#!/bin/sh
# $NetBSD: upload,v 1.27 2005/07/28 00:37:43 grant Exp $

#
# Upload non-restricted binary pkgs to ftp server
#

MD5="digest md5";
SHA1="digest sha1";

opsys=`uname -s`
case "$opsys" in
NetBSD)	BMAKE=make;
	BSDSUM="sum -o 1";
	CKSUM="cksum";
	SYSVSUM="sum -o 2";
	;;
IRIX*)  BMAKE=bmake;
	BSDSUM="sum -r";
	CKSUM="cksum";
	SYSVSUM="sum";
	;;
*)	BMAKE=bmake ;;
esac

export BMAKE

# Bring in variables for bulk-install
BATCH=1
DEPENDS_TARGET=bulk-install
export BATCH DEPENDS_TARGET

# Pull in RSYNC_DST, RSYNC_OPTS:
if [ -f "$BULK_BUILD_CONF" ]; then
    . $BULK_BUILD_CONF
else
    . `dirname $0`/build.conf
fi

cd $USR_PKGSRC

if [ -z "$RSYNC_DST" ]; then
	echo "You must set the variable RSYNC_DST, see build.conf-example."
	exit 1
fi

#
# Some temp files
#

umask 022
TMPDIR="${TMPDIR:-/tmp}"
TMP="${TMPDIR}"/pkg_upload.$$
(umask 077 && mkdir "${TMP}")
if [ $? -ne 0 ]
then
        echo $0: cannot create temporary directory \""${TMP}"\" >&2
        exit 1
fi

exf="$TMP"/exclude
vf="$TMP"/vulnerable
upload="$TMP"/upload
upload_general="$TMP"/upload_general
upload_vulnerable="$TMP"/upload_vulnerable

# May be different than $USR_PKGSRC:
pkgsrcdir=`cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=_PKGSRCDIR`
packages=`cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=PACKAGES`
distdir=`cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=DISTDIR`

# Pull in some pkgs needed
( cd pkgtools/pkglint ;        ${BMAKE} bulk-install )
( cd net/rsync ;               ${BMAKE} bulk-install )
( cd security/audit-packages ; ${BMAKE} bulk-install )

echo "Making sure vulnerability-list is up-to-date:"
if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = "yes" ]
then
	env PKGVULNDIR=${distdir} download-vulnerability-list
else
	echo '(skipped)'
fi

case $LINTPKGSRC_CACHE in
yes|YES)
	lintpkgsrc_cache="-I `cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=LINTPKGSRC_DB`"
	;;
*)
	lintpkgsrc_cache=''
	;;
esac

echo "Checking for restricted and out of date packages:"
# -p  =  report old versions of packages
# -R  =  report restricted packages
lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -pR  | sed 's@'$packages'/@@' > "$exf"

echo "Checking for vulnerable packages:"
lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -V  | sed 's@'$packages'/@@' > "$vf"

RSFLAGS="-vap --progress $RSYNC_OPTS"

failed=no
cd $packages

if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" = "YES" ]; then

	echo "Calculating checksum files..."

	SUMFILES="BSDSUM CKSUM MD5 SHA1 SYSVSUM"

	rm -f ${SUMFILES}

	if [ x"${SIGN_AS}" != x"" ]; then
		( cd ${pkgsrcdir}/security/gnupg; ${BMAKE} bulk-install )
		for i in ${SUMFILES}; do
			echo > $i
			echo "This file is signed with ${SIGN_AS}'s PGP key." >> $i
			echo >> $i
		done
	fi

	( cd ${pkgsrcdir}/pkgtools/digest; ${BMAKE} bulk-install )

	[ -z "${BSDSUM}" ] && BSDSUM="echo"
	[ -z "${CKSUM}" ] && CKSUM="echo"
	[ -z "${SYSVSUM}" ] && SYSVSUM="echo"

	for i in All/*; do
		if grep $i $exf >/dev/null; then
			:
		else
			${BSDSUM} $i >> BSDSUM
			${CKSUM} $i >> CKSUM
			${MD5} $i >> MD5
			${SHA1} $i >> SHA1
			${SYSVSUM} $i >> SYSVSUM
		fi
	done

	[ "${BSDSUM}" = "echo" ] && rm BSDSUM
	[ "${CKSUM}" = "echo" ] && rm CKSUM
	[ "${SYSVSUM}" = "echo" ] && rm SYSVSUM
	
	if [ x"${SIGN_AS}" != x"" ]; then
		for i in ${SUMFILES}; do
			if [ -s $i ]; then
				echo "Signing $i"
				gpg --clearsign $i && rm $i
			fi
		done
	else
		echo "Checksum files not PGP-signed. Please do so manually!"
		echo "(Run 'gpg --clearsign' on all of them)"
	fi
fi


echo "#!/bin/sh" > "$upload"
echo "packages=$packages" >> "$upload"
echo "if cd $packages; then" >> "$upload"
echo "  :" >> "$upload"
echo "else" >> "$upload"
echo "	echo \"could not cd to $packages\"" >> "$upload"
echo "	exit 1" >> "$upload"
echo "fi" >> "$upload"

echo "Uploading non-vulnerable pkgs"
cmd="rsync $RSFLAGS --exclude-from=\"$exf\" --exclude-from=\"$vf\" . \"$RSYNC_DST\""
cp -f "$upload" "$upload_general"
echo "$cmd" >> "$upload_general"
chmod 755 "$upload_general"
echo "$cmd"
sh "$upload_general"
if [ $? != 0 ]; then
	echo "--------------------------------------------------"
	echo " "
	echo "WARNING: rsync failed.  To retry later, you can run"
	echo "    $upload_general"
	echo " "
	echo "--------------------------------------------------"
	failed=yes
fi

echo "Uploading vulnerable pkgs"
sed -n "s@All/@@p" "$exf" > "$exf.new"
sed -n "s@All/@@p" "$vf" > "$vf.new"
cmd="rsync $RSFLAGS --exclude-from=\"$exf.new\" --include-from=\"$vf.new\" --exclude='*' All/ \"$RSYNC_DST/vulnerable/\""
cp -f "$upload" "$upload_vulnerable"
echo "$cmd" >> "$upload_vulnerable"
chmod 755 "$upload_vulnerable"
echo "$cmd"
sh "$upload_vulnerable"
if [ $? != 0 ]; then
	echo "--------------------------------------------------"
	echo " "
	echo "WARNING: rsync failed.  To retry later, you can run"
	echo "    $upload_vulnerable"
	echo " "
	echo "--------------------------------------------------"
	failed=yes
fi

# clean up temp files
if [ "$failed" = "no" ]; then
	rm -fr "$TMP"
fi