prefix?=/usr/local

cc_files=wait_for_files samizdat-pinentry krng-add-entropy samizdat-ficlonerange
cpp_files=dynmenu

compiled_programs=${cc_files} ${cpp_files}

CC=gcc -std=gnu99
CFLAGS=-Os

INSTALL_SUBMODULES = fsmgr
NO_INSTALL_SUBMODULES = cryptonomic-dyndns-server
SUBMODULES = $(INSTALL_SUBMODULES) $(NO_INSTALL_SUBMODULES)

all: ${compiled_programs} ${SUBMODULES}

.PHONY: stack install-stack
install-stack:
	curl -sSL https://get.haskellstack.org/ | sh
stack:
	@which stack >/dev/null || make install-stack

build-deps: build-deps-stamp
build-deps-stamp: build-deps.control
	sudo apt --no-upgrade install equivs libdpkg-perl
	sudo ./src/mk-build-deps --root-cmd sudo build-deps.control --install --remove
	touch $@

dynmenu: src/dynmenu.cpp | build-deps
	$(CXX) $(CFLAGS) $< -o $@ -lcurses
samizdat-pinentry: src/samizdat-pinentry.c | build-deps
	$(CC) $(CFLAGS)  $< -o $@ -lcurses
krng-add-entropy: src/krng-add-entropy.c | build-deps
	$(CC) $(CFLAGS)  $< -o $@
wait_for_files: src/wait_for_files.c | build-deps
	$(CC) $(CFLAGS)  $< -o $@
%: src/%.c | build-deps
	$(CC) $(CFLAGS)  $< -o $@

src_bin_programs = btrfs-functions.sh var.sh usb partvi

bin_programs=$(addprefix src/, $(src_bin_programs)) ${cc_files} ${btrfs_utils}

btrfs_utils=$(addprefix src/btrfs-utils/, btarfs with-btrfs-seed)

initrd_files:=$(wildcard src/initrd/*) dynmenu wait_for_files
initramfs_conf_files:=$(wildcard initramfs-tools/*)

isolinux_files:=$(wildcard isolinux/*)

clean:
	rm -f ${compiled_programs}

.PHONY: all clean

install-nested-kvm: conf/kvm.conf
	install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/
	modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true

network_filter := $(shell ./src/generate-network-filter.sh)

conf_files_out = conf/br0 conf/dnsmasq.conf conf/network_if-up.d_samizdat
conf_files_in = $(addsuffix .in, $(conf_files_out))

$(conf_files_out): $(conf_files_in) ./src/generate-network-filter.sh
	sed -e '$(network_filter)' < $@.in > $@

static_conf_files = conf/torrc conf/nbd-server conf/postfix_main.cf

SUDO_MAKE = sudo MAKEFLAGS="$$MAKEFLAGS" $(MAKE)

.PHONY: install-configuration install-bootserver install-boot-server start-bootserver
install-boot-server: install-bootserver
install-bootserver: | $(rootfs)
	exit 1; sudo initrd.sh
	$(SUDO_MAKE) instdir=/ real-install-bootserver start-bootserver

start-bootserver:
	ifup --force br0
	service dnsmasq restart
	service nbd-server restart

real-install-bootserver: $(conf_files_out) $(static_conf_files)
ifndef instdir
	$(error "You must specify instdir, for safety.")
else
	install  -p  -m0644  -DT  conf/dnsmasq.conf              ${instdir}/etc/dnsmasq.conf
	install  -p  -m0644  -DT  conf/eth0                      ${instdir}/etc/network/interfaces.d/eth0
	install  -p  -m0644  -DT  conf/br0                       ${instdir}/etc/network/interfaces.d/br0
	install  -p  -m0644  -DT  conf/network_if-up.d_samizdat  ${instdir}/etc/network/if-up.d/samizdat
	install  -p  -m0644  -DT  conf/nbd-server                ${instdir}/etc/nbd-server/conf.d/samizdat.conf
endif

install-configuration: real-install-bootserver $(conf_files_out) $(static_conf_files)
ifndef instdir
	$(error "You must specify instdir, for safety.")
else
	install  -p  -m0644  -DT  conf/postfix_main.cf           ${instdir}/etc/postfix/main.cf
	install  -p  -m0644  -DT  conf/torrc                     ${instdir}/etc/tor/torrc
endif

include user.mk

.PHONY: submodules build-submodules $(SUBMODULES)
$(SUBMODULES): stack
	@a=$$(cd $@ && (exec 3>&1; exec >&2; if test -z "$$(git ls-files)"; then git reset; fi; git status -uno -s >&3)) && (if test -z "$$a"; then set -x; git submodule update --init --recursive $@/; fi)
	$(MAKE) -C $@ $(cmd)

submodules: build-submodules

build-submodules: cmd=
build-submodules: $(SUBMODULES)

.PHONY: update-submodules
update-submodules:
	git submodule update --init --recursive

install-submodules: cmd=install
install-submodules: update-submodules $(INSTALL_SUBMODULES)

rootfs = rootfs/_filesystem/samizdat.seed.btrfs
patchfs = $(patsubst %.seed.btrfs,%.patch.btrfs,$(rootfs))
rootfs_verity = $(addsuffix .verity,$(rootfs) $(patchfs))

.PHONY: rootfs rootfs-deps
rootfs-deps:
	[ -e install-submodules-stamp ] || make install-submodules-stamp
	[ -e install-stamp ] || $(SUDO_MAKE) install-stamp

btrfs_images = $(rootfs) $(patchfs)
rootfs-clean:
	make -C rootfs clean all

rootfs: rootfs-deps $(btrfs_images) $(rootfs_verity)
	sudo mkdir -p /srv/nbd
	sudo ln -sf "$$PWD"/$(rootfs) /srv/nbd/samizdat.btrfs
ifneq (,$(patchfs))
	sudo ln -sf "$$PWD"/$(patchfs) /srv/nbd/samizdat.patch.btrfs
endif

FORCE:
$(btrfs_images): FORCE
	$(MAKE) -C rootfs $(notdir $@)

boot: rootfs
	sudo update-initramfs -u
	sudo ROOTFS=$(rootfs) ./src/parted-usb.sh

samizdat_btrfs_patch_size=256M

get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)"
get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)"
get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))"

verity_root_hash = $(shell sed -ne 's/^Root hash:[ \t]*//p' $<)

%.verity.log: %.verity
%.verity: %
	rm -f $@~tmp
	sudo veritysetup format $^ $@~tmp > $@.log~tmp
	sudo chmod 644 $@~tmp
	mv -f $@.log~tmp $@.log
	mv -f $@~tmp $@

root_hash = $(shell sed -ne 's/^Root hash: *//p' < $<.log)

veritymount: $(rootfs).verity.log
	@sudo veritysetup remove samizverity >/dev/null 2>&1 || true
	sudo veritysetup create samizverity $(basename $(basename $<)) \
			      $(basename $<) \
			      $(verity_root_hash)
	sudo veritysetup remove samizverity

rootfs/%.btrfs:
	$(SUDO_MAKE) -C rootfs $(notdir $@)

debian_dist := $(shell . /etc/os-release && printf %s $$VERSION_CODENAME)

stale = [ ! -e $@ ] || [ $$(( $$(date +%s) - $$(date -r $@ +%s) )) -gt 36000 ]

apt = $(shell which apt || which apt-get)

.PHONY: apt-get-update-stamp
apt-get-update-stamp:
	@if $(stale); then set -x; sudo $(apt) update && touch $@; fi

rootfs/seed.iso: $(rootfs) $(if $(VERITY),$(addprefix $(rootfs),.verity .verity.log))
	rm -f $@~tmp
	touch $@~tmp
	fallocate -n -l 10G $@~tmp
	xorrisofs -iso-level 3 -- \
		-outdev $@~tmp \
		$${SILENT:+ -report_about mishap} \
		-return_with FAILURE 32 \
		-volid SamizdatLive \
		-pathspecs on \
		-follow link \
		-add $^ -- \
		-follow default
	mv $@~tmp $@

.PHONY: install
install:
	$(SUDO_MAKE) install-stamp

build-submodules-stamp: build-submodules
	touch $@

install-submodules-stamp: install-submodules
	touch $@

bindir = /usr/local/bin

install-bin-programs: ${bin_programs}
	install -D -p -t ${instdir}${bindir} ${bin_programs}

CP=cp --preserve=timestamps -r

defaults_conf_files = conf/grub.default
initramfs_conf_files = $(addprefix initramfs-tools/,hooks/samizdat scripts/samizdat)
install-stamp: install-bin-programs ${compiled_programs}
	install -m644 --backup=t -t /etc/apt/sources.list.d -- conf/bookworm.list
	install -m644 --backup=t -T -- conf/grub.default /etc/default/grub
	install -t /etc/initramfs-tools/hooks   -- initramfs-tools/hooks/samizdat
	install -t /etc/initramfs-tools/scripts -- initramfs-tools/scripts/samizdat
	touch $@

.PHONY: update upgrade up upgrade-key initrd

initrd: install
	sudo update-initramfs -u

update: apt-get-update-stamp
	git pull --ff-only --recurse-submodules

upgrade: install-submodules install
	sudo update-initramfs -u

upgrade-key: upgrade key

.PHONY: usb key emu testinitrdkey testinitrd total-destroy persist

PERSIST_FILE = partitions/_liveboot/persist.img

persist: | $(PERSIST_FILE)
$(PERSIST_FILE):
	$(MAKE) -C partitions $(patsubst partitions/%,%,$@)

usb emu efi: initrd rootfs
key keymu emu-key: initrd
cleanmu: rootfs-clean total-destroy emu
up: update upgrade
mu: up cleanmu

usb emu key keymu emu-key total-destroy efi:
	$(MAKE) -C partitions clean $@

testinitrdkey: keymu
testinitrd: emu