#!/bin/bash
#
# Copyright (C) 2021 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

. $SCRIPT_DIR/common.sh

iptables=iptables-1.8.7
debian_iptables=1.8.7-1
cuttlefish=android-cuttlefish

setup_and_build_iptables() {
  get_installed_packages >/root/originally-installed

  # Install everything needed from bullseye to build iptables
  apt-get install -y \
    build-essential \
    autoconf \
    automake \
    bison \
    debhelper \
    devscripts \
    fakeroot \
    flex \
    libmnl-dev \
    libnetfilter-conntrack-dev \
    libnfnetlink-dev \
    libnftnl-dev \
    libtool

  # Construct the iptables source package to build
  mkdir -p /usr/src/$iptables

  cd /usr/src/$iptables
    # Download a specific revision of iptables from AOSP
    wget -qO - \
      https://android.googlesource.com/platform/external/iptables/+archive/master.tar.gz | \
      tar -zxf -
    # Download a compatible 'debian' overlay from Debian salsa
    # We don't want all of the sources, just the Debian modifications
    # NOTE: This will only work if Android always uses a version of iptables
    #       that exists for Debian as well.
    debian_iptables_dir=pkg-iptables-debian-$debian_iptables
    wget -qO - \
      https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/-/archive/debian/$debian_iptables/$debian_iptables_dir.tar.gz | \
      tar --strip-components 1 -zxf - \
      $debian_iptables_dir/debian
  cd -

  cd /usr/src
    # Generate a source package to leave in the filesystem. This is done for
    # license compliance and build reproducibility.
    tar --exclude=debian -cf - $iptables | \
      xz -9 >$(echo $iptables | tr -s '-' '_').orig.tar.xz
  cd -

  cd /usr/src/$iptables
    # Build debian packages from the integrated iptables source
    dpkg-buildpackage -F -d -us -uc
  cd -

  get_installed_packages >/root/installed
  remove_installed_packages /root/originally-installed /root/installed
  apt-get clean
}

install_and_cleanup_iptables() {
  cd /usr/src
    # Find any packages generated, resolve to the debian package name, then
    # exclude any compat, header or symbol packages
    packages=$(find -maxdepth 1 -name '*.deb' | colrm 1 2 | cut -d'_' -f1 |
               grep -ve '-compat$\|-dbg$\|-dbgsym$\|-dev$' | xargs)
    # Install the patched iptables packages, and 'hold' then so
    # "apt-get dist-upgrade" doesn't replace them
    apt-get install --allow-downgrades -y -f \
      $(for package in $packages; do echo ./${package}_*.deb; done | xargs)
    for package in $packages; do
      echo "$package hold" | LANG=C dpkg --set-selections
    done
    update-alternatives --set iptables /usr/sbin/iptables-legacy

    # Tidy up the mess we left behind, leaving just the source tarballs
    rm -rf $iptables *.{buildinfo,changes,deb,dsc}
  cd -
}

setup_and_build_cuttlefish() {
  get_installed_packages >/root/originally-installed

  # Install everything needed from bullseye to build cuttlefish-common
  apt-get install -y \
    cdbs \
    config-package-dev \
    debhelper \
    dpkg-dev \
    git \
    golang

  if [ "$(uname -m)" = "arm64" ]; then
    apt-get install -y libc6-dev:amd64
  fi

  # Fetch cuttlefish and build it for cuttlefish-common
  git clone https://github.com/google/android-cuttlefish.git /usr/src/$cuttlefish
  cd /usr/src/$cuttlefish
    dpkg-buildpackage -d -uc -us
  cd -

  get_installed_packages >/root/installed
  remove_installed_packages /root/originally-installed /root/installed
  apt-get clean
}

install_and_cleanup_cuttlefish() {
  # Install and clean up cuttlefish-common
  cd /usr/src
    apt-get install -y -f ./cuttlefish-common_*.deb
    rm -rf $cuttlefish cuttlefish*.{buildinfo,changes,deb,dsc}
  cd -
}

bullseye_cleanup() {
  # SELinux is supported by our kernels, but we don't install the policy files
  # which causes an error to be printed by systemd. Disable selinux.
  echo "SELINUX=disabled" >/etc/selinux/config

  # Switch binfmt misc over to a static mount, to avoid an autofs4 dependency
  systemctl mask proc-sys-fs-binfmt_misc.automount
  systemctl enable proc-sys-fs-binfmt_misc.mount

  # This package gets pulled in as a phantom dependency. Remove it
  apt-get purge -y gcc-9-base

  cleanup
}