// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package prepare

import (
	"fmt"
	"strings"

	"github.com/arduino/go-paths-helper"
	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
	"github.com/roddhjav/apparmor.d/pkg/util"
)

type Configure struct {
	cfg.Base
}

func init() {
	RegisterTask(&Configure{
		Base: cfg.Base{
			Keyword: "configure",
			Msg:     "Set distribution specificities",
		},
	})
}

func (p Configure) Apply() ([]string, error) {
	res := []string{}
	switch cfg.Distribution {
	case "arch", "opensuse":

	case "ubuntu":
		debianOverwriteClean()
		if cfg.Overwrite {
			profiles := getOverwriteProfiles()
			debianOverwrite(profiles)
		} else {
			if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {
				return res, err
			}
		}

	case "debian", "whonix":
		debianOverwriteClean()

		// Copy Debian specific abstractions
		if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {
			return res, err
		}

	default:
		return []string{}, fmt.Errorf("%s is not a supported distribution", cfg.Distribution)

	}
	return res, nil
}

// Overwrite upstream profile: rename our profile & hide upstream
func debianOverwrite(files []string) {
	const ext = ".apparmor.d"
	file, err := paths.New("debian/apparmor.d.hide").Append()
	if err != nil {
		panic(err)
	}
	for _, name := range files {
		origin := cfg.RootApparmord.Join(name)
		dest := cfg.RootApparmord.Join(name + ext)
		if err := origin.Rename(dest); err != nil {
			panic(err)
		}
		if _, err := file.WriteString("/etc/apparmor.d/" + name + "\n"); err != nil {
			panic(err)
		}
	}
}

// Clean the debian/apparmor.d.hide file
func debianOverwriteClean() {
	const debianHide = `# This file is generated by "make", all edit will be lost.

/etc/apparmor.d/usr.bin.firefox
/etc/apparmor.d/usr.sbin.cups-browsed
/etc/apparmor.d/usr.sbin.cupsd
/etc/apparmor.d/usr.sbin.rsyslogd
`
	path := paths.New("debian/apparmor.d.hide")
	if err := path.WriteFile([]byte(debianHide)); err != nil {
		panic(err)
	}
}

// Get the list of upstream profiles to overwrite from dist/overwrite
func getOverwriteProfiles() []string {
	res := []string{}
	lines, err := cfg.DistDir.Join("overwrite").ReadFileAsLines()
	if err != nil {
		panic(err)
	}
	for _, line := range lines {
		if strings.HasPrefix(line, "#") || line == "" {
			continue
		}
		res = append(res, line)
	}
	return res
}