#!/bin/sh -e

PREREQ=""

prereqs()
{
	echo "$PREREQ"
}

case $1 in
# get pre-requisites
prereqs)
	prereqs
	exit 0
	;;
esac

###DEBUG
###ls -all /etc/digsig
###env

mkdir -p $DESTDIR/etc/digsig

lam=$(dpkg-query -W linux-astra-modules-$version | awk -F'\t' '{print $2}')

log_conf()
{
    local -A data
    local log DIFF line key value

    if [ -f "$1.old" ]; then
        DIFF=$(diff "$1.old" $1 || true)
        log=''

        while read line; do
            if [[ $line == "< "* ]]; then
                key=$(echo $line | sed 's/< //g' | awk -F= '{print $1}')
                value=$(echo $line | sed 's/< //g' | awk -F= '{print $2}')
                data[$key]=$value
            elif [[ $line == "> "* ]]; then
                key=$(echo $line | sed 's/> //g' | awk -F= '{print $1}')
                value=$(echo $line | sed 's/> //g' | awk -F= '{print $2}')
                log+="$key:${data[$key]} => $value;"
            fi
        done <<< "$DIFF"

        if [ ! -z "$log" ]; then
            echo "$(date +'%Y-%m-%d %H:%M:%S') type=CHANGECONF uid=$SUDO_UID lam=$lam ch=$log" >> /var/log/digsig 
        fi
    fi
}

log_diff()
{
    local -A data
    local log DIFF line

    if [ -f "$1.old" ]; then
        DIFF=$(diff "$1.old" $1 || true)
        data['old']=''
        data['new']=''

        while read line; do
            if [[ $line == "< "* ]]; then
                data['old']+=$(echo $line | sed 's/< //g')
            elif [[ $line == "> "* ]]; then
                data['new']+=$(echo $line | sed 's/> //g')
            fi
        done <<< "$DIFF"

        log="$2:${data['old']} => ${data['new']};"
        if [ ! -z "$DIFF" ]; then
            echo "$(date +'%Y-%m-%d %H:%M:%S') type=CHANGECONF uid=$SUDO_UID lam=$lam ch=$log" >> /var/log/digsig
        fi
    fi
}

log_rev()
{
    local key DIFF line

    if [ -f "$1.old" ]; then
        DIFF=$(diff "$1.old" $1 || true)

        while read line; do
            if [[ $line == "> "* ]]; then
                key=$(echo $line | sed 's/> //g')
                echo "$(date +'%Y-%m-%d %H:%M:%S') type=REVOKEKEY uid=$SUDO_UID path=/etc/digsig/revoked_keys lam=$lam id=$key res=$2" >> /var/log/digsig
            fi
        done <<< "$DIFF"
    fi
}

# workaroud for installer due to *.conf.dpkg-new
if [ ! -e /etc/digsig/digsig_initramfs.conf ]; then
    echo "Cant found /etc/digsig/digsig_initramfs.conf, enable enforce mode"
    echo "DIGSIG_ELF_MODE=1" >  $DESTDIR/etc/digsig/digsig_initramfs.conf
    exit 0;
fi

if [ ! -e /etc/digsig/xattr_control ]; then
    echo "Cant found /etc/digsig/xattr_control"
    exit 0;
fi

log_conf /etc/digsig/digsig_initramfs.conf
cp /etc/digsig/digsig_initramfs.conf /etc/digsig/digsig_initramfs.conf.old
cp /etc/digsig/digsig_initramfs.conf.old $DESTDIR/etc/digsig
log_diff /etc/digsig/xattr_control xattr_control
cp /etc/digsig/xattr_control /etc/digsig/xattr_control.old
cp /etc/digsig/xattr_control.old $DESTDIR/etc/digsig
#log_diff /etc/digsig/not_control not_control
#cp /etc/digsig/not_control /etc/digsig/not_control.old
#cp /etc/digsig/not_control.old $DESTDIR/etc/digsig

cp /etc/digsig/digsig_initramfs.conf $DESTDIR/etc/digsig
cp /etc/digsig/build_system_rbt_root_key_2018.gpg $DESTDIR/etc/digsig
cp /etc/digsig/partners_rbt_root_key_2018.gpg $DESTDIR/etc/digsig
cp -r /etc/digsig/keys $DESTDIR/etc/digsig
cp -r /etc/digsig/xattr_keys $DESTDIR/etc/digsig
cp  /etc/digsig/xattr_control $DESTDIR/etc/digsig
cp -r /etc/digsig/certs $DESTDIR/etc/digsig
cp -r /etc/digsig/external_sig $DESTDIR/etc/digsig
#cp /etc/digsig/not_control $DESTDIR/etc/digsig

# Copy the file only if it exists.
# Return false only if the copy operation is failed. Otherwise, always return true.
true
if [ -f /etc/digsig/revoked_keys ]; then
    cp /etc/digsig/revoked_keys $DESTDIR/etc/digsig
    if [ $? -ne 0 ]; then  # Log diff new with old keys and name it fail
        log_rev /etc/digsig/revoked_keys fail
        false
    else  # Log diff new with old keys and copy them
        log_rev /etc/digsig/revoked_keys success
        cp /etc/digsig/revoked_keys /etc/digsig/revoked_keys.old && \
        cp /etc/digsig/revoked_keys.old $DESTDIR/etc/digsig || \
        false
    fi
fi

