.chroot
			do
				cat ${FILE} | grep -v "^##" >> chroot/etc/apt/sources.list
			done
		fi

		# Configure local package repository
		if Find_files config/chroot_local-packages/*.deb
		then
			rm -rf chroot/root/local-packages
			mkdir -p chroot/root/local-packages

			if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ]
			then
				CP_OPTIONS="-l"
			fi

			# Copy packages
			if Find_files config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb
			then
				cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb chroot/root/local-packages
			fi

			if Find_files config/chroot_local-packages/*_all.deb
			then
				cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages
			fi

			if Find_files chroot/root/local-packages/*.deb
			then
				# If we bootstrapped a minimal chroot, we need
				# to install apt-utils before we have have
				# completed all the indices.
				case "${LH_BOOTSTRAP_FLAVOUR}" in
					stripped|minimal)
						Chroot "apt-get update"
						;;
				esac

				# Restoring cache
				Restore_cache cache/packages_chroot

				# Check depends
				Check_package chroot/usr/bin/apt-ftparchive apt-utils

				# Installing depends
				Install_package

				# Generate Packages and Packages.gz 
				echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot sh
				gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz

				# Generate Release
				echo "cd /root/local-packages && apt-ftparchive \
					-o APT::FTPArchive::Release::Origin=chroot_local-packages \
					release . > Release" | Chroot sh

				if [ "${LH_APT_SECURE}" = "enabled" ]
				then
					_LH_DOTGNUPG_EXISTED=0
					if [ -d chroot/root/.gnupg ]
					then
						_LH_DOTGNUPG_EXISTED=1
					fi

					# Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9)
					mkdir -p chroot/root/.gnupg

					# Temporarily replace /dev/urandom with /dev/random so as not
					# to block automated image builds; we don't care about the
					# security of this key anyway.
					mv chroot/dev/random chroot/dev/random.orig
					cp -a chroot/dev/urandom chroot/dev/random

					if Find_files cache/local-package-keyring.*
					then
						cp cache/local-package-keyring.* chroot/root
					else
						# Generate temporary key
						echo "Key-Type: RSA
						      Key-Length: 1024
						      Subkey-Type: ELG-E
						      Subkey-Length: 1024
						      Name-Real: live-helper local packages key
						      Name-Email: ${_LH_LOCAL_KEY_EMAIL}
						      Expire-Date: 0
						      %secring /root/local-package-keyring.sec
						      %pubring /root/local-package-keyring.pub
						      %commit" | Chroot "gpg --batch --gen-key" || _LH_RET=${?}

						case "${_LH_RET}" in
							""|2)
								# Gnupg sometimes seems to return with a status of 2 when there was not
								# enough entropy (and key creation blocks temporarily) even if the
								# operation was ultimately successful.
								;;
							*)
								Echo_error "GPG exited with error status %s" "${_LH_RET}"
								exit ${_LH_RET}
								;;
						esac

						# Save keyrings to avoid regeneration
						cp chroot/root/local-package-keyring.* cache/
					fi

					# Sign release
					Chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
						--keyring /root/local-package-keyring.pub -abs -o \
						/root/local-packages/Release.gpg /root/local-packages/Release"

					# Import key
					Chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
						--keyring /root/local-package-keyring.pub --armor \
						--export ${_LH_LOCAL_KEY_EMAIL}" | Chroot "apt-key add -"

					# Remove temporary keyrings
					rm chroot/root/local-package-keyring.pub
					rm chroot/root/local-package-keyring.sec

					# Revert /dev/random
					mv chroot/dev/random.orig chroot/dev/random

					# Remove /root/.gnupg if we created it during the signing process
					if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ]
					then
						rm -rf chroot/root/.gnupg
					fi
				fi

				# Add to sources.list
				echo "" >> chroot/etc/apt/sources.list
				echo "# Local packages" >> chroot/etc/apt/sources.list
				echo "deb file:/root/local-packages ./" >> chroot/etc/apt/sources.list

				# Removing depends
				Remove_package

				# Saving cache
				Save_cache cache/packages_chroot
			else
				Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'."
			fi
		fi

		# Update indices from cache
		if [ "${LH_CACHE_INDICES}" = "enabled" ] && [ -d cache/indices_bootstrap ]
		then
			if Find_files cache/indices_bootstrap/secring.gpg*
			then
				cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt
			fi

			if Find_files cache/indices_bootstrap/trusted.gpg*
			then
				cp -f cache/indices_bootstrap/trusted.gpg* chroot/etc/apt
			fi

			if [ -f cache/indices_bootstrap/pkgcache.bin ]
			then
				cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt
			fi

			if [ -f cache/indices_bootstrap/srcpkgcache.bin ]
			then
				cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt
			fi

			if Find_files cache/indices_bootstrap/*_Packages
			then
				cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists
			fi

			if Find_files cache/indices_bootstrap/*_Sources
			then
				cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists
			fi

			if Find_files cache/indices_bootstrap/*_Release*
			then
				cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists
			fi

			if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ]
			then
				Chroot "apt-get ${APT_OPTIONS} install aptitude"
			fi
		else # Get fresh indices
			# Check local gpg keys
			if Find_files config/chroot_sources/*.chroot.gpg
			then
				for FILE in config/chroot_sources/*.chroot.gpg
				do
					cp ${FILE} chroot/root
					Chroot "apt-key add /root/$(basename ${FILE})"
					rm -f chroot/root/$(basename ${FILE})
				done
			fi

			# Check local keyring packages
			if Find_files config/chroot_sources/*.deb
			then
				for PACKAGE in config/chroot_sources/*.deb
				do
					cp ${PACKAGE} chroot/root
					Chroot "dpkg -i /root/$(basename ${PACKAGE})"
					rm -f chroot/root/$(basename ${PACKAGE})
				done
			fi

			# Installing aptitude
			if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ]
			then
				Chroot "apt-get ${APT_OPTIONS} update"
				Chroot "apt-get ${APT_OPTIONS} install aptitude"
			fi

			Apt update
			Apt upgrade
			Apt dist-upgrade

			# Installing keyring packages
			if [ -n "${LH_KEYRING_PACKAGES}" ]
			then
				Chroot "apt-get --yes --force-yes install ${LH_KEYRING_PACKAGES}"
				Apt update
			fi

			if [ "${LH_CACHE_INDICES}" = "enabled" ]
			then
				mkdir -p cache/indices_bootstrap

				cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap
				cp -f chroot/etc/apt/trusted.gpg* cache/indices_bootstrap

				cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap

				if Find_files chroot/var/cache/apt/srcpkgcache.bin
				then
					cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap
				fi

				cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap

				if Find_files chroot/var/lib/apt/lists/*_Sources
				then
					cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap
				fi

				cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap
			fi
		fi

		# Creating stage file
		Create_stagefile .stage/chroot_sources
		;;

	remove)
		Echo_message "Deconfiguring file /etc/apt/sources.list"

		# Checking lock file
		Check_lockfile .lock

		# Creating lock file
		Create_lockfile .lock

		# Configure generic indices
		if [ "${LH_BINARY_INDICES}" = "enabled" ]
		then
			# Don't do anything if it's not required
			if [ "${LH_MIRROR_CHROOT}" = "${LH_MIRROR_BINARY}" ] && \
			[ "${LH_MIRROR_CHROOT_SECURITY}" = "${LH_MIRROR_BINARY_SECURITY}" ] && \
			[ ! -d chroot/root/local-packages ]
			then
				# Removing stage file
				rm -f .stage/chroot_sources

				exit 0
			fi

			# Cleaning apt list cache
			rm -rf chroot/var/lib/apt/lists
			mkdir -p chroot/var/lib/apt/lists/partial

			echo "deb ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_CATEGORIES}" > chroot/etc/apt/sources.list

			if [ "${LH_SOURCE}" = "enabled" ]
			then
				echo "deb-src ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_CATEGORIES}" >> chroot/etc/apt/sources.list
			fi

			if [ "${LH_SECURITY}" = "enabled" ]
			then
				if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ]
				then
					echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_CATEGORIES}" >> chroot/etc/apt/sources.list

					if [ "${LH_SOURCE}" = "enabled" ]
					then
						echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_CATEGORIES}" >> chroot/etc/apt/sources.list
					fi
				fi
			fi

			# Check local sources.list
			if Find_files config/chroot_sources/*.binary
			then
				echo "" >> chroot/etc/apt/sources.list
				echo "# Custom repositories" >> chroot/etc/apt/sources.list

				for FILE in config/chroot_sources/*.binary
				do
					cat ${FILE} | grep -v "^##" >> chroot/etc/apt/sources.list
				done
			fi

			# Check local gpg keys
			if Find_files config/chroot_sources/*.binary.gpg
			then
				for FILE in config/chroot_sources/*.binary.gpg
				do
					cp ${FILE} chroot/root
					Chroot "apt-key add /root/$(basename ${FILE})"
					rm -f chroot/root/$(basename ${FILE})
				done
			fi

			# Updating indices
			Apt update
		fi

		# Cleaning apt packages cache
		rm -rf chroot/var/cache/apt
		mkdir -p chroot/var/cache/apt/archives/partial

		# Remove local package repository
		rm -rf chroot/root/local-packages

		# Remove local packages key if it exists
		if apt-key list | grep -q ${_LH_LOCAL_KEY_EMAIL}
		then
			apt-key del ${_LH_LOCAL_KEY_EMAIL}
		fi

		# Removing stage file
		rm -f .stage/chroot_sources
		;;

	*)
		Usage
		;;
esac