#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu

guard_sourcing || return "${ERR_GUARD_SOURCE}"

#######################################
# Kernel Image Selector.
# Globals:
#   VAR_DIALOG
#   VAR_KERNEL
#   VAR_KERNEL_SRT
#   VAR_KERNEL_TMP
#   VAR_NOTES
#   VAR_VERSION
# Arguments:
#   None
# Returns:
#   0: on success
#   42: On sorting Error.
#######################################
dialog_kernel() {
  declare -i counter=1 rc=0
  declare    first_string="" line="" name="" options="" var_cpu_vendor="" var_system_architecture=""

  # shellcheck disable=SC2312
  var_cpu_vendor=$(</proc/cpuinfo grep 'vendor_id' | head -n1 | cut -d: -f2 | xargs)
  var_system_architecture="$(dpkg --print-architecture)"

  cat << EOF >| "${VAR_NOTES}"
CISS.debian.installer
Build: ${VAR_VERSION}

Press 'EXIT' to return to the menu: "Select the Kernel for the target system".

Kernel available :
This section lists available Debian kernel variants. Each type addresses specific requirements such as
hardware support, virtualization, real-time processing, or Secure-Boot compatibility.

*+bpo*           : Debian Backported Kernel
Backported kernels from Debian testing or unstable, offering newer features, improved hardware
support, and updated drivers, especially useful on modern systems or special-purpose hardware.

*cloud*          : Special lightweight images for KVM
Cloud-optimized kernels tailored for virtualized environments (e.g., KVM, OpenStack). These images
are minimal, fast-booting, and reduce unnecessary modules and firmware to save memory and time.

*unsigned*       : Unsigned Kernel
Kernel images without Microsoft Secure Boot signatures. These require custom Secure Boot key
management (e.g., using your own PK/KEK/DB or MOK with shim) and will not boot on locked-down systems.

*preempt_rt*     : Special Kernel for real-time-computing
Real-time variant with full preemption enabled. Designed for workloads needing deterministic latency
such as robotics, industrial control, scientific instrumentation, or low-latency audio processing.

Note             :
All kernel packages NOT marked as *unsigned* are **Microsoft-signed** and should work out of the
box with Secure-Boot enabled, assuming the UEFI firmware trusts Microsofts root keys.
EOF

  case "${var_system_architecture}" in

    amd64)
      # shellcheck disable=SC2312
      apt-cache search linux-image | grep linux-image | grep amd64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
      ;;

    arm64)
      # shellcheck disable=SC2312
      apt-cache search linux-image | grep linux-image | grep arm64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
      ;;

    *)
      do_log "info" "file_only" "0110() Unknown Architecture: '${var_system_architecture}' and / or unsupported CPU vendor: '${var_cpu_vendor}', skipping."
      ;;

  esac

  sort --output="${VAR_KERNEL_SRT}" "${VAR_KERNEL_TMP}" || {
    printf "❌ Error 0110_check_kernel.sh Line 84 sort failed\n" >&2
    # shellcheck disable=SC2162
    read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
    return 42
  }

  while IFS= read -r line; do
    first_string=${line%% *}
    name=${first_string#linux-image-}
    options+=("${name}" "${counter}" off)
    ((counter++))
  done < "${VAR_KERNEL_SRT}"

  while true; do

    declare -gx VAR_IN_DIALOG_WR="text"

    # shellcheck disable=SC2034
    if VAR_KERNEL=$(dialog \
      --no-collapse \
      --ascii-lines \
      --clear \
      --help-button --help-label "Info" \
      --backtitle "CISS.debian.installer" \
      --title "Select the Kernel for the target system." \
      --radiolist "Kernel available: \n" 0 0 "${options[@]}" 3>&1 1>&2 2>&3 3>&-)

    then

      clear
      [[ "${VAR_KERNEL}" != linux-image-* ]] && VAR_KERNEL="linux-image-${VAR_KERNEL}"
      do_log "info" "file_only" "0110() Kernel image selected interactively: '${VAR_KERNEL}'."
      break

    else

      rc=$?

      if (( "${rc}" == 1 )); then

        clear
        VAR_KERNEL=""
        break

      elif (( "${rc}" == 2 )); then

        clear
        dialog --no-collapse \
          --ascii-lines \
          --clear \
          --backtitle "CISS.debian.installer" \
          --title "Select the Kernel for the target system." \
          --scrollbar \
          --textbox "${VAR_NOTES}" 32 128
        clear
        continue

      fi

    fi

  done

  declare -gx VAR_IN_DIALOG_WR="false"

  return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh