#!/bin/sh
set -eu

project_root=${PROJECT_ROOT:-$(pwd)}
script_dir=$(CDPATH= cd -- "$(dirname "$0")" && pwd)
fruix_cmd=$project_root/bin/fruix
os_file=${OS_FILE:-$script_dir/phase7-minimal-operating-system.scm}
system_name=${SYSTEM_NAME:-phase7-operating-system}
store_dir=${STORE_DIR:-/frx/store}
metadata_target=${METADATA_OUT:-}

[ -x "$fruix_cmd" ] || {
  echo "fruix command is not executable: $fruix_cmd" >&2
  exit 1
}

cleanup=0
if [ -n "${WORKDIR:-}" ]; then
  workdir=$WORKDIR
  mkdir -p "$workdir"
else
  workdir=$(mktemp -d /tmp/fruix-phase7-rootfs.XXXXXX)
  cleanup=1
fi
if [ "${KEEP_WORKDIR:-0}" -eq 1 ]; then
  cleanup=0
fi
rootfs=${ROOTFS_DIR:-$workdir/rootfs}

cleanup_workdir() {
  if [ "$cleanup" -eq 1 ]; then
    rm -rf "$workdir" 2>/dev/null || sudo rm -rf "$workdir"
  fi
}
trap cleanup_workdir EXIT INT TERM

rootfs_out=$workdir/rootfs.txt
metadata_file=$workdir/phase7-rootfs-metadata.txt

action_env() {
  sudo env \
    HOME="$HOME" \
    GUIX_SOURCE_DIR="${GUIX_SOURCE_DIR:-$HOME/repos/guix}" \
    GUILE_BIN="${GUILE_BIN:-/tmp/guile-freebsd-validate-install/bin/guile}" \
    GUILE_EXTRA_PREFIX="${GUILE_EXTRA_PREFIX:-/tmp/guile-gnutls-freebsd-validate-install}" \
    SHEPHERD_PREFIX="${SHEPHERD_PREFIX:-/tmp/shepherd-freebsd-validate-install}" \
    "$@"
}

assert_present() {
  path=$1
  [ -e "$path" ] || [ -L "$path" ] || {
    echo "required path missing: $path" >&2
    exit 1
  }
}

assert_target() {
  path=$1
  expected=$2
  actual=$(readlink "$path")
  [ "$actual" = "$expected" ] || {
    echo "unexpected symlink target for $path: $actual != $expected" >&2
    exit 1
  }
  printf '%s\n' "$actual"
}

printf 'Using fruix command: %s\n' "$fruix_cmd"
printf 'Working directory: %s\n' "$workdir"
printf 'Store directory: %s\n' "$store_dir"

action_env "$fruix_cmd" system rootfs "$os_file" "$rootfs" --system "$system_name" --store "$store_dir" >"$rootfs_out"

rootfs_reported=$(sed -n 's/^rootfs=//p' "$rootfs_out")
closure_path=$(sed -n 's/^closure_path=//p' "$rootfs_out")
ready_marker=$(sed -n 's/^ready_marker=//p' "$rootfs_out")
rc_script=$(sed -n 's/^rc_script=//p' "$rootfs_out")

[ "$rootfs_reported" = "$rootfs" ] || {
  echo "unexpected rootfs path reported: $rootfs_reported" >&2
  exit 1
}
case "$closure_path" in
  /frx/store/*-fruix-system-fruix-freebsd) : ;;
  *) echo "unexpected closure path: $closure_path" >&2; exit 1 ;;
esac

for path in \
  "$rootfs" \
  "$closure_path" \
  "$rc_script" \
  "$rootfs/etc/rc" \
  "$rootfs/etc/rc.subr" \
  "$rootfs/etc/rc.d" \
  "$rootfs/etc/defaults" \
  "$rootfs/etc/motd" \
  "$rootfs/usr/sbin" \
  "$rootfs/usr/bin" \
  "$rootfs/var/lib/fruix" \
  "$rootfs/var/log" \
  "$rootfs/var/run" \
  "$rootfs/tmp"
  do
  assert_present "$path"
done

run_current_system_target=$(assert_target "$rootfs/run/current-system" "$closure_path")
activate_target=$(assert_target "$rootfs/activate" /run/current-system/activate)
bin_target=$(assert_target "$rootfs/bin" /run/current-system/profile/bin)
sbin_target=$(assert_target "$rootfs/sbin" /run/current-system/profile/sbin)
lib_target=$(assert_target "$rootfs/lib" /run/current-system/profile/lib)
boot_kernel_target=$(assert_target "$rootfs/boot/kernel" /run/current-system/boot/kernel)
boot_loader_target=$(assert_target "$rootfs/boot/loader" /run/current-system/boot/loader)
boot_loader_efi_target=$(assert_target "$rootfs/boot/loader.efi" /run/current-system/boot/loader.efi)
rc_conf_target=$(assert_target "$rootfs/etc/rc.conf" /run/current-system/etc/rc.conf)
fstab_target=$(assert_target "$rootfs/etc/fstab" /run/current-system/etc/fstab)
passwd_target=$(assert_target "$rootfs/etc/passwd" /run/current-system/etc/passwd)
group_target=$(assert_target "$rootfs/etc/group" /run/current-system/etc/group)
rc_script_target=$(assert_target "$rootfs/usr/local/etc/rc.d/fruix-shepherd" /run/current-system/usr/local/etc/rc.d/fruix-shepherd)

grep -F 'hostname="fruix-freebsd"' "$closure_path/etc/rc.conf" >/dev/null || {
  echo "rc.conf does not contain the expected hostname" >&2
  exit 1
}
grep -F 'fruix_shepherd_enable="YES"' "$closure_path/etc/rc.conf" >/dev/null || {
  echo "rc.conf does not enable fruix_shepherd" >&2
  exit 1
}
grep -F '/dev/ufs/fruix-root' "$closure_path/etc/fstab" >/dev/null || {
  echo "fstab is missing the root filesystem" >&2
  exit 1
}
grep -F 'devfs' "$closure_path/etc/fstab" >/dev/null || {
  echo "fstab is missing devfs" >&2
  exit 1
}
grep -F 'tmpfs' "$closure_path/etc/fstab" >/dev/null || {
  echo "fstab is missing tmpfs" >&2
  exit 1
}
grep -F 'mkdir -p /home/operator' "$closure_path/activate" >/dev/null || {
  echo "activation script does not provision the operator home" >&2
  exit 1
}
grep -F "$ready_marker" "$closure_path/shepherd/init.scm" >/dev/null || {
  echo "shepherd configuration does not mention the ready marker" >&2
  exit 1
}
grep -F 'console="comconsole"' "$closure_path/boot/loader.conf" >/dev/null || {
  echo "loader.conf does not contain the expected serial console setting" >&2
  exit 1
}

cat >"$metadata_file" <<EOF
workdir=$workdir
rootfs=$rootfs
closure_path=$closure_path
run_current_system_target=$run_current_system_target
activate_target=$activate_target
bin_target=$bin_target
sbin_target=$sbin_target
lib_target=$lib_target
boot_kernel_target=$boot_kernel_target
boot_loader_target=$boot_loader_target
boot_loader_efi_target=$boot_loader_efi_target
rc_conf_target=$rc_conf_target
fstab_target=$fstab_target
passwd_target=$passwd_target
group_target=$group_target
rc_script=$rc_script
rc_script_target=$rc_script_target
ready_marker=$ready_marker
validation_mode=static-rootfs-check
ready_state_mode=freebsd-init+rc.d-shepherd
frontend_invocation=$fruix_cmd system rootfs
EOF

if [ -n "$metadata_target" ]; then
  mkdir -p "$(dirname "$metadata_target")"
  cp "$metadata_file" "$metadata_target"
fi

printf 'PASS phase7-rootfs\n'
printf 'Work directory: %s\n' "$workdir"
printf 'Metadata file: %s\n' "$metadata_file"
if [ -n "$metadata_target" ]; then
  printf 'Copied metadata to: %s\n' "$metadata_target"
fi
printf '%s\n' '--- metadata ---'
cat "$metadata_file"