#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
# SPDX-PackageName: CISS.2025.hardened.installer
# SPDX-Security-Contact: security@coresecret.eu

###########################################################################################
# 3.7.4. Functions - installation - generate sources                                      #
###########################################################################################

###########################################################################################
# Generate target ${TARGET}/etc/apt/sources.list entries
# Globals:
#   MODULE_ERR
#   MODULE_TXT
#   TARGET
#   apt_contrib
#   apt_mirror_directory
#   apt_mirror_hostname
#   apt_mirror_protocol
#   apt_non_free
#   apt_non_free_firmware
#   apt_security_string
#   apt_updates_backports
#   apt_updates_policy
#   apt_updates_release
#   apt_updates_security
# Arguments:
#   None
###########################################################################################
3_7_4_functions_installation_generate_sources() {
  declare -g -x MODULE_ERR="3_7_4_functions_installation_generate_sources"
  declare -g -x MODULE_TXT="Generating '${TARGET}/etc/apt/sources.list'"
  do_show_header "${MODULE_TXT}"

  declare CONTRIB=""
  declare DIR=""
  declare HOSTNAME=""
  declare HOSTSECURE=""
  declare NON_FREE=""
  declare NON_FREE_FIRMWARE=""
  declare PROTOCOL=""

  DIR="${apt_mirror_directory}"
  HOSTNAME="${apt_mirror_hostname}"
  HOSTSECURE="${apt_security_string}"

  if [[ ${apt_contrib,,} == "true" ]]; then
    CONTRIB="contrib"
  fi

  if [[ ${apt_non_free,,} == "true" ]]; then
    NON_FREE="non-free"
  fi

  if [[ ${apt_non_free_firmware,,} == "true" ]]; then
    NON_FREE_FIRMWARE="non-free-firmware"
  fi

  if [[ ${apt_mirror_protocol,,} == "https" ]]; then
    PROTOCOL="https"
  elif [[ ${apt_mirror_protocol,,} == "http" ]]; then
    PROTOCOL="http"
  fi

  declare CODENAME
  # apt-get install -y lsb-release
  CODENAME=$(lsb_release --codename --short)

  touch "${TARGET}"/etc/apt/sources.list
  chmod 0644 "${TARGET}"/etc/apt/sources.list

  cat << EOF >> "${TARGET}"/etc/apt/sources.list
#-----------------------------------------------------------------------------------------#
#                                  OFFICIAL DEBIAN REPOS                                  #
#-----------------------------------------------------------------------------------------#
deb ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME} main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}
deb-src ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME} main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}

EOF

  do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME} main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."
  do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME} main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."

  if [[ ${apt_updates_security,,} == "true" ]]; then

    cat << EOF >> "${TARGET}"/etc/apt/sources.list
deb ${PROTOCOL}://${HOSTSECURE}/debian-security ${CODENAME}-security main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}
deb-src ${PROTOCOL}://${HOSTSECURE}/debian-security ${CODENAME}-security main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}

EOF

    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${PROTOCOL}://${HOSTSECURE}/debian-security ${CODENAME}-security main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."
    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${PROTOCOL}://${HOSTSECURE}/debian-security ${CODENAME}-security main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."

  fi

  if [[ ${apt_updates_release,,} == "true" ]]; then

    cat << EOF >> "${TARGET}"/etc/apt/sources.list
deb ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-updates main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}
deb-src ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-updates main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}

EOF

    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-updates main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."
    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-updates main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."

  fi

  if [[ ${apt_updates_backports,,} == "true" ]]; then

    cat << EOF >> "${TARGET}"/etc/apt/sources.list
deb ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-backports main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}
deb-src ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-backports main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}

EOF

    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-backports main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."
    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${PROTOCOL}://${HOSTNAME}${DIR} ${CODENAME}-backports main ${CONTRIB} ${NON_FREE} ${NON_FREE_FIRMWARE}'."

  fi

  # Clean up 'source.list'
  sed -i '/^#/!s/[[:space:]]\+/ /g' "${TARGET}"/etc/apt/sources.list

  cat << EOF >> "${TARGET}"/etc/apt/sources.list
# Copyright 2018-2025; WEIDNER, Marc S., <cendev@coresecret.eu>
EOF

  if do_in_target "${TARGET}" apt-get update -y; then
    do_log "info" "true" "Command: 'apt-get update -y' executed in: '${TARGET}'."
  else
    do_log "emergency" "true" "Failed: Command: 'apt-get update -y' executed in: '${TARGET}'."
  fi

  if [[ ${apt_updates_policy,,} == "unattended" ]]; then

    if do_in_target "${TARGET}" apt-get install -y unattended-upgrades; then
      do_log "info" "true" "Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
    else
      do_log "emergency" "true" "Failed: Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
    fi
    do_log "info" "false" "The update policy was set at installation time to: '${apt_updates_policy}' executed in: '${TARGET}'."

  elif [[ ${apt_updates_policy,,} == "security" ]]; then

    if do_in_target "${TARGET}" apt-get install -y unattended-upgrades; then
      do_log "info" "true" "Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
    else
      do_log "emergency" "true" "Failed: Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
    fi

    # shellcheck disable=SC2016
    sed -i 's/^\s*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}"/etc/apt/apt.conf.d/50unattended-upgrades
    do_log "info" "false" "The update policy was set at installation time to '${apt_updates_policy}' executed in: '${TARGET}'."

  elif [[ ${apt_updates_policy,,} == "none" ]]; then

    do_log "info" "false" "The update policy was set at installation to: '${apt_updates_policy}'."

  else

    do_log "warning" "false" "Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."

  fi

  do_show_footer "${MODULE_TXT}"
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh: