#!/bin/bash

K3_FULLPATH=`realpath $0`
K3WRK_DIR=`dirname ${K3_FULLPATH}`
echo "Working directory = ${K3WRK_DIR}"

ARCH="x86_64"
EDITION="astra-mobile"
CODENAME="1.7_x86-64"
TYPE=""
MARCH=""
BUILDTYPE=""

if [[ -f ${K3WRK_DIR}/mobile_version ]] ; then
    . ${K3WRK_DIR}/mobile_version
    echo "ASTRA_MOBILE_VERSION=${ASTRA_MOBILE_VERSION}"
fi

ADMIN_USER_NAME="administrator"
ADMIN_USER_PASS="administrator"
#"1"

#k3 DEPENDS: qemu-user-static 
#BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"
#LT11 BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"
#BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"
#BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"

#BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"
BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"

set -e -u


_ERR_HANDLERS=()

ENV_NONINTERACTIVE="DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true"

APT_OPTIONS="-o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold"

function err_exit(){
	echo "$1"
	exit 1
}

function err_handler(){
	set +e
	trap - EXIT SIGINT SIGTERM SIGHUP

	local I=${#_ERR_HANDLERS[*]}
	while [[ $I -gt 0 ]]; do
		I=$((I-1))
		/bin/bash -c "${_ERR_HANDLERS[$I]}"
	done
	
	err_exit "Error detected"
}

function push_err_handler(){
	[[ $# -lt 1 ]] && err_exit "Usage: add_err_handler <COMMAND> <ARGS...>"
	local LEN=${#_ERR_HANDLERS[*]}
	_ERR_HANDLERS[$LEN]="$@"
}

function pop_err_handler(){
	local LEN=$((${#_ERR_HANDLERS[*]}-1))
	[[ $LEN -ge 0 ]] && unset _ERR_HANDLERS[$LEN]
}

function sec_to_str()
{
	[[ $# -ne 1 ]] && err_exit "Usage: sec_to_str <SECONDS>"
	local SEC="$1"
	local H=$((SEC / 3600))
	local M=$(((SEC / 60) % 60))
	local S=$((SEC % 60))
	printf "%d:%02d:%02d\n" "$H" "$M" "$S"
}

function str_to_sec()
{
	[[ $# -ne 1 ]] && err_exit "Usage: str_to_sec <H:M:S>"
	local STR="$1"
	STR=${STR//:0/:}
	local H=${STR%%:*}
	local M=${STR#*:}; M=${M%:*}
	local S=${STR##*:}
	printf "%d\n" $((H * 3600 + M * 60 + S))
}

function CAN_FAIL()
{
	[[ $# -lt 1 ]] && err_exit "Usage: CAN_FAIL <FUNCTION> [ARGS...]"
	local FUNCTION=$1; shift
	set +e
	$FUNCTION "$@"
	RES=$?
	set -e
}

function TRY()
{
	[[ $# -lt 3 ]] && err_exit "Usage: TRY <COUNT> <INTERVAL> <FUNCTION> [ARGS...]"
	local COUNT=$1; shift
    local INTERVAL=$1; shift
    local FUNCTION=$1; shift
    local I=0

    while [[ $I -lt $COUNT ]]; do
		I=$((I+1))
		echo "TRY $I: $FUNCTION"
		
		set +e
		$FUNCTION "$@"
		local RES=$?
		set -e

		[[ $RES -eq 0 ]] && return 0
		sleep $INTERVAL
	done

	return 1
}

function create_user_in_chroot()
{
	[[ $# -ne 3 ]] && err_exit "Usage: create_user_in_chroot <CHROOT_DIR> <USER> <PASS>"
	local CHROOT_DIR="$1" USER="$2" PASS="$3"

	local USER_GROUPS="cdrom floppy audio dip video plugdev netdev lpadmin scanner render"
	
	[[ "$USER" != "root" ]] && sudo chroot "$CHROOT_DIR" adduser --disabled-password --gecos "" "$USER"

	sudo chroot "$CHROOT_DIR" /bin/bash -c "echo \"$USER:$PASS\" | chpasswd"

	for GROUP in $USER_GROUPS; do
		G=$(sudo sed -n "/^$GROUP:/p" "$CHROOT_DIR"/etc/group)
		if [[ -n "$G" ]]; then
			sudo chroot "$CHROOT_DIR" usermod -a -G "$GROUP" "$USER"
		else
			echo "Warning: group $GROUP does not exist"
		fi
	done

}

function create_admin_in_chroot()
{
	[[ $# -ne 3 ]] && err_exit "Usage: create_admin_in_chroot <CHROOT_DIR> <USER> <PASS>"
	local CHROOT_DIR="$1" USER="$2" PASS="$3"
	
	local ADMIN_GROUPS="cdrom floppy audio dip video plugdev netdev lpadmin scanner astra-console astra-admin render"
	
	create_user_in_chroot "$CHROOT_DIR" "$USER" "$PASS"
	
	sudo chroot "$CHROOT_DIR" groupadd astra-admin
	echo "%astra-admin ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a "$CHROOT_DIR"/etc/sudoers >/dev/null
	
	for GROUP in $ADMIN_GROUPS; do
		G=$(sudo sed -n "/^$GROUP:/p" "$CHROOT_DIR"/etc/group)
		if [[ -n "$G" ]]; then
			sudo chroot "$CHROOT_DIR" usermod -a -G "$GROUP" "$USER"
		else
			echo "Warning: group $GROUP does not exist"
		fi
	done
	
	#if [[ "$EDITION" == "SE" ]]; then
	#	sudo chroot "$CHROOT_DIR" pdpl-user -i 63 "$USER"
	#fi
	
	# reset faillog for admin
	if [[ -f "$CHROOT_DIR"/usr/bin/faillog ]]; then
		sudo chroot "$CHROOT_DIR" /usr/bin/faillog -u "$USER" -m 0
	fi
}

function create_firstboot_service_in_chroot()
{
	[[ $# -ne 1 ]] && err_exit "Usage: create_firstboot_service_in_chroot <CHROOT_DIR>"
	local CHROOT_DIR="$1"

	cat <<EOF | sudo tee "$CHROOT_DIR"/etc/systemd/system/first-boot-fix.service >/dev/null
[Unit]
Description=first boot fix service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/first-boot-fix.sh
[Install]
WantedBy=multi-user.target
EOF

	cat <<EOF | sudo tee "$CHROOT_DIR"/usr/local/bin/first-boot-fix.sh >/dev/null
#!/bin/bash
set -e

resizePart() {
    rootfs_part=\$(findmnt -n -o SOURCE \${1})
    rootfs_dev=\$(echo "\${rootfs_part}" | cut -d "p" -f1)
    rootfs_part_num=\$(echo "\${rootfs_part}" | tail -c2)

    echo -e "fix\n" | parted \${rootfs_dev} ---pretend-input-tty print
    #echo -e "Yes\n100%\n" | parted \${rootfs_dev} ---pretend-input-tty resizepart \${rootfs_part_num}
    echo -e "Yes\n\n" | parted \${rootfs_dev} ---pretend-input-tty resizepart \${rootfs_part_num}
    resize2fs \${rootfs_part}
}

echo "performance" > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor

resizePart /
resizePart /opt
resizePart /home

#disable flash mount lock
#astra-mount-lock disable
#astra-secdel-control disable
#astra-swapwiper-control disable
#astra-mic-control disable
#astra-mac-control disable
#chown -R astra-orientation:astra-orientation  /var/cache/astra-orientation
# fix mime-database not updating in chroot with qemu-static for armhf on 64bit host
update-mime-database /usr/share/mime
# fix X11 fonts, run mkfontsdir from postinst (the same reason as above)
dpkg-query --showformat '\${Package}\n' --show | grep "^xfonts-" | xargs --no-run-if-empty dpkg-reconfigure
# stop service
systemctl disable first-boot-fix
EOF

	sudo chmod a+x "$CHROOT_DIR"/usr/local/bin/first-boot-fix.sh
	# HUAWEI Kunpeng 920 don't support 32-bit arm
	# chroot does not work, but we can use good kludge - not now...
	sudo chroot "$CHROOT_DIR" systemctl enable first-boot-fix
	# sudo ln -fs ${CHROOT_DIR}/etc/systemd/system/first-boot-fix.service ${CHROOT_DIR}/etc/systemd/system/multi-user.target.wants/first-boot-fix.service
}





INSTALLER_IMAGE=""

while getopts ":iha:" opt; do
   case $opt in
      h) #help
         echo "Usage: create-astra-mobile-rootfs  [ -i ] [ -h ] [ -a arch ]"
         echo "-i  create installer rootfs for usb flash(10Gb) from installer-rootfs-XX.tar.gz "
         echo "-a  set architecture arm64/x86_64 (x86_64 is set by default)"
         echo "-h: print help"
         echo "examples:"
         echo "build x86_64 rootfs with logs: ./create-astra-mobile-rootfs  2>&1 | tee build-1-7.log"
         echo "build x86_64 installer rootfs with logs: ./create-astra-mobile-rootfs -i  2>&1 | tee build-i-1-7.log"
         echo "build arm64 rootfs with logs: ./create-astra-mobile-rootfs -a arm64  2>&1 | tee build-4-7.log"
         echo "build arm64 installer rootfs with logs: ./create-astra-mobile-rootfs -a arm64 -i  2>&1 | tee build-i-4-7.log"
         exit;;
      a) #install usb image
         echo "Mobile Architectire is set..."
         MARCH=${OPTARG};;
      i) #install usb image
         echo "Installer image generation..."
         INSTALLER_IMAGE="true";;
     \?) #error
         echo "ERROR: Invalid option"
         exit;;
   esac
done

if [[ ! -z "${MARCH// }" ]]; then
    if [[ "${MARCH}" ==  "arm64" ]]; then
        ARCH="arm64"
        CODENAME="4.7_arm"
#        BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"
        BASE_REPO="http://releases.devos.astralinux.ru/frozen/4.7/4.7.6/4.7.6.7/installation"
    elif [[ "${MARCH}" ==  "x86_64" ]]; then
        echo "Default architecture .. "
    else 
        echo "Architecture not supported.."
        exit 1
    fi
fi

echo "Mobile Architectire : ${ARCH} ; CODENAME=${CODENAME} "

if [[ -z "${INSTALLER_IMAGE// }" ]]; then
    CHROOT_DIR=rootfs-$CODENAME-$EDITION-$ARCH$TYPE
else
    CHROOT_DIR=installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE
fi

[[ -d "$CHROOT_DIR" ]] && echo "Warning: chroot dir $CHROOT_DIR exists" && read -n 1 -s -r -p "Press any key to continue"

if [[ -z "${INSTALLER_IMAGE// }" ]]; then

INSTALL_PKGS="fdisk lvm2 haveged bzip2 gzip xz-utils acpid anacron pcmciautils wireless-tools wpasupplicant  powertop \
apt apt-transport-https apt-utils atftp dbus  expect fakeroot logcheck lsof mc snmp \
unzip unrar openprinting-ppds dosfstools openssh-client sudo less ntfs-3g vim console-setup p7zip-full p7zip-rar zip \
libparsec-aud3 libparsec-base3 libparsec-cap3 libparsec-log3 libparsec-mac3 parsec parsec-aud parsec-base parsec-cap parsec-mac parsec-tests parsec-tools \
linux-astra-modules-common gostsum afick ufw astra-safepolicy parsec-aud bsign parsec-kiosk2 \
linux-firmware lsb-release util-linux-locales bash-completion quota \
sosreport alsa-utils anacron cups cups-client cups-pk-helper dbus-x11 desktop-base fontconfig fontconfig-config menu python-reportlab \
xorg-all-main fly-all-main avahi-daemon phonon-backend-gstreamer phonon4qt5-backend-gstreamer smolensk-security libmtp-runtime qtvirtualkeyboard-plugin network-manager-gnome \
network-manager-openvpn-gnome acpi-support astra-extra plymouth plymouth-x11 plymouth-themes-fade-in pulseaudio ufw gufw fly-admin-kiosk breeze-gtk-theme \
systray-x-minimal pinentry-qt ksystemlog system-config-audit  vlc vlc-astra  vlc-data   libxvidcore4 lame libdca0 \
gstreamer1.0-alsa gstreamer1.0-plugins-base libgstreamer-plugins-base1.0-0  libgstreamer1.0-0 astra-extra \
astra-safepolicy lsb-release acl perl-modules-5.28 debconf-i18n gnome-keyring install-info ncurses-term p11-kit traceroute vim-tiny whiptail uuid-runtime \
libreoffice libreoffice-l10n-ru libreoffice-help-ru libreoffice-astra libreoffice-gtk3 \
gutenprint-locales hplip hplip-gui hpijs-ppds printer-driver-hpcups printer-driver-hpijs printer-driver-postscript-hp libgutenprint9 libgutenprint-common kexec-tools \
chromium chromium-l10n chromium-gost rsync \
fly-pdfview kpat okular okular-extra-backends okular-mobile qml-module-org-kde-okular fly-music \
pavucontrol-qt pavucontrol-qt-l10n fly-camera  usb-modeswitch modemmanager hdparm rfkill tlp tlp-rdw bluez \
qbat ark fly-gps klines jq libxxhash0 pulseaudio-module-bluetooth \
libcupsimage2 fly-admin-int-check python3-six fly-orientation astra-plasma-mobile-configs cryptsetup dialog nano firejail-profiles"

    if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
INSTALL_PKGS="fdisk lvm2 haveged bzip2 gzip xz-utils acpid  pcmciautils wireless-tools wpasupplicant  powertop \
apt apt-transport-https apt-utils atftp dbus  expect fakeroot logcheck lsof mc snmp \
unzip unrar openprinting-ppds dosfstools openssh-client sudo less ntfs-3g vim console-setup p7zip-full p7zip-rar zip \
libparsec-aud3 libparsec-base3 libparsec-cap3  libparsec-mac3 parsec parsec-aud parsec-base parsec-cap parsec-mac parsec-tests parsec-tools \
gostsum afick ufw astra-safepolicy parsec-aud bsign parsec-kiosk2 \
linux-firmware lsb-release util-linux-locales bash-completion quota \
sosreport alsa-utils  cups cups-client cups-pk-helper dbus-x11 desktop-base fontconfig fontconfig-config menu \
xorg-all-main fly-all-main avahi-daemon phonon-backend-gstreamer   libmtp-runtime  network-manager-gnome \
network-manager-openvpn-gnome acpi-support  plymouth plymouth-x11 plymouth-themes-fade-in pulseaudio ufw gufw fly-admin-kiosk breeze-gtk-theme \
pinentry-qt ksystemlog system-config-audit  vlc vlc-astra  vlc-data   libxvidcore4 lame libdca0 \
gstreamer1.0-alsa gstreamer1.0-plugins-base libgstreamer-plugins-base1.0-0  libgstreamer1.0-0 \
astra-safepolicy lsb-release acl  debconf-i18n gnome-keyring install-info ncurses-term p11-kit traceroute vim-tiny whiptail uuid-runtime \
libreoffice libreoffice-l10n-ru libreoffice-help-ru libreoffice-astra libreoffice-gtk3 \
gutenprint-locales hplip hplip-gui hpijs-ppds printer-driver-hpcups printer-driver-hpijs printer-driver-postscript-hp libgutenprint9 libgutenprint-common \
chromium chromium-l10n  rsync \
kpat okular okular-extra-backends okular-mobile qml-module-org-kde-okular fly-music \
pavucontrol-qt pavucontrol-qt-l10n fly-camera  usb-modeswitch modemmanager hdparm rfkill tlp tlp-rdw bluez \
qbat ark fly-gps klines libxxhash0 pulseaudio-module-bluetooth \
libcupsimage2 fly-admin-int-check python3-six fly-orientation astra-plasma-mobile-configs cryptsetup dialog \
python3-reportlab exfatprogs lshw \
plymouth-astra-theme busybox zstd alsa-topology-conf alsa-ucm-conf aspell aspell-en astra-mobile-helpers bsd-mailx  catdoc colord colord-data cups-bsd \
dmidecode dns-root-data dnsmasq-base easy-rsa enchant-2 ethtool nftables \
firejail-profiles flatpak fly-camera pcscd plasma-mobile ppp iio-sensor-proxy \
kactivities-bin  kio-extras kio-extras-data mesa-va-drivers \
mesa-vdpau-drivers mesa-vulkan-drivers sane-airscan sane-utils qtspeech5-speechd-plugin qt5-gtk-platformtheme \
astra-int-check logrotate parsec-cups parsec-cups-client libwpd-tools unrtf untex userinfo usr-is-merged curl kmines kexec-tools nano firejail-profiles"


# 1.8 xml2  astra-extra perl-modules-5.28 anacron linux-astra-modules-common libparsec-log3 anacron jq phonon4qt5-backend-gstreamer python-reportlab smolensk-security
# qtvirtualkeyboard-plugin systray-x-minimal chromium-gost fly-pdfview

    fi




else

#x avahi-autoipd gpm 
#x astra-orientation

INSTALL_PKGS="astra-extra  parsec  parsec-tests  linux-astra-modules-common  astra-safepolicy lsb-release  acl  perl-modules-5.28 \
acpid  anacron  acpi  pcmciautils  powertop  apt  apt-transport-https  apt-utils \
dbus  dvd+rw-tools  expect  fakeroot   logcheck  lsof  mc  unzip  unrar libijs-0.35  dosfstools  openssh-client \
sudo less ntfs-3g  console-setup p7zip-full  p7zip-rar \
libparsec-aud3   libparsec-base3  libparsec-cap3  libparsec-log3  libparsec-mac3 parsec  parsec-aud  parsec-base  parsec-cap parsec-mac  parsec-tests  parsec-tools \
gostsum  astra-safepolicy  parsec-aud bsign  parsec-cups  linux-firmware  lsb-release \
util-linux-locales  linux-astra-modules-common  bash-completion  quota  parsec-kiosk2  astra-update  sosreport  exfat-utils \
parted fdisk lvm2 cryptsetup haveged bzip2 gzip xz-utils klibc-utils kexec-tools dialog"


    if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
INSTALL_PKGS="parsec  parsec-tests  astra-safepolicy lsb-release  acl \
acpid pcmciautils  powertop  apt  apt-transport-https  apt-utils \
dbus  dvd+rw-tools  expect  fakeroot   logcheck  lsof  mc  unzip  unrar libijs-0.35  dosfstools  openssh-client \
sudo less ntfs-3g  console-setup p7zip-full  p7zip-rar \
libparsec-aud3   libparsec-base3  libparsec-cap3    libparsec-mac3 parsec  parsec-aud  parsec-base  parsec-cap parsec-mac  parsec-tests  parsec-tools \
gostsum  astra-safepolicy  parsec-aud bsign  parsec-cups  linux-firmware  lsb-release \
util-linux-locales    bash-completion  quota  parsec-kiosk2  astra-update  sosreport \
parted fdisk lvm2 cryptsetup haveged bzip2 gzip xz-utils klibc-utils dialog \
exfatprogs lshw zstd kexec-tools"

#1.8  exfat-utils perl-modules-5.28 libparsec-log3 linux-astra-modules-common astra-extra anacron acpi
    fi

fi
RECOMMENDS_PKGS="alsa-topology-conf alsa-ucm-conf aspell aspell-en astra-mobile-helpers bsd-mailx catdoc colord colord-data cups-bsd \
dmidecode dns-root-data dnsmasq-base easy-rsa ethtool exfat-utils \
firejail-profiles fly-camera fonts-dejavu fonts-dejavu-extra fonts-freefont-ttf geoip-database gstreamer1.0-alsa \
gstreamer1.0-plugins-bad gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-pulseaudio \
gstreamer1.0-x iio-sensor-proxy kde-config-screenlocker kde-style-oxygen-qt5 kio-extras \
kio-extras-data kwin-x11 libatkmm-1.6-1v5 libavahi-glib1 libcairo-perl libcairomm-1.0-1v5 libccid libcolorhug2 libesmtp6 \
libglib-perl libglibmm-2.4-1v5 libgstreamer-gl1.0-0 libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-base1.0-0 \
libgstreamer-plugins-good1.0-0 libgstreamer1.0-0 libgtk2-perl libgtkmm-2.4-1v5 libgusb2 libhiredis0.14 libimage-exiftool-perl libio-stringy-perl \
libkdsoap1 libkf5dnssd-data libkf5dnssd5 libkf5guiaddons-bin libmaxminddb0 \
libnftables1 liboxygenstyle5-5 liboxygenstyleconfig5-5 libpackagekit-glib2-18 libpam-kwallet-common libpam-kwallet5 libpango-perl \
libpangomm-1.4-1v5 libpaper-utils libriemann-client0 \
libsigc++-2.0-0v5 libssh-4 liburi-perl libvncclient1 logrotate media-player-info mesa-va-drivers \
mesa-vdpau-drivers mesa-vulkan-drivers nftables notification-daemon opensc opensc-pkcs11 \
packagekit pcscd pigz plasma-mobile ppp publicsuffix samba-dsdb-modules sane-airscan sane-utils socat \
thin-provisioning-tools update-inetd va-driver-all vlc-l10n vlc-plugin-access-extra"

if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
RECOMMENDS_PKGS="alsa-ucm-conf aspell aspell-en astra-mobile-helpers bsd-mailx colord colord-data cups-bsd \
dmidecode dns-root-data dnsmasq-base easy-rsa ethtool exfat-utils \
fly-camera fonts-dejavu fonts-dejavu-extra fonts-freefont-ttf geoip-database gstreamer1.0-alsa \
gstreamer1.0-plugins-bad gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-pulseaudio \
gstreamer1.0-x iio-sensor-proxy kde-config-screenlocker kde-style-oxygen-qt5 kio-extras \
kio-extras-data kwin-x11 libatkmm-1.6-1v5 libavahi-glib1 libcairo-perl libcairomm-1.0-1v5 libccid libcolorhug2 libesmtp6 \
libglib-perl libglibmm-2.4-1v5 libgstreamer-gl1.0-0 libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-base1.0-0 \
libgstreamer-plugins-good1.0-0 libgstreamer1.0-0 libgtk2-perl libgtkmm-2.4-1v5 libgusb2 libhiredis0.14 libimage-exiftool-perl libio-stringy-perl \
libkdsoap1 libkf5dnssd-data libkf5dnssd5 libkf5guiaddons-bin libmaxminddb0 \
libnftables1 liboxygenstyle5-5 liboxygenstyleconfig5-5 libpackagekit-glib2-18 libpam-kwallet-common libpam-kwallet5 libpango-perl \
libpangomm-1.4-1v5 libpaper-utils libriemann-client0 \
libsigc++-2.0-0v5 libssh-4 liburi-perl libvncclient1 logrotate media-player-info mesa-va-drivers \
mesa-vdpau-drivers mesa-vulkan-drivers nftables notification-daemon opensc opensc-pkcs11 \
packagekit pcscd pigz plasma-mobile ppp publicsuffix samba-dsdb-modules sane-airscan sane-utils socat \
thin-provisioning-tools update-inetd va-driver-all vlc-l10n vlc-plugin-access-extra \
acpi hunspell  xserver-xorg-video-qxl libfaac0"
fi
#kgamma5 1.7.6base

#rk3a-client
#libkf5dbusaddons-bin libkf5dnssd-data libkf5dnssd5 libkf5guiaddons-bin \
#libkf5iconthemes-bin libkf5kcmutils-bin libkf5kdelibs4support5-bin libkf5parts-plugins libkf5xmlgui-bin

echo "--------------------------------------- stage 1 ---------------------------------------"

MACHINE_TYPE=`cat ${K3WRK_DIR}/machine_type | head -1 | tr -s ' '`
echo "MACHINE_TYPE=$MACHINE_TYPE"

if [[ "${ARCH}" ==  "x86_64" ]]; then
    debootstrap --arch=amd64 --no-check-gpg --variant=minbase \
      --components=main,contrib,non-free --include=console-setup,keyboard-configuration,locales,libparsec-base3,libpdac++,kmod \
      ${CODENAME} ${CHROOT_DIR} ${BASE_REPO}
else
    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
        qemu-debootstrap --arch=${ARCH} --no-check-gpg --variant=minbase \
            --components=imx8,main,contrib,non-free --include=console-setup,keyboard-configuration,locales,libparsec-base3,libpdac++,kmod,u-boot-tools \
            ${CODENAME} ${CHROOT_DIR} ${BASE_REPO}

    fi
    if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
        echo "KVADRAT.arm64 debootstrap.."
        qemu-debootstrap --arch=${ARCH} --no-check-gpg --variant=minbase \
            --components=kvadrat,main,contrib,non-free --include=console-setup,keyboard-configuration,locales,libparsec-base3,libpdac++,kmod,u-boot-tools \
            ${CODENAME} ${CHROOT_DIR} ${BASE_REPO}
    fi
fi

if [[ -f ${K3WRK_DIR}/machine_type ]] ; then
    cp -f ${K3WRK_DIR}/machine_type "$CHROOT_DIR"/etc/astra/
fi


trap 'err_handler' EXIT SIGINT SIGTERM

mkdir -p "$CHROOT_DIR"/{proc,sys}

mount -t proc proc "$CHROOT_DIR"/proc
push_err_handler umount "$CHROOT_DIR/proc"

mount -t sysfs sys "$CHROOT_DIR"/sys
push_err_handler umount "$CHROOT_DIR/sys"

#k3
mount -t devpts devpts "$CHROOT_DIR"/dev/pts
push_err_handler umount "$CHROOT_DIR/dev/pts"

echo "Europe/Moscow" | sudo tee "$CHROOT_DIR"/etc/timezone 
ln -sf /usr/share/zoneinfo/Europe/Moscow "$CHROOT_DIR"/etc/localtime

if [[ $(dpkg-architecture -q DEB_HOST_ARCH) == "$ARCH" ]]; then
	# if arches are equal configuring is already done, so reconfigure only date 
	#sudo chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE dpkg --configure --force-configure-any tzdata
	sudo chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE dpkg-reconfigure -f noninteractive tzdata
else
	# base-passwd must be configured before base-files
	# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924401
	# sudo chroot "$CHROOT_DIR" dpkg --configure --force-configure-any base-passwd
	# not need if not use multistrap

	echo "Europe/Moscow" | sudo tee "$CHROOT_DIR"/etc/timezone
	ln -sf /usr/share/zoneinfo/Europe/Moscow "$CHROOT_DIR"/etc/localtime
fi
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE LC_ALL=C LANGUAGE=C LANG=C dpkg --configure -a

echo "--------------------------------------- stage 2 ---------------------------------------"


cat <<EOF | chroot "$CHROOT_DIR" debconf-set-selections
keyboard-configuration	keyboard-configuration/variant		select	Russian
keyboard-configuration	keyboard-configuration/toggle		select	Alt+Shift
keyboard-configuration	keyboard-configuration/layout		select	Russian
keyboard-configuration	keyboard-configuration/model		select	Generic 105-key PC (intl.)
fly-dm					shared/default-x-display-manager	select	fly-dm
samba-common			samba-common/dhcp					boolean	false
EOF
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE dpkg-reconfigure -f noninteractive keyboard-configuration

echo "--------------------------------------- stage 3 ---------------------------------------"


echo "dash dash/sh boolean false" | chroot "$CHROOT_DIR" debconf-set-selections

# reconfigure dash to use bash instead
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE dpkg-reconfigure -f noninteractive dash

# some madness about sh.distrib
# sudo ln -f -s /bin/bash "$CHROOT_DIR"/bin/sh.distrib
ln -f -s /bin/bash "$CHROOT_DIR"/bin/sh

sed -e 's/# en_US.UTF-8/en_US.UTF-8/' -e 's/# ru_RU.UTF-8/ru_RU.UTF-8/' -i "$CHROOT_DIR"/etc/locale.gen
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE dpkg-reconfigure -f noninteractive locales
chroot "$CHROOT_DIR" update-locale LANG=ru_RU.UTF-8

sed -e 's/CODESET=".*"/CODESET="CyrSlav"/' -e 's/CHARMAP=".*"/CHARMAP="UTF-8"/' -i "$CHROOT_DIR"/etc/default/console-setup
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE dpkg-reconfigure -f noninteractive console-setup

touch "$CHROOT_DIR"/etc/fstab # need for dhclient or wait 5 min when systemd networking.service loading in qemu-system

# add cdrom0
mkdir -p "$CHROOT_DIR"/media/cdrom0
ln -sf /media/cdrom0 "$CHROOT_DIR"/media/cdrom
#echo "/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0" | sudo tee -a "$CHROOT_DIR"/etc/fstab

#k3 sudo cp "$SOURCES_LIST" "$CHROOT_DIR"/etc/apt/sources.list.d/
#k3 sudo cp "$PREFERENCES_FILE" "$CHROOT_DIR"/etc/apt/preferences.d/

#echo "APT::Default-Release \"$CODENAME\";" | sudo tee "$CHROOT_DIR"/etc/apt/apt.conf.d/10default-release >/dev/null
echo 'Dir::Bin::Methods::ftp "ftp";' | sudo tee "$CHROOT_DIR"/etc/apt/apt.conf.d/75ftp >/dev/null

chroot "$CHROOT_DIR" apt-get $APT_OPTIONS update

#if [[ "$EDITION" == "SE" ]]; then
	# fix parsec-base & libattr1 conflict
	chroot "$CHROOT_DIR" dpkg-divert --package parsec-base /etc/xattr.conf
#fi

#orel
#cat > "$CHROOT_DIR/etc/astra_license" << EOF
#MODE=0
#DESCRIPTION=base(orel)
#URL=https://astralinux.ru/information/licenses
#EOF

#voronezh
cat > "$CHROOT_DIR/etc/astra_license" << EOF
MODE=1
DESCRIPTION=advanced(voronezh)
URL=https://astralinux.ru/information/licenses
EOF

#smolensk
#cat > "$CHROOT_DIR/etc/astra_license" << EOF
#MODE=2
#DESCRIPTION=maximum(smolensk)
#URL=https://astralinux.ru/information/licenses
#EOF

echo "--------------------------------------- stage 4 ---------------------------------------"
if [[ "${ARCH}" ==  "x86_64" ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb [trusted=yes] ${BASE_REPO} ${CODENAME} main contrib non-free
EOF
else

    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb [trusted=yes] ${BASE_REPO} ${CODENAME} imx8 main contrib non-free
EOF
    fi
    if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb [trusted=yes] ${BASE_REPO} ${CODENAME} kvadrat main contrib non-free
EOF

cat > "${CHROOT_DIR}"/etc/apt/preferences << EOF
Package: *
Pin: release c=kvadrat
Pin-Priority: 1000

Package: *
Pin: release n=4.7_arm
Pin-Priority: 900

EOF

    fi
fi

chroot ${CHROOT_DIR} apt update


	case "$ARCH" in
		"arm64")
			if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
				chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-5.15-generic
			fi
			if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
				chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-5.10-generic
			fi
		;;
	esac
	# set Orel mode
	chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install astra-safepolicy systemd dbus
	chroot "$CHROOT_DIR" astra-modeswitch set 0

	chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install \
		iputils-ping dnsutils net-tools pciutils ssh sudo vim iproute2 ifupdown gdisk efibootmgr initramfs-tools  openssl ca-certificates
#netcat-openbsd
	case "$ARCH" in
	"armhf") chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install haveged
	;;
	esac
	
		
	# Check for parsec-kiosk or parsec-kiosk2 & parsec-aud parsec-cap parsec-mac (for ssh)
#	if [[ "$EDITION" == "SE" ]]; then
		chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install parsec-kiosk2 parsec-aud parsec-cap parsec-mac
#	fi
	
	# BT-9041
        if [[  -z "${INSTALLER_IMAGE// }" ]]; then

	    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install libpwquality-tools
	    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install fly-all-main network-manager-gnome
	fi
		# fix systemd/fly perms
		# sudo sed -i 's/^#ServerUID=.*/ServerUID=root/' "$CHROOT_DIR"/etc/X11/fly-dm/fly-dmrc

if [[ "${ARCH}" ==  "x86_64" ]]; then
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install grub-efi-amd64

    if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-5.15-generic linux-firmware
    fi
    if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
#        echo "goodix_ts" >> "${CHROOT_DIR}"/etc/initramfs-tools/modules
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-6.1-generic linux-firmware
    fi

    if grep -q splash "$CHROOT_DIR"/etc/default/grub ; then
        echo "already have splash in "$CHROOT_DIR"/etc/default/grub"
    else
        #variants: normal upside_down left_side_up right_side_up
        sed -i "s/quiet/quiet\ splash\ psi=1\ net.ifnames=0\ video=panel_orientation=normal/ " "$CHROOT_DIR"/etc/default/grub
#voronezh        sed -i "s/quiet/parsec.mac=0\ quiet\ splash\ psi=1\ net.ifnames=0\ video=panel_orientation=normal/ " "$CHROOT_DIR"/etc/default/grub
#lenovo        sed -i "s/quiet/quiet\ splash\ psi=1\ net.ifnames=0\ video=panel_orientation=right_side_up/ " "$CHROOT_DIR"/etc/default/grub
#mig        sed -i "s/quiet/quiet\ splash\ psi=1\ net.ifnames=0\ video=panel_orientation=left_side_up/ " "$CHROOT_DIR"/etc/default/grub
    fi

fi

if [[ "${ARCH}" ==  "arm64" ]]; then
    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install grub-efi-arm64 u-boot-imx8
    fi
    if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install grub-efi-arm64 u-boot-kvadrat
    fi
fi


#first boot action
if [[ -z "${INSTALLER_IMAGE// }" ]]; then
    create_firstboot_service_in_chroot "$CHROOT_DIR"
fi

echo "--------------------------------------- stage 5 ---------------------------------------"


	echo "evbug" | sudo tee -a "$CHROOT_DIR"/etc/modules-load.d/blacklist.conf >/dev/null
	echo "blacklist evbug" | sudo tee -a "$CHROOT_DIR"/etc/modprobe.d/blacklist.conf >/dev/null
	
	# BT-16157
	[[ -f "$CHROOT_DIR"/usr/sbin/iptables-legacy ]] && sudo chroot "$CHROOT_DIR" sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
	[[ -f "$CHROOT_DIR"/usr/sbin/ip6tables-legacy ]] && sudo chroot "$CHROOT_DIR" sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
	
	# TODO: add debug
	#sudo mkdir -p "$CHROOT_DIR"/var/log/journal
if [[ "${ARCH}" ==  "x86_64" ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb [trusted=yes] ${BASE_REPO} ${CODENAME} main contrib non-free
EOF
else
if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb [trusted=yes] ${BASE_REPO} ${CODENAME} kvadrat main contrib non-free
EOF
fi
if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb [trusted=yes] ${BASE_REPO} ${CODENAME} imx8 main contrib non-free
EOF
fi

fi

sudo chroot ${CHROOT_DIR} apt update


if [[ "$TYPE" == "" ]]; then
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install astra-safepolicy


    [[ -n "${INSTALL_PKGS+x}" ]] && sudo chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install $INSTALL_PKGS
    if [[  -z "${INSTALLER_IMAGE// }" ]]; then
        if [[ "${CODENAME}" !=  "1."[8]"_x86-64"  ]]; then
            [[ -n "${RECOMMENDS_PKGS+x}" ]] && sudo chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install $RECOMMENDS_PKGS
        fi
        sudo chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get -y purge cups-browsed
    fi
fi

#set hostname
if [[  -z "${INSTALLER_IMAGE// }" ]]; then
    echo "astra-mobile" > "$CHROOT_DIR"/etc/hostname
else
    echo "astra-mobile-installer" > "$CHROOT_DIR"/etc/hostname
fi

echo "--------------------------------------- stage 6 ---------------------------------------"



if [[ -z "${INSTALLER_IMAGE// }" ]] ; then
cat > "${CHROOT_DIR}"/usr/bin/astra-mobile-postinst-debs << EOF
#!/bin/bash
if [[ -d /root/deb ]] ; then
    ls /root/deb/*.deb > /dev/null 2>&1 || exit
    dpkg -i /root/deb/*.deb
fi
EOF
chmod 755 "${CHROOT_DIR}"/usr/bin/astra-mobile-postinst-debs
fi

if [[ ! -z "${INSTALLER_IMAGE// }" ]]; then
    cp -Rf ${K3WRK_DIR}/addon/astra-mobile-system-update "$CHROOT_DIR"/usr/sbin
    if [[ "${ARCH}" ==  "x86_64" ]]; then
        if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
            chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image*lowlatency*
        fi
        #chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image*hardened* linux-image*lowlatency* linux-image-6*
    fi
fi
    create_admin_in_chroot ${CHROOT_DIR} "${ADMIN_USER_NAME}" "${ADMIN_USER_PASS}"
#    create_user_in_chroot ${CHROOT_DIR} "${USER_USER_NAME}" "${USER_USER_PASS}"

	touch ${CHROOT_DIR}/etc/hosts

    if [[ -z "${INSTALLER_IMAGE// }" ]]; then
        sed -i '1a127.0.1.1\tastra-mobile' ${CHROOT_DIR}/etc/hosts
    else
        sed -i '1a127.0.1.1\tastra-mobile-installer' ${CHROOT_DIR}/etc/hosts

        chroot ${CHROOT_DIR} passwd -d ${ADMIN_USER_NAME}
        chroot ${CHROOT_DIR} passwd -d root
        echo "1:2345:respawn:/bin/login -f root tty1 </dev/tty1 >/dev/tty1 2>&1" > ${CHROOT_DIR}/etc/inittab
    fi

# BT-16238
truncate -s 0 ${CHROOT_DIR}/etc/motd

#1.8 del 6.6 from installer image
if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
            chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image-6.6* linux-astra-modules-6.6*
fi



echo "--------------------------------------- stage 7 ---------------------------------------"
if [[ -z "${INSTALLER_IMAGE// }" ]]; then

    PLASMA_MOBILE_PKGS="astra-plasma-mobile xwayland"

if [[ "${BUILDTYPE}" ==  "dev" ]]; then

    if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
    cat << EOF | sudo tee -a ${CHROOT_DIR}/etc/apt/sources.list
deb [trusted=yes] ftp://10.177.113.135/incoming/pek/astra-mobile-repo-X.7 1.7_x86-64 main contrib non-free
EOF
    fi

   if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
   cat << EOF | sudo tee -a ${CHROOT_DIR}/etc/apt/sources.list
deb [trusted=yes] ftp://10.177.113.135/incoming/pek/astra-mobile-repo-X.7 4.7_arm kvadrat main contrib non-free
EOF
   fi

   if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
   cat << EOF | sudo tee -a ${CHROOT_DIR}/etc/apt/sources.list
deb [trusted=yes] ftp://10.177.113.135/incoming/karakozov/astra-mobile-repo-1.7.5 4.7_arm imx8 main contrib non-free
EOF
   fi

   if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
   cat << EOF | sudo tee -a ${CHROOT_DIR}/etc/apt/sources.list
deb [trusted=yes] ftp://10.177.113.135/incoming/pek/astra-mobile-repo-X.8 1.8_x86-64 main contrib non-free
EOF
   fi

fi
echo "--------------------------------------- stage 8 ---------------------------------------"

chroot ${CHROOT_DIR} apt update
chroot ${CHROOT_DIR} env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y dist-upgrade

echo "--------------------------------------- stage 9 ---------------------------------------"
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install $PLASMA_MOBILE_PKGS
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install fonts-noto-color-emoji astra-mobile-kcms
#if [[ "${CODENAME}" !=  "1."[8]"_x86-64"  ]]; then
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install ifdnfc
#fi

if [[ "${ARCH}" ==  "x86_64" ]]; then
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install intel-media-va-driver-non-free
fi


chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get -y --no-install-recommends install --reinstall fly-dm fly-qdm
echo "--------------------------------------- stage 10 ---------------------------------------"
if [[ "${ARCH}" ==  "x86_64" ]]; then
    if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install firmware-t8s-5.15
    fi
    if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install firmware-t8s-6.1
    fi
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install intel-media-va-driver-non-free
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-libnfc-nci
fi

#clean
if [[ "${CODENAME}" !=  "1."[8]"_x86-64"  ]]; then
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt -y purge fly-videocamera
fi
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt -y purge guvcview pavucontrol
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge k3b k3b-i18n kde-spectacle
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge thunderbird-locale-ru
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge thunderbird
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge synaptic 
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge kmix
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge ntp
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge fly-run
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge fly-admin-driver fly-admin-marker kinfocenter gparted
chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge fly-print-station fly-admin-kiosk fly-admin-network fly-admin-usbip fly-admin-usbip-helper
#chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge fly-admin-gmc fly-admin-digsig fly-admin-gmc fly-admin-local fly-admin-local-se fly-admin-mic fly-admin-security-monitor
#x openbox #x chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge libhwloc-dev libltdl-dev libopenmpi-dev automake autotools-dev libibverbs-dev libnl-3-dev libnl-route-3-dev libtool gcc gcc-8 libgcc-8-dev libnuma-dev manpages-dev libc6-dev linux-libc-dev linux-libc-dev-5.4.0-162 libc-dev-bin

if [[ "${ARCH}" ==  "x86_64" ]]; then
    if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image*hardened* 
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image*lowlatency* linux-image-6*
    fi
    if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
                chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image-6.6* linux-astra-modules-6.6* linux-image*debug* firmware*debug*
    fi
fi

if [[ "${ARCH}" ==  "arm64" ]]; then
    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-5.15-generic
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install astra-lt11-helper firmware-lt11-5.15
    fi
    if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-libnfc-nci
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --allow-downgrades --no-install-recommends install astra-kvadrat-helper rkdeveloptool rkaiq-rk3588 nxp-nfc rkwifibt-dev-tools rkwifibt-firmware-brcm
# chromium=1:114.0.5735.198-0astragost0+ci202401312212+astra5+ci4 chromium-codecs-ffmpeg-extra=1:114.0.5735.198-0astragost0+ci202401312212+astra5+ci4 chromium-common=1:114.0.5735.198-0astragost0+ci202401312212+astra5+ci4 chromium-l10n=1:114.0.5735.198-0astragost0+ci202401312212+astra5+ci4 chromium-sandbox=1:114.0.5735.198-0astragost0+ci202401312212+astra5+ci4
#=1.0.0-1+astra1 =1.0.0-1+astra1
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install gstreamer1.0-rockchip1
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --allow-downgrades --no-install-recommends install libfly-camera-plugin-kvadrat librockchip-mpp1 librockchip-vpu0 libv4l-rkmpp
    fi
fi

#arm64 deb addons (xwayland adduser override FIXME)
if [[ "${ARCH}" ==  "arm64" ]]; then
    if [[ -d "${K3WRK_DIR}/apt-arm64" ]]; then
        cp -Rf ${K3WRK_DIR}/apt-arm64 "$CHROOT_DIR"/opt/
        chroot "$CHROOT_DIR" /opt/apt-arm64/install-debs

        #if [[ -d "${CHROOT_DIR}/opt/apt-arm64" ]]; then
        #    chroot "$CHROOT_DIR" rm -rf /opt/apt-arm64
        #fi
    fi
fi


if [[ "${ARCH}" ==  "x86_64" ]]; then
    #libinput-tools
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install libinput-tools
fi

if [[ "${ARCH}" ==  "x86_64" ]]; then
    #demo files and apps #DELME_IN_RELEASE
    [[ -d ${K3WRK_DIR}/demo ]] && cp -Rf ${K3WRK_DIR}/demo "$CHROOT_DIR"/opt/
    #dpkg addons
    if [[ -d ${K3WRK_DIR}/apt ]] ; then
        cp -Rf ${K3WRK_DIR}/apt "$CHROOT_DIR"/opt/
        chroot "$CHROOT_DIR" /opt/apt/install-debs
        if [[ -d "${CHROOT_DIR}/opt/apt" ]]; then
            chroot "$CHROOT_DIR" rm -rf /opt/apt
        fi
    fi

fi


chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get -y --no-install-recommends install --reinstall fly-dm fly-qdm
#1.8 post fixes
if [[ "${ARCH}" ==  "x86_64" ]]; then
    if [[ "${CODENAME}" ==  "1."[8]"_x86-64"  ]]; then
        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge fly-notifications
    fi
fi

#xxx#
echo "--------------------------------------- stage 11 ---------------------------------------"

#xxx#    touch ${CHROOT_DIR}/var/cache/astra-mobile/need_change_password
#OEM pass change step
mkdir -p ${CHROOT_DIR}/var/cache/astra-mobile
touch ${CHROOT_DIR}/var/cache/astra-mobile/start_setup_wizard
chroot "$CHROOT_DIR" /root/hardware/all/enable_autologin


#new hooks
#chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get -y --no-install-recommends install --reinstall astra-plasma-mobile-configs
#sed -i "s/.*linux-image-5.15.0-33-lowlatency.*//" ${CHROOT_DIR}/usr/sbin/astra-mobile-rootfs-update
#chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE /sbin/astra-mobile-postinst


#xxx##polkit to disable root pass question
#xxx#cat > ${CHROOT_DIR}/etc/polkit-1/localauthority.conf.d/99-astra-admin.conf << EOF
#xxx#[Configuration]
#xxx#AdminIdentities=unix-group:astra-admin
#xxx#EOF


#arm64 deb addons (xwayland adduser override FIXME)
if [[ "${ARCH}" ==  "arm64" ]]; then
    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
        echo "nt36xxx_main" > "$CHROOT_DIR"/etc/modules-load.d/nt36xxx_main.conf
    fi
    echo "arm64 addons"
#oem without security modes
#    echo "[Modules]" > "$CHROOT_DIR"/etc/xdg/astramobilewizard
#    echo "ignore=license" >> "$CHROOT_DIR"/etc/xdg/astramobilewizard

#    if [[ -d "${K3WRK_DIR}/apt-arm64" ]]; then
#        cp -Rf ${K3WRK_DIR}/apt-arm64 "$CHROOT_DIR"/opt/
#        chroot "$CHROOT_DIR" /opt/apt-arm64/install-debs
#        if [[ -d "${CHROOT_DIR}/opt/apt-arm64" ]]; then
#            chroot "$CHROOT_DIR" rm -rf /opt/apt-arm64
#        fi
#    fi
fi

#xxx#cp -Rf ${K3WRK_DIR}/hardware "$CHROOT_DIR"/root

else 
#installer part 
#dir for addons
mkdir -p "$CHROOT_DIR"/opt/deb
#
#    if [[ "${ARCH}" ==  "x86_64" ]]; then
#        cp -f ${K3WRK_DIR}/apt/linux* "$CHROOT_DIR"/opt/apt/
#        cp -f ${K3WRK_DIR}/apt/install-debs "$CHROOT_DIR"/opt/apt/
#        chroot "$CHROOT_DIR" /opt/apt/install-debs
#    fi
#
#    if [ -d "${CHROOT_DIR}/opt/apt" ]; then
#        chroot "$CHROOT_DIR" rm -rf /opt/apt
#    fi
fi

#linux 5.15 install from 1.7.2
#cat << EOF | sudo tee -a ${CHROOT_DIR}/etc/apt/sources.list
#deb ftp://192.168.41.31/incoming/repo-1.7.2-test 1.7_x86-64 contrib main non-free
#EOF
#    chroot ${CHROOT_DIR} apt update
#    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-image-5.15.0-33-generic linux-firmware

#if [[ -z "${INSTALLER_IMAGE// }" ]]; then

    if [[ "${ARCH}" ==  "x86_64" ]]; then
#1.7.1        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y remove linux-image-5.4.0-81-generic
#1.7.1 chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y removelinux-image-5.4.0-81-hardened
#        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install linux-image-5.15.0-33-generic linux-firmware
        if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
            chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image*hardened* linux-image*lowlatency* linux-image-6*
        fi
#linux-image-5.4.0-162-hardened linux-image-6.1.29-1-generic
   fi
#    if [[ "${ARCH}" ==  "arm64" ]]; then
#        chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image-5.4*
#        if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
#            chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image-5.10.190-1-generic
#            chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image-5.15.0-83-generic
#            chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y purge linux-image-5.15-generic
#        fi
#linux-image-5.4.0-162-generic
#    fi
#fi

if [[ ! -z "${INSTALLER_IMAGE// }" ]]; then

# if [[ "${CODENAME}" !=  "1."[8]"_x86-64"  ]]; then
    #hard disable parsec module(plasma-mobile)
    chroot "$CHROOT_DIR" find /lib/modules/ -name "parsec*" -exec rm -f {} \;
    chroot "$CHROOT_DIR" find /lib/modules/ -name "digsig_verif*" -exec rm -f {} \;
# fi

    KERNELVERSION=`ls "$CHROOT_DIR"/boot/vmlinuz-* | sed -e "s/.*\/boot\/vmlinuz-//"`
    chroot "$CHROOT_DIR" depmod ${KERNELVERSION}
#    if [[ -f ${CHROOT_DIR}/usr/share/initramfs-tools/scripts/init-top/digsig_initramfs ]] ; then
#        rm -f ${CHROOT_DIR}/usr/share/initramfs-tools/scripts/init-top/digsig_initramfs
#    fi
    chroot "$CHROOT_DIR" update-initramfs -u -k all

    #disable audit
    chroot "$CHROOT_DIR" systemctl disable auditd.service
    chroot "$CHROOT_DIR" systemctl mask auditd.service
    chroot "$CHROOT_DIR" systemctl disable systemd-journald-audit.socket
    chroot "$CHROOT_DIR" systemctl mask systemd-journald-audit.socket

    #set autologin
    sed -i "s/sbin\/agetty.*--noclear/sbin\/getty -a root --noclear/" ${CHROOT_DIR}/lib/systemd/system/getty@.service
    #autostart
    echo "/opt/astra-mobile-install-tui" >> ${CHROOT_DIR}/root/.bashrc
fi

echo "--------------------------------------- stage 12 ---------------------------------------"


if [[ -z "${INSTALLER_IMAGE// }" ]]; then

#orel
#cat > "$CHROOT_DIR/etc/astra_license" << EOF
#MODE=0
#DESCRIPTION=base(orel)
#URL=https://astralinux.ru/information/licenses
#EOF

#voronezsh
cat > "${CHROOT_DIR}/etc/astra_license" << EOF
MODE=1
DESCRIPTION=advanced(voronezh)
URL=https://astralinux.ru/information/licenses
EOF

    echo "--------------------------------------- stage 14 ---------------------------------------"

#---------------------------------------------------------------------------
    #install demo files
    #tar -zxvf ${K3WRK_DIR}/addon/demo-files-astra.tgz -C "${CHROOT_DIR}/home/${ADMIN_USER_NAME}"

    #chown admin home
    chroot "$CHROOT_DIR" chown -R "${ADMIN_USER_NAME}:${ADMIN_USER_NAME}" "/home/${ADMIN_USER_NAME}"

    #disable services default state
    chroot "$CHROOT_DIR" systemctl disable ssh
    chroot "$CHROOT_DIR" systemctl disable exim4
#    chroot "$CHROOT_DIR" systemctl disable cups

    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE apt-get $APT_OPTIONS -y --no-install-recommends install --reinstall plasma-workspace-data astra-plasma-mobile-configs astra-mobile-theme
    chroot "$CHROOT_DIR" env $ENV_NONINTERACTIVE /sbin/astra-mobile-postinst

    if [[ -f ${K3WRK_DIR}/mobile_version ]] ; then
        #override version
        mkdir -p "$CHROOT_DIR"/etc/astra/
        echo ${ASTRA_MOBILE_VERSION} > "$CHROOT_DIR"/etc/astra/mobile_version
    fi

    chroot "$CHROOT_DIR" update-mime-database /usr/share/mime/

if [[ "${ARCH}" ==  "arm64" ]]; then
    echo "#!/bin/sh" > "$CHROOT_DIR"/etc/rc.local
    echo "echo \"performance\" > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor" >> "$CHROOT_DIR"/etc/rc.local
    echo "exit 0" >> "$CHROOT_DIR"/etc/rc.local
    chmod 755 "$CHROOT_DIR"/etc/rc.local
fi

if [ -d "$CHROOT_DIR"/etc/parsec/micdb ]; then
    echo "administrator:3f" > "$CHROOT_DIR"/etc/parsec/micdb/1000
    chmod 0640 "$CHROOT_DIR"/etc/parsec/micdb/1000
    chown 0.1000 "$CHROOT_DIR"/etc/parsec/micdb/1000
fi




  if [[ "${ARCH}" ==  "x86_64" ]]; then

    sed -i "s/GRUB_TIMEOUT.*/GRUB_TIMEOUT=0/" "$CHROOT_DIR"/etc/default/grub
#?    echo "GRUB_HIDDEN_TIMEOUT=1" >> "$CHROOT_DIR"/etc/default/grub
#?    echo "GRUB_HIDDEN_TIMEOUT_QUIET=\"true\"" >> "$CHROOT_DIR"/etc/default/grub
    echo "GRUB_DISABLE_LINUX_RECOVERY=\"true\"" >> "$CHROOT_DIR"/etc/default/grub
    echo "GRUB_DISABLE_SUBMENU=\"true\"" >> "$CHROOT_DIR"/etc/default/grub
#    if grep -q splash "$CHROOT_DIR"/etc/default/grub ; then
#        echo "already have splash in "$CHROOT_DIR"/etc/default/grub"
#    else
#        sed -i "s/quiet/quiet\ splash\ psi=1\ net.ifnames=0\ video=panel_orientation=right_side_up/ " "$CHROOT_DIR"/etc/default/grub
#    fi

  fi

    #---------------------------------------------------------------------------
else
  if [[ "${ARCH}" ==  "x86_64" ]]; then
    sed -i "s/GRUB_TIMEOUT.*/GRUB_TIMEOUT=0/" "$CHROOT_DIR"/etc/default/grub
    echo "GRUB_HIDDEN_TIMEOUT=2" >> "$CHROOT_DIR"/etc/default/grub
    echo "GRUB_HIDDEN_TIMEOUT_QUIET=\"true\"" >> "$CHROOT_DIR"/etc/default/grub
  fi
fi

echo "--------------------------------------- stage 14 ---------------------------------------"

if [[ "${ARCH}" ==  "x86_64" ]]; then
    APTSRCPREFIX="1.7_x86-64"
fi

if [[ "${ARCH}" ==  "arm64" ]]; then
    APTSRCPREFIX="4.7_arm"
#LT11
    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
cat > "$CHROOT_DIR"/etc/fstab << EOF
/dev/mmcblk1p1 /boot vfat defaults 0 2
/dev/mmcblk1p2 / ext4 defaults 0 1
EOF
    fi
    if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
cat > "$CHROOT_DIR"/etc/fstab << EOF
PARTLABEL=opt    /opt  ext4 defaults 0 2
PARTLABEL=rootfs /     ext4 defaults 0 1
PARTLABEL=home   /home ext4 defaults 0 2
EOF

#sed -i "s/deep/s2idle/" "$CHROOT_DIR"/usr/lib/systemd/system/system-suspend-mode-setup.service
fi
#####
#x    rm -rf "$CHROOT_DIR"/lib/modules/5.4*
#x    rm -f "$CHROOT_DIR"/boot/*5.4*
    #ARM qemu-user-static
    ls -la "$CHROOT_DIR"/usr/bin/ldd*
    cp -f "$CHROOT_DIR"/usr/bin/ldd "$CHROOT_DIR"/usr/bin/ldd-orig
    cp -f "$CHROOT_DIR"/usr/bin/ldd.qemu "$CHROOT_DIR"/usr/bin/ldd
    ls -la "$CHROOT_DIR"/usr/bin/ldd*
    chroot "$CHROOT_DIR" update-initramfs -u -k all
#    cp -f "$CHROOT_DIR"/usr/bin/ldd-orig "$CHROOT_DIR"/usr/bin/ldd
    ls -la "$CHROOT_DIR"/usr/bin/ldd*
fi

if [[ -f "$CHROOT_DIR"/etc/X11/fly-dm/fly-dmrc ]] ; then
    sed -i "s/UserList=.*/UserList=true/" "$CHROOT_DIR"/etc/X11/fly-dm/fly-dmrc
    sed -i "s/PreselectUser=.*/PreselectUser=Previous/" "$CHROOT_DIR"/etc/X11/fly-dm/fly-dmrc
fi

#restore etalon sources
if [[ "${ARCH}" ==  "x86_64" ]]; then
if [ -d ${CHROOT_DIR} ]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb http://download.astralinux.ru/astra/stable/${APTSRCPREFIX}/repository-base/ ${CODENAME} main contrib non-free
deb http://download.astralinux.ru/astra/stable/${APTSRCPREFIX}/repository-extended/ ${CODENAME} main contrib non-free
EOF
fi
else
if [ -d ${CHROOT_DIR} ]; then
if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb http://download.astralinux.ru/astra/stable/${APTSRCPREFIX}/repository-base/ ${CODENAME} imx8 main contrib non-free
deb http://download.astralinux.ru/astra/stable/${APTSRCPREFIX}/repository-extended/ ${CODENAME} main contrib non-free
EOF
fi
if [[ "${MACHINE_TYPE}" == "KVADRAT.arm64"* ]]; then
cat > "${CHROOT_DIR}"/etc/apt/sources.list << EOF
deb http://download.astralinux.ru/astra/stable/${APTSRCPREFIX}/repository-base/ ${CODENAME} kvadrat main contrib non-free
deb http://download.astralinux.ru/astra/stable/${APTSRCPREFIX}/repository-extended/ ${CODENAME} main contrib non-free
EOF
fi
fi
fi

#${BASE_REPO}
if [[ "${ARCH}" ==  "x86_64" ]]; then
    if [[ "${CODENAME}" ==  "1."[7]"_x86-64"  ]]; then
        chroot ${CHROOT_DIR} apt update
        #sudo chroot ${CHROOT_DIR} apt autoremove --purge -V -y
        chroot ${CHROOT_DIR} apt clean
    fi
fi

umount ${CHROOT_DIR}/sys
pop_err_handler
umount ${CHROOT_DIR}/proc
pop_err_handler
umount ${CHROOT_DIR}/dev/pts
pop_err_handler
#sudo umount ${CHROOT_DIR}/dev
#pop_err_handler

if [[ -z "${INSTALLER_IMAGE// }" ]]; then
    tar --acls --xattrs -cpf rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar -C ${CHROOT_DIR} .
    gzip --fast rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar
    md5sum rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz > rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz.md5
    gostsum -d rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz > rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz.gost
else
    tar --acls --xattrs -cpf installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar -C ${CHROOT_DIR} .
    gzip --fast installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar
    md5sum installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz > installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz.md5
    gostsum -d installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz > installer-rootfs-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz.gost
fi

if [[ "${ARCH}" ==  "arm64" ]]; then
    if [[ "${MACHINE_TYPE}" == "LT11.arm64"* ]]; then
        tar --exclude='vmlinuz' --exclude='vmlinuz.old' --exclude='initrd.img*' --exclude="grub" -cpf boot-part1-$CODENAME-$EDITION-$ARCH$TYPE.tar -h -C ${CHROOT_DIR}/boot .
        gzip --fast boot-part1-$CODENAME-$EDITION-$ARCH$TYPE.tar
        md5sum boot-part1-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz > boot-part1-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz.md5
        gostsum -d boot-part1-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz > boot-part1-$CODENAME-$EDITION-$ARCH$TYPE.tar.gz.gost
        cp -f "$CHROOT_DIR"/usr/share/u-boot-imx8/flash.bin ${K3WRK_DIR}/flash.bin
    fi
fi

trap - EXIT SIGINT SIGTERM
echo "DONE"
