#!/bin/bash

# runs on the buildmaster only, works currently only there
#
# calls all subscripts to build the iso, sign it, generate checksums,
# update the website, update RSS feeds, feed the torrents, etc.
#
# this script is supposed to be used by Archlinux32 people only
# as it contains hard-coded pathes and server names..

# prerequisites:
# - mkinitcpio-archiso32 and archiso32 installed on the host
# - https://git.archlinux32.org/releng checked out locally
# - pacman-mirrorlist32 for /etc/pacman.d/mirrorlist32
# - mktorrent, python-feedgenerator, transmission-cli, hefur

# parameters
CONFIG="releng"
ARCH="i686"
#ARCH = "dual"
DESC="i686 only"
#DESC="dual bootable"
DATE=$(date +%Y.%m.%d)
ISO="archlinux32-${DATE}-${ARCH}.iso"
SIGNATURE="${ISO}.sig"
TORRENT="${ISO}.torrent"
TORRENT_SERVER="localhost"
#TORRENT_SERVER="archlinux32.org"
WEBSITE_DIR="/srv/http/archlinux32.org"
MIRROR_DIR="/srv/http/mirror/mirror.archlinux32.org"
ARCHISOS_DIR="${MIRROR_DIR}/archisos/"
MIRROR_USER='mirror'
MIRROR_GROUP='mirror'
#Andreas Baumann (sign) <mail@andreasbaumann.cc>
SIGN_KEY='16194A82231E9EF823562181C8E8F5A0AF9BA7E7'
# Archlinux 32 Release Key <release@archlinux32.org>
#SIGN_KEY='33CA3597B0D161AAE4173F65C17F1214114574A4'

base_dir=$(
  readlink -e "${0%/*}"
)

pushd() {
    command pushd "$@" > /dev/null
}

popd() {
    command popd "$@" > /dev/null
}

export pushd popd

# fail on first error
set -e

# cleanup hook
tmp_dir="$(mktemp -d)"
cleanup() {
  if mountpoint -q "${tmp_dir}"; then
    sudo umount "${tmp_dir}"
  fi
  rm -rf --one-file-system "${tmp_dir}"
}
trap cleanup EXIT

# build the ISO
echo "Building ISO.."
"${base_dir}/build-iso" --config="${CONFIG}" --arch "${ARCH}" \
  --output-dir="${ARCHISOS_DIR}" --iso "${ISO}"

# sign ISO
echo "Signing ISO.."
pushd "${ARCHISOS_DIR}"
rm -rf "${ISO}.sig"
gpg --local-user "${SIGN_KEY}" --batch --no-tty --detach-sign "${ISO}" </dev/null
popd

# checksum the ISO and the signature
echo "Updating checksum files.."
pushd "${ARCHISOS_DIR}"
[ ! -f sha512sums ] || sed -i "/${ISO}$/d" sha512sums
sha512sum "${ISO}" >> sha512sums
[ ! -f md5sums ] || sed -i "/${ISO}$/d" md5sums
md5sum "${ISO}" >> md5sums
sort -k2,2 sha512sums --output sha512sums
sort -k2,2 md5sums --output md5sums
popd

# check sanity of ISO
echo "Checking ISO.."
"${base_dir}/check-iso" --output-dir "${ARCHISOS_DIR}" --check --expected-sign-key "${SIGN_KEY}"
if [ $? = 1 ]; then
  >&2 echo "The ISO file '${iso}' is not sane. Not continuing!"
  #~ rm -f "${iso}"
  exit 1
fi

# date used for torrents and commit message
date=$(echo "${ISO}" \
  | sed 's/^.*-\([^-]\+\)-[^-]\+$/\1/' \
  | sort -u
)

# generate torrents (currently broken)
echo "Generating torrents.."
#~ bash -x "${base_dir}/al32-mktorrent.sh" -d "${date}" -t "hefur@${TORRENT_SERVER}:" "${ARCH}"

# update web page
echo "Updating website.."
git -C "${WEBSITE_DIR}" reset --hard
git -C "${WEBSITE_DIR}" pull --ff-only
"${base_dir}/update-website" \
  --website-dir="${WEBSITE_DIR}" \
  --mirror-dir="${MIRROR_DIR}" \
  --iso="${ISO}" \
  --update-iso \
  --update-mirrors

#~ git -C "${WEBSITE_DIR}" commit 'download/index.html' -m 'download/index.html: new isos ('"${date}"')'
#~ git -C "${WEBSITE_DIR}" push

# when did we last updates the 
date +%s > "${ARCHISOS_DIR}/lastupdate"

# set permissions correctly of all generated or changed fles
echo "Fixing/setting permissions.."
#chown "${MIRROR_USER}:${MIRROR_GROUP}" \
#  "${ARCHISOS_DIR}/${ISO}" "${ARCHISOS_DIR}/${SIGNATURE}" "${ARCHISOS_DIR}/${TORRENT}" \
#  "${ARCHISOS_DIR}/sha512sums" "${ARCHISOS_DIR}/md5sums" "${ARCHISOS_DIR}/lastupdate"

echo "Finished."

exit 0

#--
# TODO from here:

archive='/mnt/archlinux32archive'
destination='/mnt/archlinux32/archisos'

    mv $(
      printf '%s.torrent\n' ${isos}
    ) feed_dual.rss feed_i686.rss "${destination}/"

# torrent generation

# ATM no torrents
# ATM no dual
#      --torrent-seed-dual "https://pool.mirror.archlinux32.org/archisos/archlinux32-${date}-dual.iso.torrent" \
#       --torrent-seed-i686 "https://pool.mirror.archlinux32.org/archisos/archlinux32-${date}-i686.iso.torrent" \
#

# this seems to be cleanup of old isos (which must be moved to the archive
# should be in a separate script too like cleanup-isos, can then be called in build-all

    find "${destination}" \( -name 'archlinux32-*' -o -name 'archlinux-*' \) -not -name 'archlinux32-'"${date}"'-*' \
    | while read -r to_delete; do
      if diff -q "${to_delete}" "${archive}/iso/${to_delete#${destination}/}" >/dev/null; then
        rm "${to_delete}"
        printf '%s\n' "${to_delete}" \
        | sed '
          s@^.*/@@
          s/\./\\./g
          s@.*@/  \0$/d@
        '
      fi
    done \
    >> "${tmp_dir}/delete-regex"
    sed -i -f "${tmp_dir}/delete-regex" "${destination}/sha512sums"
    sed -i -f "${tmp_dir}/delete-regex" "${destination}/md5sums"

    echo '... done.'
    ;;