#!/bin/sh
# This script installs a building environment using sbuild as a
# builder for the "gbp buildpackage" command line. The sbuild
# chroot uses an union FS (ie: AUFS in Jessie and Trusty,
# OverlayFS on newer kernels) as this is the fastest backend,
# and that unionFS scratch disk is stored on tmpfs, as this
# is the fastest way to run sbuild.

# Author: Thomas Goirand <zigo@debian.org>
# License: Apache-2.0

set -e
set -x

BUILDER_SYS_USERNAME="jenkins"
BUILDER_HOMEDIR=/home/jenkins
GITREPO_ROOT=${WORKSPACE}

# Some configuration stuff
CLOSEST_DEBIAN_MIRROR=http://httpredir.debian.org/debian

PATH=/usr/bin:/usr/sbin:/bin:/sbin
APT="DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends"

detect_distro () {
    DISTRO_VENDOR=$(lsb_release --id -s | awk '{print tolower($0)}')
    DISTRO_NAME=$(lsb_release -c -s)
}

disable_init_start () {
    TMPFILE=$(mktemp)
    echo "#!/bin/sh

exit 101

" >${TMPFILE}
    sudo cp ${TMPFILE} /usr/sbin/policy-rc.d
    sudo chmod +x /usr/sbin/policy-rc.d
    rm ${TMPFILE}
}

enable_init_start () {
    sudo rm -f /usr/sbin/policy-rc.d
}

install_all_software () {
    echo "===> Installing required packages to run sbuild"
    sudo ${APT} git-buildpackage debhelper eatmydata build-essential \
        python-setuptools fakeroot python3-all python-all \
        python3-setuptools pristine-tar dh-autoreconf ssl-cert \
        dh-python dh-systemd python-sphinx sudo debootstrap \
        openstack-pkg-tools lintian lsb-release gem2deb gnupg sbuild
}

configure_dotgitconfig () {
    git config user.name "OpenStack Package Builder"
    git config user.email "openstack-infra@lists.openstack.org"
}

# This key will be used to sign the built package
gen_package_build_key () {
    echo "===> Generating builder's GPG key to sign packages"
    mkdir -p ${BUILDER_HOMEDIR}/.gnupg
    chmod 700 ${BUILDER_HOMEDIR}/.gnupg
    chmod 700 ${BUILDER_HOMEDIR}/.gnupg
    if ! [ -r ${BUILDER_HOMEDIR}/.gnupg/gpg.conf ] ; then
        echo "keyserver hkp://pool.sks-keyservers.net
personal-digest-preferences SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA256
" >${BUILDER_HOMEDIR}/.gnupg/gpg.conf
    fi
    if ! [ -r ${BUILDER_HOMEDIR}/.gnupg/pkgos-gen-key-batchfile ] ; then
        echo "
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 4096
Name-Real: Autogenerated key
Name-Email: ${BUILDER_SYS_USERNAME}@"`hostname --fqdn`"
Expire-Date: 0
" >${BUILDER_HOMEDIR}/.gnupg/pkgos-gen-key-batchfile
    fi
    gpg --gen-key --batch ${BUILDER_HOMEDIR}/.gnupg/pkgos-gen-key-batchfile
}

configure_sbuild () {
    echo "===> Setting-up sbuild's GPG key"
    # Setup the gpg key for sbuild
    sudo mkdir -p /root/.gnupg
    sudo chmod 600 /root/.gnupg
    sudo gpg --list-keys
    sudo sbuild-update --keygen

    # Add the builder as a sbuild user
    sudo sbuild-adduser ${BUILDER_SYS_USERNAME}

    echo "===> Creating sbuild's schroot chroot using a directory backend (ie: not tarball)"
    # Create the actual schroot env
    if ! [ -e /var/lib/sbuild/${DISTRO_NAME} ] ; then
        sudo sbuild-createchroot ${DISTRO_NAME} /var/lib/sbuild/${DISTRO_NAME} ${CLOSEST_DEBIAN_MIRROR}
    fi

    # Let's use a RAMDISK for sbuild chroot to build packages:
    # that's much faster than the HDD backend
    echo "===> Mounting /var/lib/schroot/union/{overlay,underlay} using tmpfs to speed-up build"
    TMPFILE=$(mktemp)
    cp /etc/fstab ${TMPFILE}
    echo "tmpfs           /var/lib/schroot/union/overlay        tmpfs defaults        0       0
tmpfs           /var/lib/schroot/union/underlay        tmpfs defaults        0       0" >>${TMPFILE}
    sudo cp ${TMPFILE} /etc/fstab
    rm ${TMPFILE}
    sudo mount /var/lib/schroot/union/overlay
    sudo mount /var/lib/schroot/union/underlay

    echo "===> Fixing-up newly created schroot's chroot config and /etc/git-buildpackage/gbp.conf"
    # Make sure git-buildpackage is using sbuild
    sudo sed -i 's/^[ #\t]*builder[ #\t]*=.*/builder = sbuild -v --no-apt-update/' /etc/git-buildpackage/gbp.conf
    # Disable clean outside of the chroot (note: this actually doesn't work due to a bug,
    # but let's keep it there still, when we found out how to fix git-buildpackage).
    sudo sed -i 's/^[ #\t]*cleaner[ #\t]*=.*/cleaner = \/bin\/true/' /etc/git-buildpackage/gbp.conf

    # Fetch the full chroot.d filename
    SBUILD_CHROOTD_FN=$(ls /etc/schroot/chroot.d/${DISTRO_NAME}-amd64-sbuild-*)

    # Switch from tarball to directory (ie: aufs) based build
    # (again, that's much faster...)
    sudo sed -i -e "s/^[ \t]*type[ \t]*=.*/type=directory/" ${SBUILD_CHROOTD_FN}
    # Tell that we'd like to use AUFS as backend for union FS
    # note that for Stretch and Xenial, we should switch to overlay instead
    case ${DISTRO_NAME} in
    jessie|trusty)
        UNION_TYPE=aufs
    ;;
    *)
        UNION_TYPE=overlay
    ;;
    esac
    if ! grep -q union-type ${SBUILD_CHROOTD_FN} ; then
        TMPFILE=$(mktemp)
        cp ${SBUILD_CHROOTD_FN} ${TMPFILE}
        echo "union-type=${UNION_TYPE}" >>${TMPFILE}
        sudo cp ${TMPFILE} ${SBUILD_CHROOTD_FN}
        rm ${TMPFILE}
    fi
    # Just to make sure in case union-type was there already (it's normally not there),
    # we overwrite it.
    sudo sed -i -e "s/^[ \t]*union-type[ \t]*=.*/union-type=${UNION_TYPE}/" ${SBUILD_CHROOTD_FN}

    # Configure ~/.sbuildrc to use our new sbuild chroot
    GPG_KEY_ID=$(gpg --list-keys ${BUILDER_SYS_USERNAME} | grep ^pub | awk '{print $2}' | cut -d/ -f2)
    DOT_SBUILDRC_PATH=${BUILDER_HOMEDIR}/.sbuildrc
    if ! [ -r "${DOT_SBUILDRC_PATH}" ] ; then
        echo "\$build_arch_all = 1;
\$build_source = 1;
\$distribution = '"${DISTRO_NAME}"';
# We may run lintian by hand later on
# not need to get git-buildpackage to do it
\$run_lintian = 0;

# In case we decide to no sign packages, uncomment this:
#\$pgp_options = '-us -uc';

\$key_id = '${GPG_KEY_ID}';

# This is for perl, just leave it...
1;
" >${DOT_SBUILDRC_PATH}
    fi
}

detect_distro
disable_init_start
install_all_software
configure_dotgitconfig
gen_package_build_key
configure_sbuild
enable_init_start
