#!/bin/bash

BINHOST_NAME=arm64/23.0/arm64
_BINHOST_NAME=$(echo ${BINHOST_NAME}|sed -e 's:/:_:g')

TMPFILE="/root/.tmp-binhost-${_BINHOST_NAME}-update-$(date +%s)"
LOCKFILE="/root/.tmp-binhost-${_BINHOST_NAME}-lock"

EMAIL_FROM=binhost@susuwatari.arm.dev.gentoo.org
EMAIL_TO=gentoo-binhost-autobuilds@lists.gentoo.org

NSPAWN_NAMES="binhost-arm64-kde-23 binhost-arm64-gnome-23 binhost-arm64-server-23"

UPLOAD_USER=arm64
UPLOAD_KEY=/root/.ssh/id_ed25519

TMPFS_SIZE=64


send_email() {
        local subject="[binhost ${BINHOST_NAME}] $1"
        local message=$2
        local logfile=$3
        local body

        if [ -n "${logfile}" ]; then
                url=$(xz -c "${logfile}" | curl -F "_=<-" https://paste.gentoo.zip)
                body=$(printf '%b\n\n\n' "${message}"; tail -n 500 "${logfile}"; printf '\n\n\nFull build log at %s (download: %s)\n' "${logfile}" "${url}")
        else
                body=${message}
        fi

        printf 'From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n%b' \
                "${EMAIL_FROM}" "${EMAIL_TO}" "${subject}" "${body}" | \
                /usr/sbin/sendmail -f "${EMAIL_FROM}" ${EMAIL_TO//,/ }
}

upsync_binpackages() {
	# parameter 1: a PKGDIR on the local host
	# parameter 2: the target dir in the mirroring system, should be of the
	#              form arch/profileversion/name (e.g., amd64/17.0/x32 )
	echo Upsyncing binpackages from $1 to $2
	local SSH_CMD=(
	        ssh
       		-i ${UPLOAD_KEY}
                -o UserKnownHostsFile=/dev/null
                -o VerifyHostKeyDNS=yes
                -o StrictHostKeyChecking=no
                -o IPQoS=cs0
        )
        local RSYNC_OPTS=(
                -e "${SSH_CMD[*]}"
                --archive
                --delete
                --delete-after
                --omit-dir-times
                --delay-updates
                --mkpath
                --stats
        )
        rsync "${RSYNC_OPTS[@]}" "$1"/* "${UPLOAD_USER}@releng-incoming.gentoo.org:/release/weekly/binpackages/$2/"
}

verify_dnssec() {
        which dig >/dev/null || {
                echo "net-dns/bind-tools is needed to verify DNSSEC is working"
                exit 1
        }

        if ! dig +noall +comments dev.gentoo.org. IN SSHFP | egrep -q '^;; flags: [ a-z]+\<ad\>'; then
                echo "DNSSEC does not appear to be working. Bailing out"
                exit 1
        fi

        if ! grep -q '^options\>.*\<edns0\>' /etc/resolv.conf; then
                echo "DNSSEC is not enabled in /etc/resolv.conf"
                exit 1
        fi
}



if [[ -f ${LOCKFILE} ]] ; then
	echo "lockfile ${LOCKFILE} exists, aborting"
	exit 111
fi
touch ${LOCKFILE} || exit 112

verify_dnssec

echo Starting run at $(date -u) > ${TMPFILE}

echo Syncing host &>> ${TMPFILE}

emerge --sync -q &>> ${TMPFILE}

anyfail=0

for n in ${NSPAWN_NAMES} ; do
	echo Machine ${n} &>> ${TMPFILE}
	echo &>> ${TMPFILE}
	cd /var/lib/machines/${n}/etc/binhost &>> ${TMPFILE}
	git reset --hard &>> ${TMPFILE}
	git pull -q &>> ${TMPFILE}
	cd /root &>> ${TMPFILE}
	systemd-nspawn --bind /var/cache/distfiles --bind-ro /var/db/repos/gentoo --tmpfs=/var/tmp:mode=1777,size=${TMPFS_SIZE}g -M ${n} /root/bin/run-update &>> ${TMPFILE}
	let "anyfail+=$?"
done

cp ${TMPFILE} /var/lib/machines/binhost-arm64-kde-23/var/cache/binpkgs/last-build.log
upsync_binpackages /var/lib/machines/binhost-arm64-kde-23/var/cache/binpkgs arm64/23.0/arm64 &>> ${TMPFILE}

if [[ ${anyfail} -gt 0 ]] ; then

  send_email "Update failed" "Binhost ${BINHOST_NAME} update failed in at least one nspawn" ${TMPFILE}

fi


rm ${LOCKFILE}