#!/bin/bash

## Copyright (C) 2026 - 2026 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -x
set -e

true "INFO: Currently running script: $BASH_SOURCE $@"

dist_build_internal_run="true"
dist_build_one_parsed="true"
dist_build_target_arch='amd64'

MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

if [ "$MYDIR" = "/usr/bin" ]; then
   true "INFO: Run from: /usr/bin"
   ## XXX: hardcoded path
   derivative_maker_source_code_dir="$HOME/derivative-maker"
else
   true "INFO: Run from: source code folder"
   derivative_maker_source_code_dir="$(cd -- "$MYDIR" && cd -- "../../../../../" && pwd)"
fi

source "$derivative_maker_source_code_dir/help-steps/pre"
source "$derivative_maker_source_code_dir/help-steps/colors"
source "$derivative_maker_source_code_dir/help-steps/variables"

source "/usr/libexec/helper-scripts/strings.bsh"
source "/usr/libexec/helper-scripts/deb822-extract.bsh"

dm_tor_update_repository() {
  local local_tor_version remote_tor_version local_tor_version_list \
    remote_tor_version_list

  ## Make sure the proxy is set up properly.
  #"${derivative_maker_source_code_dir}/build-steps.d/1200_prepare-build-machine" --flavor internal

  ## Create a fresh chroot to work in.
  #"${derivative_maker_source_code_dir}/build-steps.d/1300_cowbuilder-setup" --flavor internal

  true 'INFO: Setting cowbuilder file variables.'
  dist_build_multiarch_package_item="$dist_build_target_arch"
  set_cowbuilder_folders

  ## Copy the Tor repository sources and key into the chroot. Fix permissions on both files.
  $SUDO_TO_ROOT cp -- "${dist_build_sources_list_torproject}" "${base_folder}/etc/apt/sources.list.d/torproject.sources"
  $SUDO_TO_ROOT chmod -- 644 "${base_folder}/etc/apt/sources.list.d/torproject.sources"
  $SUDO_TO_ROOT cp -- "${derivative_maker_source_code_dir}/packages/kicksecure/anon-shared-build-apt-sources-tpo/usr/share/anon-shared-build-apt-sources-tpo/tpoarchive-keys.d/torprojectarchive.asc" "${base_folder}/etc/apt/trusted.gpg.d/torprojectarchive.asc"
  $SUDO_TO_ROOT chmod 644 -- "${base_folder}/etc/apt/trusted.gpg.d/torprojectarchive.asc"

  ## Update the apt sources within the chroot.
  $SUDO_TO_ROOT \
    $COWBUILDER_PREFIX \
      cowbuilder \
        --architecture "$dist_build_multiarch_package_item" \
        --configfile "$dist_build_pbuilder_config_file" \
        --execute \
        --basepath "$base_folder" \
        --buildplace "$cow_folder" \
        --save-after-login \
          -- \
          /usr/bin/apt-get "${APTGETOPT[@]}" update

  ## Extract the Tor version numbers from the local and remote repositories.
  true 'INFO: Extracting local Tor version number from apt list files...'
  local_tor_version_list=()
  remote_tor_version_list=()

  #local_repository_packages_file="${derivative_maker_source_code_dir}/../derivative-binary/aptrepo_local/kicksecure/dists/local/main/binary-amd64/Packages"
  local_repository_packages_file="${derivative_maker_source_code_dir}/../derivative-binary/aptrepo_remote/kicksecure/dists/trixie-developers/main/binary-amd64/Packages"
  test -r "${local_repository_packages_file}"
  ## To guard against non-malicious formatting issues such as tabs and CRLF.
  unicode-show "${local_repository_packages_file}"

  deb822_extract \
    "${local_repository_packages_file}" \
    local_tor_version_list \
    Version \
    'Package|^tor$'

  if (( ${#local_tor_version_list[@]} = 0 )) \
    || [ -z "${local_tor_version_list[0]}" ]; then
    true 'ERROR: No local Tor version detected.'
    local_tor_version=''
    exit 1
  fi

  local_tor_version="${local_tor_version_list[0]}"
  true "INFO: Local Tor version: '${local_tor_version}'"

  true 'INFO: Extracting remote Tor version number from apt list files...'

  cowbuilder_repository_packages_file="${base_folder}/var/lib/apt/lists/127.0.0.1:9977_tpo_dists_trixie_main_binary-amd64_Packages"
  test -r "${cowbuilder_repository_packages_file}"
  unicode-show "${cowbuilder_repository_packages_file}"

  deb822_extract \
    "${cowbuilder_repository_packages_file}" \
    remote_tor_version_list \
    Version \
    'Package|^tor$'

  if (( ${#remote_tor_version_list[0]} = 0 )) \
    || [ -z "${remote_tor_version_list[0]}" ]; then
    true 'ERROR: Remote Tor version could not be detected!'
    exit 1
  fi

  remote_tor_version="${remote_tor_version_list[0]}"
  true "INFO: Remote Tor version: '${remote_tor_version}'"

  check_is_not_empty_and_only_one_line local_tor_version
  check_is_not_empty_and_only_one_line remote_tor_version

  true "INFO:  Local Tor version: '${local_tor_version}'"
  true "INFO: Remote Tor version: '${remote_tor_version}'"

  if dpkg --compare-versions "${local_tor_version}" lt "${remote_tor_version}"; then
    true 'INFO: Remote Tor version is newer than local Tor version, downloading remote version...'
    dm-get-tor-from-tpo-repo
  elif dpkg --compare-versions "${local_tor_version}" gt "${remote_tor_version}"; then
    true 'ERROR: Remote Tor version is OLDER than local Tor version! Possible rollback attack?'
  else
    true 'INFO: Remote Tor version matches local Tor version, not updating, OK.'
  fi
}

true 'INFO: Start.'

dm_tor_update_repository

true 'INFO: End.'
