#!/usr/bin/sh

# Get build root
RPM_BUILD_ROOT="${1}"

# If using normal root, avoid changing anything.
if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
	exit 0
fi

# Create temporary file listing files in the manifest
TMPDIR="/tmp"
BIN_PKG_FILES=${TMPDIR}/${3%%.rpm}
cat - > $BIN_PKG_FILES

# Ensure temporary file is cleaned up when we exit
trap "rm -f \"${BIN_PKG_FILES}\"" 0 2 3 5 10 13 15

# File empty, exit
if [ -L $BIN_PKG_FILES ] || [ -z $(head -c 1 $BIN_PKG_FILES) ]; then
	exit 0
fi

# Create directory for digest lists
DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists
mkdir -p $DIGEST_LIST_DIR
mkdir -p $DIGEST_LIST_DIR.tlv

# Generate digest list for the kernel
gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \
	-i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \
	-A $RPM_BUILD_ROOT -i e: \
	-i E:/usr/src \
	-i E:/boot/efi \
	-i F:/lib \
	-i F:/usr/lib \
	-i F:/lib64 \
	-i F:/usr/lib64 \
	-i F:/lib/modules \
	-i F:/usr/lib/modules \
	-i F:/lib/firmware \
	-i F:/usr/lib/firmware

DIGEST_LIST_PATH="$DIGEST_LIST_DIR/0-metadata_list-compact-$(basename $BIN_PKG_FILES)"
[ -f $DIGEST_LIST_PATH ] || exit 0

chmod 644 $DIGEST_LIST_PATH
echo $DIGEST_LIST_PATH

# Generate TLV digest list to check metadata
gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR.tlv \
	-i l:policy -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \
	-T -A $RPM_BUILD_ROOT -i e: \
	-i E:/usr/src \
	-i E:/boot/efi \
	-i F:/lib \
	-i F:/usr/lib \
	-i F:/lib64 \
	-i F:/usr/lib64 \
	-i F:/lib/modules \
	-i F:/usr/lib/modules \
	-i F:/lib/firmware \
	-i F:/usr/lib/firmware

DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basename $BIN_PKG_FILES)"
[ -f $DIGEST_LIST_TLV_PATH ] || exit 0

chmod 644 $DIGEST_LIST_TLV_PATH
echo $DIGEST_LIST_TLV_PATH

#if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
#      ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
# Generate digest list for the user space parsers

# do EBS sign
export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}')
export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
if [[ -n "$PUBLISHER_HOST" && -n "$PUBLISHER_PORT" ]]; then
	[ -f /usr/lib/rpm/brp-ebs-sign ] || exit 0
	sh /usr/lib/rpm/brp-ebs-sign --ima-digestlist $DIGEST_LIST_PATH 1>&2
	[ -f $DIGEST_LIST_PATH.sig ] || exit 0
	chmod 644 $DIGEST_LIST_PATH.sig
	mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH
	exit 0
fi

# do OBS sign
[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0

export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
export RPM_BUILD_ROOT
export RPM_PACKAGE_NAME="digest-list-tools"
export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"

if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
	/usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
fi
#fi