#!/usr/bin/env bash
# Configure the apparmor.d package
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

readonly ROOT=.build

_die()  { printf '%s\n' "$*" >&2 && exit 1; }
_warning() { printf '  Warning: %s\n' "$*" >&2; }

# Displace files in the package sources
# $@ List of files to displace
_displace_files() {
	for path in "$@"; do
		mv "${ROOT:?}/$path" "${ROOT:?}/$path.apparmor.d"
	done
}

# Initialise a new clean apparmor.d build directory
initialise() {
	rm -rf "${ROOT:?}" && rsync -a --exclude=.git . "$ROOT"
}

# Set the distribution specificities
configure() {
	echo "Set the configuration for $DISTRIBUTION."

	echo "  Ignore profiles in profiles.ignore."
    while read -r profile; do
		[[ "$profile" =~ ^\# ]] && continue
		if [[ "$profile" == */ ]]; then
			find "$ROOT/apparmor.d" -iname "${profile////}" -type d -exec rm -r {} \; 
		else
			find "$ROOT/apparmor.d" -iname "$profile" -type f -exec rm {} \;
		fi
    done <profiles.ignore

	case "$DISTRIBUTION" in
		archlinux)
			echo "  Ignore non Archlinux profiles."
			rm -rf \
				"${ROOT:?}"/apparmor.d/abstractions/apt-common \
				"${ROOT:?}"/apparmor.d/groups/apt \
				"${ROOT:?}"/apparmor.d/groups/cron

			;;

		debian)
			echo "  Ignore non Debian profiles."
			rm -rf \
				"${ROOT:?}"/apparmor.d/groups/pacman \
				"${ROOT:?}"/root/usr/share/libalpm/hooks/apparmor.hook

			echo "  Debian does not support abi 3.0 yet."
			find "$ROOT/apparmor.d" -type f  -exec sed -i -e "s;abi <abi/3.0>,;;" {} \;

			echo "  Debian does not have etc tunable."
			sed -i -e '/etc/d' "$ROOT/apparmor.d/tunables/global"

			echo "  Displace overwritten files."
			_displace_files apparmor.d/tunables/global apparmor.d/tunables/xdg-user-dirs

			;;

		*)  _die "$DISTRIBUTION is not a supported distribution." ;;
	esac
}

# Synchronise all profile in a new apparmor.d directory.
synchronise() {
	echo "Synchronise all profiles."
	mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
	rm -rf "${ROOT:?}/apparmor.d/groups/"
	for dir in profiles-a-f profiles-g-l profiles-m-r profiles-s-z; do
		mv "${ROOT:?}/apparmor.d/$dir/"* "${ROOT:?}/apparmor.d/"
		rm -rf "${ROOT:?}/apparmor.d/$dir"
	done
}

# Set flags on some profile
setflags() {
	echo "Set apparmor flags from profiles.flags"
    while read -r profile; do
        IFS=' ' read -r -a manifest <<< "$profile"
        profile="${manifest[0]}" flags="${manifest[1]}"

        [[ "$profile" =~ ^\# || -z "$profile" ]] && continue
		path="${ROOT:?}/apparmor.d/$profile"
        if [[ ! -f "$path" ]]; then
			_warning "Profile $profile not found"
			continue
		fi

		# If flags is set, overwrite profile flag
        if [[ -n "$flags" ]]; then
			# Remove all flags definition, then set manifest' flags
			sed -e "s/flags=(.*)//" \
			 	-e "s/ {$/ flags=(${flags//,/ }) {/" \
				-i "$path"
        fi

    done <profiles.flags
}

# Print help message
cmd_help() {
	cat <<-_EOF
	./configure [options] - Configure the apparmor.d package

	Options:
	    --distribution=DIST Set the target Linux distribution: archlinux, debian
	    --help              Print this help message and exit.
	_EOF
}

main() {
	local opts err
	opts="$(getopt -o h -l distribution:,help -n "$PROGRAM" -- "$@")"
	err=$?
	eval set -- "$opts"
	while true; do case $1 in
		--distribution) DISTRIBUTION="$2"; shift 2 ;;
		-h|--help) shift; cmd_help; exit 0 ;;
		--) shift; break ;;
	esac done

	[[ $err -ne 0 ]] && { cmd_help; exit 1; }

	initialise
	configure
	synchronise
	setflags

	exit 0
}

main "$@"