#!/bin/bash

## Copyright (C) 2026 - 2026 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## File-level disable: the script body below the early `exit 0` (TODO
## stub, see comment near the top) is intentionally dead. Drop the
## directive and the `exit 0` when the script is finished.
# shellcheck disable=SC2317

set -x
set -o errexit
set -o nounset
set -o pipefail
set -o errtrace
shopt -s inherit_errexit
shopt -s shift_verbose

true "INFO: Currently running script: ${BASH_SOURCE[0]} $*"

## TODO
exit 0

MYDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" && pwd )"

if [ "$MYDIR" = "/usr/bin" ]; then
   true "INFO: Run from: /usr/bin"
   ## XXX: hardcoded path
   derivative_maker_source_code_dir="$HOME/derivative-maker"
else
   true "INFO: Run from: source code folder"
   derivative_maker_source_code_dir="$(cd -- "$MYDIR" && cd -- "../../../../../" && pwd)"
fi

source "$derivative_maker_source_code_dir/help-steps/pre"

source "/usr/libexec/helper-scripts/strings.bsh"
source "/usr/libexec/helper-scripts/deb822-extract.bsh"

dm_tor_update_repository() {
  local local_tor_version remote_tor_version local_tor_version_list \
    remote_tor_version_list

  ## Make sure the proxy is set up properly.
  #"${derivative_maker_source_code_dir}/build-steps.d/1200_prepare-build-machine" --flavor source

  ## Create a fresh chroot to work in.
  #"${derivative_maker_source_code_dir}/build-steps.d/1300_cowbuilder-setup" --flavor source --target source

  ## TODO: broken
  true 'INFO: Setting cowbuilder file variables.'
  set_cowbuilder_folders

  ## Sanity test.
  test -d "${base_folder}"

  ## Copy the Tor repository sources and key into the chroot. Fix permissions on both files.
  $SUDO_TO_ROOT cp -- "${dist_build_sources_list_torproject}" "${base_folder}/etc/apt/sources.list.d/torproject.sources"
  $SUDO_TO_ROOT chmod -- 644 "${base_folder}/etc/apt/sources.list.d/torproject.sources"
  $SUDO_TO_ROOT cp -- "${derivative_maker_source_code_dir}/packages/kicksecure/anon-shared-build-apt-sources-tpo/usr/share/anon-shared-build-apt-sources-tpo/tpoarchive-keys.d/torprojectarchive.asc" "${base_folder}/etc/apt/trusted.gpg.d/torprojectarchive.asc"
  $SUDO_TO_ROOT chmod 644 -- "${base_folder}/etc/apt/trusted.gpg.d/torprojectarchive.asc"

  ## Sanity test.
  test -n "$DIST_APTGETOPT_SERIALIZED"
  test -n "$SUDO_TO_ROOT"

  ## Update the apt sources within the chroot.
  $SUDO_TO_ROOT \
    ${COWBUILDER_PREFIX:-} \
      cowbuilder \
        --architecture "$dist_build_multiarch_package_item" \
        --configfile "$dist_build_pbuilder_config_file" \
        --execute \
        --basepath "$base_folder" \
        --buildplace "$cow_folder" \
        --save-after-login \
          -- \
          apt-get "${DIST_APTGETOPT[@]}" update

  ## Extract the Tor version numbers from the local and remote repositories.
  true 'INFO: Extracting local Tor version number from apt list files...'
  local_tor_version_list=()
  remote_tor_version_list=()

  #local_repository_packages_file="${derivative_maker_source_code_dir}/../derivative-binary/aptrepo_local/kicksecure/dists/local/main/binary-amd64/Packages"
  local_repository_packages_file="${derivative_maker_source_code_dir}/../derivative-binary/aptrepo_remote/kicksecure/dists/trixie-developers/main/binary-amd64/Packages"
  test -r "${local_repository_packages_file}"
  ## To guard against non-malicious formatting issues such as tabs and CRLF.
  unicode-show "${local_repository_packages_file}"

  deb822_extract \
    "${local_repository_packages_file}" \
    local_tor_version_list \
    Version \
    'Package|^tor$'

  if [ "${#local_tor_version_list[@]}" -eq 0 ] \
    || [ -z "${local_tor_version_list[0]-}" ]; then
    true 'ERROR: No local Tor version detected.'
    local_tor_version=''
    exit 1
  fi

  local_tor_version="${local_tor_version_list[0]}"
  true "INFO: Local Tor version: '${local_tor_version}'"

  true 'INFO: Extracting remote Tor version number from apt list files...'

  cowbuilder_repository_packages_file="${base_folder}/var/lib/apt/lists/127.0.0.1:9977_tpo_dists_trixie_main_binary-amd64_Packages"
  test -r "${cowbuilder_repository_packages_file}"
  unicode-show "${cowbuilder_repository_packages_file}"

  deb822_extract \
    "${cowbuilder_repository_packages_file}" \
    remote_tor_version_list \
    Version \
    'Package|^tor$'

  if [ "${#remote_tor_version_list[@]}" -eq 0 ] \
    || [ -z "${remote_tor_version_list[0]-}" ]; then
    true 'ERROR: Remote Tor version could not be detected!'
    exit 1
  fi

  remote_tor_version="${remote_tor_version_list[0]}"
  true "INFO: Remote Tor version: '${remote_tor_version}'"

  check_is_not_empty_and_only_one_line local_tor_version
  check_is_not_empty_and_only_one_line remote_tor_version

  true "INFO:  Local Tor version: '${local_tor_version}'"
  true "INFO: Remote Tor version: '${remote_tor_version}'"

  if dpkg --compare-versions "${local_tor_version}" lt "${remote_tor_version}"; then
    true 'INFO: Remote Tor version is newer than local Tor version, downloading remote version...'
    dm-get-tor-from-tpo-repo
  elif dpkg --compare-versions "${local_tor_version}" gt "${remote_tor_version}"; then
    true 'ERROR: Remote Tor version is OLDER than local Tor version! Possible rollback attack?'
  else
    true 'INFO: Remote Tor version matches local Tor version, not updating, OK.'
  fi
}

true 'INFO: Start.'

dm_tor_update_repository

true 'INFO: End.'
