#!/bin/bash
# created by Tobias Powalowski <tpowa@archlinux.org>
_DIR="$(date +%Y.%m)"
_ISO_HOME="/home/tobias/Arch/iso"
_ISO_HOME_ARCH="${_ISO_HOME}/${_ARCH}"
_ISO_HOME_SOURCE="${_ISO_HOME}/${_ARCH}/sources/${_DIR}"
_ISO_BUILD_DIR="$(mktemp -d "${_ISO_HOME_ARCH}"/server-release.XXX)"
_SERVER="pkgbuild.com"
_SERVER_HOME="/home/tpowa"
_SERVER_PUBLIC="${_SERVER_HOME}/public_html"
_SERVER_IMAGE_DIR="${_SERVER_PUBLIC}/archboot-images"
_SERVER_SOURCE_DIR="${_SERVER_PUBLIC}/archboot-sources"
_ARCHBOOT_PUBLIC="https://pkgbuild.com/~tpowa"
_ARCHBOOT_SOURCE="${_ARCHBOOT_PUBLIC}/archboot-sources"
_PACMAN_AARCH64="pacman-aarch64-chroot"
_PACMAN_AARCH64_CHROOT="${_PACMAN_AARCH64}-latest.tar.zst"
_PACMAN_AARCH64_CHROOT_PUBLIC="${_ARCHBOOT_PUBLIC}/archboot-helper/${_PACMAN_AARCH64}"
_PACMAN_AARCH64_SERVER="${_SERVER_PUBLIC}/archboot-helper/${_PACMAN_AARCH64}"
_USER="tobias"
_GROUP="users"
_GPG="--detach-sign --no-armor --batch --passphrase-file /etc/archboot/gpg.passphrase --pinentry-mode loopback -u 7EDF681F"

_update_aarch64_pacman_chroot() {
    # update aarch64 pacman chroot
    cd "${_ISO_HOME}" || exit 1
    [[ -d "${_PACMAN_AARCH64}" ]] || mkdir "${_PACMAN_AARCH64}"
    echo "Downloading archlinuxarm pacman aarch64 chroot..."
    [[ -f pacman-aarch64-chroot-latest.tar.zst ]] && rm pacman-aarch64-chroot-latest.tar.zst{,.sig}
    wget ${_PACMAN_AARCH64_CHROOT_PUBLIC}/${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1
    # verify dowload
    sudo -u "${_USER}" gpg --verify "${_PACMAN_AARCH64_CHROOT}.sig" >/dev/null 2>&1 || exit 1
    bsdtar -C "${_PACMAN_AARCH64}" -xf "${_PACMAN_AARCH64_CHROOT}" >/dev/null 2>&1
    echo "Removing installation tarball ..."
    rm ${_PACMAN_AARCH64_CHROOT}{,.sig} >/dev/null 2>&1
    # update container to latest packages
    echo "Update container to latest packages..."
    systemd-nspawn -D "${_PACMAN_AARCH64}" pacman -Syu --noconfirm >/dev/null 2>&1 || exit 1
    # remove package cache
    echo "Remove package cache from container ..."
    rm ${_PACMAN_AARCH64}/var/cache/pacman/pkg/* >/dev/null 2>&1
    # enable parallel downloads
    sed -i -e 's:^#ParallelDownloads:ParallelDownloads:g' "${_PACMAN_AARCH64}"/etc/pacman.conf
    # fix network in container
    rm "${_PACMAN_AARCH64}/etc/resolv.conf"
    echo "nameserver 8.8.8.8" > "${_PACMAN_AARCH64}/etc/resolv.conf"
    echo "Clean container, delete not needed files from ${_PACMAN_AARCH64} ..."
    rm -r "${_PACMAN_AARCH64}"/usr/include >/dev/null 2>&1
    rm -r "${_PACMAN_AARCH64}"/usr/share/{man,doc,info} >/dev/null 2>&1
    echo "Generating tarball ..."
    tar -acf "${_PACMAN_AARCH64_CHROOT}" -C "${_PACMAN_AARCH64}" .
    echo "Removing ${_PACMAN_AARCH64} ..."
    rm -r "${_PACMAN_AARCH64}"
    echo "Finished container tarball."
    #shellcheck disable=SC2086
    sudo -u "${_USER}" gpg ${_GPG} "${_PACMAN_AARCH64_CHROOT}"
    chown "${_USER}:${_GROUP}" ${_PACMAN_AARCH64_CHROOT}{,.sig}
    echo "Uploading files to ${_SERVER}:${_PACMAN_AARCH64_SERVER} ..."
    sudo -u "${_USER}" scp -q ${_PACMAN_AARCH64_CHROOT}{,.sig} ${_SERVER}:${_PACMAN_AARCH64_SERVER} || exit 1
}

_update_source() {
    if [[ -d "${_ISO_HOME_SOURCE}" ]];then
        rm -r "${_ISO_HOME_SOURCE}"
        mkdir -p "${_ISO_HOME_SOURCE}"
    else 
        mkdir -p "${_ISO_HOME_SOURCE}"
    fi
    echo "Creating ${_ARCH} archboot repository ..."
    "archboot-${_ARCH}-create-repository.sh" "${_ISO_HOME_SOURCE}" || exit 1
    echo "Uploading files to ${_SERVER}:${_SERVER_HOME} ..."
    sudo -u "${_USER}" scp -q -r "${_ISO_HOME_SOURCE}" "${_SERVER}":"${_SERVER_HOME}"/ || exit 1
    sudo -u "${_USER}" ssh "${_SERVER}" <<EOF
rm -r "${_SERVER_SOURCE_DIR}/${_ARCH}/${_DIR}"
rm -r "${_SERVER_SOURCE_DIR}/${_ARCH}/$(date -d "$(date +) - 3 month" +%Y.%m)"
mv "${_DIR}" "${_SERVER_SOURCE_DIR}/${_ARCH}"
cd "${_SERVER_SOURCE_DIR}/${_ARCH}"
rm latest
ln -s "${_DIR}" latest
EOF
}

_server_release() {
    cd "${_ISO_HOME_ARCH}" || exit 1
    "archboot-${_ARCH}-release.sh" "${_ISO_BUILD_DIR}" "${_ARCHBOOT_SOURCE}/${_ARCH}/${_DIR}" || rm -r "${_ISO_BUILD_DIR}"
    # set user rights on files
    [[ -d "${_ISO_BUILD_DIR}" ]] || exit 1
    chmod 755 "${_ISO_BUILD_DIR}"
    chown -R "${_USER}:${_GROUP}" "${_ISO_BUILD_DIR}"
    cd "${_ISO_BUILD_DIR}" || exit 1
    # remove sha256sum
    rm sha256sum.txt
    # sign files and create new sha256sum.txt
    for i in *; do
        #shellcheck disable=SC2086
        [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}"
        [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt
        [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt
    done
    for i in boot/*; do
        #shellcheck disable=SC2086
        [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}"
        [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt
        [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt
    done
    chown -R "${_USER}:${_GROUP}" ./*
    cd ..
    [[ -d "archive" ]] || mkdir archive
    [[ -d "archive/${_DIR}" ]] && rm -r "archive/${_DIR}"
    [[ -d "${_DIR}" ]] && mv "${_DIR}" archive/
    mv "${_ISO_BUILD_DIR}" "${_DIR}"
    # copy files to server
    echo "Uploading files to ${_SERVER}:${_SERVER_HOME} ..."
    sudo -u "${_USER}" scp -q -r "${_DIR}" "${_SERVER}":"${_SERVER_HOME}/" || exit 1
    # move files on server, create symlink and remove 3 month old release
    sudo -u "${_USER}" ssh "${_SERVER}" <<EOF
rm -r "${_SERVER_IMAGE_DIR}"/"${_ARCH}"/"${_DIR}"
rm -r "${_SERVER_IMAGE_DIR}"/"${_ARCH}"/"$(date -d "$(date +) - 3 month" +%Y.%m)"
mv "${_DIR}" "${_SERVER_IMAGE_DIR}"/"${_ARCH}"
cd "${_SERVER_IMAGE_DIR}"/"${_ARCH}"
rm latest
ln -s "${_DIR}" latest
EOF
}

