#!/usr/bin/env bash
set -Eeuo pipefail

thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/.constants.sh" \
	'<target-dir> <suite> <timestamp>' \
	'rootfs stretch 2017-05-08T00:00:00Z'

targetDir="${1:-}"; shift || eusage 'missing target-dir'
suite="${1:-}"; shift || eusage 'missing suite'
timestamp="${1:-}"; shift || eusage 'missing timestamp'
[ -n "$targetDir" ] # must be non-empty

if [ -e "$targetDir" ] && [ -z "$(find "$targetDir" -maxdepth 0 -empty)" ]; then
	echo >&2 "error: '$targetDir' already exists (and isn't empty)!"
	exit 1
fi

epoch="$(date --date "$timestamp" '+%s')"
export SOURCE_DATE_EPOCH="$epoch"

mirror="$("$thisDir/.snapshot-url.sh" "@$epoch")"
secmirror="$("$thisDir/.snapshot-url.sh" "@$epoch" 'debian-security')"

debootstrap \
	--force-check-gpg \
	--merged-usr \
	--variant=minbase \
	"$suite" "$targetDir" "$mirror"
echo "$epoch" > "$targetDir/debuerreotype-epoch"

"$thisDir/debuerreotype-gen-sources-list" "$targetDir" "$suite" "$mirror" "$secmirror"

# since we're minbase, we know everything included is either essential, or a dependency of essential, so let's get clean "apt-mark showmanual" output
"$thisDir/debuerreotype-chroot" "$targetDir" apt-mark auto '.*' > /dev/null

echo 'debuerreotype' > "$targetDir/etc/hostname"
echo "$epoch" \
	| md5sum \
	| cut -f1 -d' ' \
	> "$targetDir/etc/machine-id" # TODO should we only do this if "/etc/machine-id" already exists?
{
	echo 'nameserver 8.8.8.8'
	echo 'nameserver 8.8.4.4'
} > "$targetDir/etc/resolv.conf"
chmod 0644 \
	"$targetDir/etc/hostname" \
	"$targetDir/etc/machine-id" \
	"$targetDir/etc/resolv.conf"

# https://bugs.debian.org/857803
# adjust field 3 in /etc/shadow and /etc/shadow- to $(( epoch / 60 / 60 / 24 )), if it's larger
sp_lstchg="$(( epoch / 60 / 60 / 24 ))"
for shadowFile in etc/shadow etc/shadow-; do
	newShadowFile="$shadowFile.debuerreotype"
	awk -F ':' \
		-v OFS=':' \
		-v sp_lstchg="$sp_lstchg" \
		'{
			if ($3 > sp_lstchg) {
				$3 = sp_lstchg
			}
			print
		}' "$targetDir/$shadowFile" > "$targetDir/$newShadowFile"
	if [ "$(< "$targetDir/$shadowFile")" != "$(< "$targetDir/$newShadowFile")" ]; then
		# use "cat" instead of "mv" so permissions don't change
		cat "$targetDir/$newShadowFile" > "$targetDir/$shadowFile"
	fi
	rm -f "$targetDir/$newShadowFile"
done
