#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu

guard_sourcing

#######################################
# Generate target '/etc/apt/sources.list' entries.
# Globals:
#   RECOVERY
#   TARGET
#   VAR_RUN_RECOVERY
#   apt_contrib
#   apt_deb_sources
#   apt_mirror_directory
#   apt_mirror_hostname
#   apt_mirror_protocol
#   apt_non_free
#   apt_non_free_firmware
#   apt_sec
#   apt_updates_backports
#   apt_updates_release
#   apt_updates_security
#   architecture
#   distribution
# Arguments:
#   None
# Returns:
#   0: on success
#######################################
generate_sources() {
  ### Declare Arrays, HashMaps, and Variables.
  declare -a  ary_components=()
  declare     var_arch="" var_codename="" var_deb_src="" var_dir="" var_hostname="" var_hostsecure="" var_url="" var_surl=""
  declare     var_target="${TARGET}"

  ### Check for TARGET / RECOVERY.
  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"

  # shellcheck disable=SC2154 # "${architecture}"
  var_arch="${architecture,,}"
  # shellcheck disable=SC2154 # "${distribution}"
  var_codename="${distribution,,}"
  # shellcheck disable=SC2154 # "${apt_deb_sources}"
  var_deb_src="${apt_deb_sources,,}"
  # shellcheck disable=SC2154 # "${apt_mirror_directory}"
  var_dir="${apt_mirror_directory,,}"
  # shellcheck disable=SC2154 # "${apt_mirror_hostname}"
  var_hostname="${apt_mirror_hostname,,}"
  # shellcheck disable=SC2154 # "${apt_sec}"
  var_hostsecure="${apt_sec,,}"

  ary_components=( "main" )
  [[ "${apt_contrib,,}" == "true" ]] && ary_components+=( "contrib" )
  [[ "${apt_non_free,,}" == "true" ]] && ary_components+=( "non-free" )
  [[ "${apt_non_free_firmware,,}" == "true" ]] && ary_components+=( "non-free-firmware" )

  if [[ "${apt_mirror_protocol,,}" == "https" ]]; then

    var_url="https://${var_hostname}${var_dir}"
    var_surl="https://${var_hostsecure}/debian-security"

  elif [[ "${apt_mirror_protocol,,}" == "http" ]]; then

    var_url="http://${var_hostname}${var_dir}"
    var_surl="http://${var_hostsecure}/debian-security"

  else

    var_url="https://${var_hostname}${var_dir}"
    var_surl="https://${var_hostsecure}/debian-security"

  fi

  : >| "${var_target}/etc/apt/sources.list"
  chmod 0644 "${var_target}/etc/apt/sources.list"

  ### Main Repository
  # shellcheck disable=SC2153
  insert_header   "${var_target}/etc/apt/sources.list"
  insert_comments "${var_target}/etc/apt/sources.list"
  cat << EOF >>   "${var_target}/etc/apt/sources.list"
#------------------------------------------------------------------------------------------------------------------------------#
#                                                     OFFICIAL DEBIAN REPOS                                                    #
#------------------------------------------------------------------------------------------------------------------------------#
deb ${var_url} ${var_codename} ${ary_components[*]}
EOF
  do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename} ${ary_components[*]}'."

  if [[ "${var_deb_src}" == "true" ]]; then

    echo "deb-src ${var_url} ${var_codename} ${ary_components[*]}" >> "${var_target}/etc/apt/sources.list"
    do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename} ${ary_components[*]}'."

  fi


  ### Security Repository
  if [[ "${apt_updates_security,,}" == "true" ]]; then

    cat << EOF >> "${var_target}/etc/apt/sources.list"

deb ${var_surl} ${var_codename}-security ${ary_components[*]}
EOF
    do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb ${var_surl} ${var_codename}-security ${ary_components[*]}'."

    if [[ "${var_deb_src}" == "true" ]]; then

      echo "deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}" >> "${var_target}/etc/apt/sources.list"
      do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}'."

    fi

  fi


  ### Updates Repository
  if [[ "${apt_updates_release,,}" == "true" ]]; then

    cat << EOF >> "${var_target}/etc/apt/sources.list"

deb ${var_url} ${var_codename}-updates ${ary_components[*]}
EOF
    do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-updates ${ary_components[*]}'."

    if [[ "${var_deb_src}" == "true" ]]; then

      echo "deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}" >> "${var_target}/etc/apt/sources.list"
      do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}'."

    fi

  fi


  ### Backports Repository
  if [[ "${apt_updates_backports,,}" == "true" ]]; then

    cat << EOF >> "${var_target}/etc/apt/sources.list"

deb ${var_url} ${var_codename}-backports ${ary_components[*]}
EOF
    do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-backports ${ary_components[*]}'."

    if [[ "${var_deb_src,,}" == "true" ]]; then

      echo "deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}" >> "${var_target}/etc/apt/sources.list"
      do_log "info" "file_only" "4100() ${var_target}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}'."

    fi

  fi


  ### Clean up 'sources.list'
  sed -i '/^#/!s/[[:space:]]\+/ /g' "${var_target}/etc/apt/sources.list"

  cat << EOF >> "${var_target}/etc/apt/sources.list"

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF


  insert_header   "${var_target}/etc/apt/apt.conf.d/90-no-pdiffs"
  insert_comments "${var_target}/etc/apt/apt.conf.d/90-no-pdiffs"
  cat << 'EOF' >> "${var_target}/etc/apt/apt.conf.d/90-no-pdiffs"
Acquire::PDiffs "false";

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
  sed -i -E 's|^([[:space:]]*)#+|\1//|' "${var_target}/etc/apt/apt.conf.d/90-no-pdiffs"

  insert_header   "${var_target}/etc/apt/apt.conf.d/91-acquire"
  insert_comments "${var_target}/etc/apt/apt.conf.d/91-acquire"
  cat << 'EOF' >> "${var_target}/etc/apt/apt.conf.d/91-acquire"
Acquire::Retries "3";

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
  sed -i -E 's|^([[:space:]]*)#+|\1//|' "${var_target}/etc/apt/apt.conf.d/91-acquire"

  guard_dir && return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f generate_sources
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh