#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu

guard_sourcing

#######################################
# Wrapper for preparing logfile inside chroot.
# Globals:
#   TARGET
# Arguments:
#   1: Logfile inside chroot
# Returns:
#   0: on success
#   ERR_CHROOT_LOGGER
#######################################
chroot_logger() {
  declare -r var_logfile="$1"
  : >| "${var_logfile}" || return "${ERR_CHROOT_LOGGER}"
  chmod 0600 "${var_logfile}" || "${ERR_CHROOT_LOGGER}"
  return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f chroot_logger

#######################################
# Helper Module to generate a Subnet Mask out of an IP in CCDIR Notation.
# Arguments:
#   1: IPv4 in CCDIR Notation, e.g.,: 192.168.128.128/24
# Returns:
#   0: on success
#######################################
generate_subnetmask() {
  declare var_arg="$1"
  declare var_prefix="${var_arg#*/}"
  declare var_mask_int=""
  declare var_has_ipv4_subnet=""
  var_mask_int=$((0xFFFFFFFF << (32 - var_prefix) & 0xFFFFFFFF))
  var_has_ipv4_subnet=$(printf "%d.%d.%d.%d" \
    $(((var_mask_int >> 24) & 0xFF)) \
    $(((var_mask_int >> 16) & 0xFF)) \
    $(((var_mask_int >> 8) & 0xFF)) \
    $((var_mask_int & 0xFF)))
  printf '%s' "${var_has_ipv4_subnet}"
  return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f generate_subnetmask

#######################################
# Collect NIC driver modules for initramfs installation (no lspci required).
# Uses '/sys' introspection to stay independent of pciutils/ethtool.
# Arguments:
#   None
# Output:
#   One module name per line (suitable for initramfs-tools/modules)
# Returns:
#   0: on success
#######################################
grep_nic_driver_modules() {
  declare -A _seen=()
  declare -a _mods=()
  declare    var_dev="" var_if="" var_uevent="" var_key="" var_val=""

  for var_dev in /sys/class/net/*; do
    [[ -d ${var_dev} ]] || continue
    var_if="${var_dev##*/}"
    [[ "${var_if}" == "lo" ]] && continue

    var_uevent="/sys/class/net/${var_if}/device/uevent"
    [[ -r "${var_uevent}" ]] || continue

    ### Parse key=value lines and extract DRIVER
    while IFS='=' read -r var_key var_val; do
      if [[ "${var_key}" == "DRIVER" && -n "${var_val}" ]]; then
        ### De-duplicate
        if [[ -z "${_seen[${var_val}]:-}" ]]; then
          _seen["${var_val}"]=1
          _mods+=("${var_val}")
        fi
        break
      fi
    done < "${var_uevent}"
  done

  ### Print one per line (initramfs-tools/modules friendly)
  ((${#_mods[@]})) && printf '%s\n' "${_mods[@]}"

  return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f grep_nic_driver_modules

#######################################
# Wrapper to insert the metadata field into the specified file.
# Globals:
#   VAR_ARCHITECTURE
#   VAR_CODENAME
#   VAR_VERSION
# Arguments:
#   1: /path/to/file
# Returns:
#   0: on success
#######################################
insert_comments() {
  declare of_file="${1}" var_name=""

  case "${of_file}" in
    /target/*)   var_name="${of_file#/target}"   ;;
    /recovery/*) var_name="${of_file#/recovery}" ;;
    *)           var_name="${of_file}"           ;;
  esac

  guard_trace on

  sed -i '/^# SPDX-Security-Contact: security@coresecret\.eu$/a\
\
# Static file system information: '"${var_name}"'\
# Generated by CISS.debian.installer '"${VAR_VERSION}"'\
# Architecture: '"${VAR_ARCHITECTURE}"'\
# Distribution: '"${VAR_CODENAME}"'
' "${of_file}"

  guard_trace off

  return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f insert_comments

#######################################
# Wrapper to insert the SPDX Header into the specified file.
# Globals:
#   VAR_DATE
# Arguments:
#   1: /path/to/file
# Returns:
#   0: on success
#######################################
insert_header() {
  guard_trace on

  cat << EOF >| "${1}"
# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu

EOF

  guard_trace off

  chmod 0644 "${1}"

  return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f insert_header

#######################################
# Helper module for update, full dist-upgrade, autoclean, autopurge and autoremove.
# Globals:
#   None
# Arguments:
#   None
# Returns:
#   0: on success
#######################################
update_upgrade() {
  apt-get update
  apt-get dist-upgrade -y
  apt-get autoclean -y
  apt-get autopurge -y
  apt-get autoremove -y
  return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f update_upgrade
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh