#!/bin/bash

# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Script to generate a Chromium OS update for use by the update engine.
# If a source .bin is specified, the update is assumed to be a delta update.

# Load common CrOS utilities.  Inside the chroot this file is installed in
# /usr/lib/crosutils.  This script may also be called from a zipfile, in which
# case common.sh will be in the current directory.
find_common_sh() {
  local thisdir="$(dirname "$(readlink -f "$0")")"
  local common_paths=(/usr/lib/crosutils "${thisdir}")
  local path

  SCRIPT_ROOT="${common_paths[0]}"
  for path in "${common_paths[@]}"; do
    if [[ -r "${path}/common.sh" ]]; then
      SCRIPT_ROOT="${path}"
      break
    fi
  done

  # HACK(zbehan): We have to fake GCLIENT_ROOT in case we're running inside
  # au_zip enviroment. GCLIENT_ROOT detection became fatal...
  [[ "${SCRIPT_ROOT}" == "${thisdir}" ]] && export GCLIENT_ROOT="."
}

find_common_sh
. "${SCRIPT_ROOT}/common.sh" || exit 1

DEFINE_string image "" "The image that should be sent to clients."
DEFINE_string src_image "" "Optional: a source image. If specified, this makes\
 a delta update."
DEFINE_string output "" "Output file"
DEFINE_boolean outside_chroot "${FLAGS_FALSE}" "Running outside of chroot."
DEFINE_string private_key "" "Path to private key in .pem format."
DEFINE_string out_payload_hash_file "" "Path to output payload hash file."
DEFINE_string out_metadata_hash_file "" "Path to output metadata hash file."
DEFINE_boolean extract "${FLAGS_FALSE}" "If set, extract old/new kernel/rootfs \
to [old|new]_[kern|root].dat. Useful for debugging (default: false)"
DEFINE_boolean full_kernel "${FLAGS_FALSE}" "Generate a full kernel update \
even if generating a delta update (default: false)"
DEFINE_string chunk_size "" \
  "Delta payload chunk size (-1 means whole files)"

DEFINE_string src_channel "" "Channel of the src image."
DEFINE_string src_board "" "Board of the src image."
DEFINE_string src_version "" "Version of the src image."
DEFINE_string src_key "" "Key of the src image."
DEFINE_string src_build_channel "" "Channel of the build of the src image."
DEFINE_string src_build_version "" "Version of the build of the src image."

DEFINE_string channel "" "Channel of the target image."
DEFINE_string board "" "Board of the target image."
DEFINE_string version "" "Version of the target image."
DEFINE_string key "" "Key of the target image."
DEFINE_string build_channel "" "Channel of the build of the target image."
DEFINE_string build_version "" "Version of the build of the target image."

# Because we archive/call old versions of this script, we can't easily remove
# command line options, even if we ignore this one now.
DEFINE_boolean patch_kernel "${FLAGS_FALSE}" "Ignored. Present for \
compatibility."

# Specifying any of the following will cause it to not be cleaned up upon exit.
DEFINE_string kern_path "" "File path for extracting the kernel partition."
DEFINE_string root_path "" "File path for extracting the rootfs partition."
DEFINE_string src_kern_path "" \
  "File path for extracting the source kernel partition."
DEFINE_string src_root_path "" \
  "File path for extracting the source rootfs partition."

DEFINE_string work_dir "" "Where to dump temporary files."


# Parse command line
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"

STATE_PART_NUM=1
ROOTFS_PART_NUM=3

SRC_KERNEL=""
SRC_ROOT=""
DST_KERNEL=""
DST_ROOT=""

# We include cgpt in the au-generator.zip, so we can call it directly here. We
# don't use chromeos-common.sh versions because we need to not run them as root.

# Usage: gpt_part_offset <image> <partition_number>
# Return the start sector number of the partition number |partition_number| in
# the GPT image |image|.
gpt_part_offset() {
  cgpt show -b -i "$2" "$1"
}

# Usage: gpt_part_size <image> <partition_number>
# Return the size of the partition number |partition_number| in the GPT image
#|image|, in number of sectors.
gpt_part_size() {
  cgpt show -s -i "$2" "$1"
}

cleanup() {
  local err=""

  if [[ -z "${FLAGS_src_kern_path}" ]]; then
    rm -f "${SRC_KERNEL}" || err=1
  fi
  if [[ -z "${FLAGS_src_root_path}" ]]; then
    rm -f "${SRC_ROOT}" || err=1
  fi
  if [[ -z "${FLAGS_kern_path}" ]]; then
    rm -f "${DST_KERNEL}" || err=1
  fi
  if [[ -z "${FLAGS_root_path}" ]]; then
    rm -f "${DST_ROOT}" || err=1
  fi

  # If we are cleaning up after an error, or if we got an error during
  # cleanup (even if we eventually succeeded) return a non-zero exit
  # code. This triggers additional logging in most environments that call
  # this script.
  if [[ -n "${err}" ]]; then
    die "Cleanup encountered an error."
  fi
}

cleanup_on_error() {
  trap - INT TERM ERR EXIT
  cleanup
  die "Cleanup success after an error."
}

cleanup_on_exit() {
  trap - INT TERM ERR EXIT
  cleanup
}

trap cleanup_on_error INT TERM ERR
trap cleanup_on_exit EXIT

extract_partition_to_temp_file() {
  local filename="$1"
  local partition="$2"
  local temp_file="$3"
  if [[ -z "${temp_file}" ]]; then
    temp_file=$(mktemp --tmpdir="${FLAGS_work_dir}" \
                cros_generate_update_payload.XXXXXX)
  fi
  echo "${temp_file}"

  # Keep `local` decl split from assignment so return code is checked.
  local offset length
  offset=$(gpt_part_offset "${filename}" ${partition})  # 512-byte sectors
  length=$(gpt_part_size "${filename}" ${partition})  # 512-byte sectors
  dd if="${filename}" of="${temp_file}" bs=8M iflag=skip_bytes,count_bytes \
      count="$(( length * 512 ))" skip="$(( offset * 512 ))" status=none
}

patch_kernel() {
  local image="$1"
  local kern_file="$2"
  local err=""

  local state_out vblock
  state_out=$(extract_partition_to_temp_file "${image}" "${STATE_PART_NUM}" "")
  vblock=$(mktemp --tmpdir="${FLAGS_work_dir}" vmlinuz_hd.vblock.XXXXXX)
  e2cp "${state_out}:/vmlinuz_hd.vblock" "${vblock}" || err+="e2cp failed."
  dd if="${vblock}" of="${kern_file}" conv=notrunc status=none ||
    err+="dd failed."
  rm -f "${state_out}" "${vblock}"

  if [[ -n "${err}" ]]; then
    die "Error patching the kernel: ${err}"
  fi
}

extract_kern() {
  local bin_file="$1"
  local kern_out="$2"

  kern_out=$(extract_partition_to_temp_file "${bin_file}" 4 "${kern_out}")
  if cmp /dev/zero "${kern_out}" -n 65536 -s; then
    warn "${bin_file}: Kernel B is empty, patching kernel A."
    extract_partition_to_temp_file "${bin_file}" 2 "${kern_out}" > /dev/null
    patch_kernel "${bin_file}" "${kern_out}" >&2
  fi
  echo "${kern_out}"
}

# ext2fs_size <rootfs>
# Prints the size in bytes of the ext2 filesystem passed in |rootfs|. In case of
# error it returns 1 and doesn't print any output.
ext2fs_size() {
  local rootfs="$1"

  # dumpe2fs is normally installed in /sbin but doesn't require root.
  local PATH="${PATH}:/sbin"
  dumpe2fs "${rootfs}" >/dev/null 2>&1 || return 1
  local fs_blocs fs_blocksize
  fs_blocks=$(dumpe2fs -h "${rootfs}" 2>/dev/null | \
    grep "^Block count:" | cut -f 2 -d :)
  fs_blocksize=$(dumpe2fs -h "${rootfs}" 2>/dev/null | \
    grep "^Block size:" | cut -f 2 -d :)
  echo $(( fs_blocks * fs_blocksize ))
}

# extract_root <bin_file> <root_out>
# Extract the rootfs partition from the gpt image |bin_file| and store it in
# |root_out|. If |root_out| is empty, a new temp file will be used. Prints the
# filename where the rootfs was stored.
extract_root() {
  local bin_file="$1"
  local root_out="$2"

  root_out=$(extract_partition_to_temp_file "${bin_file}" "${ROOTFS_PART_NUM}" \
    "${root_out}")

  # We only update the filesystem part of the partition, which is stored in the
  # gpt script.
  local root_out_size
  if root_out_size=$(ext2fs_size "${root_out}"); then
    truncate --size="${root_out_size}" "${root_out}"
    echo "Truncated root to ${root_out_size} bytes." >&2
  else
    die "Error truncating the rootfs to the filesystem size."
  fi

  echo "${root_out}"
}

if [[ -n "${FLAGS_src_image}" ]] && \
   [[ "${FLAGS_outside_chroot}" -eq "${FLAGS_FALSE}" ]]; then
  # We need to be in the chroot for generating delta images.
  # by specifying --outside_chroot you can choose not to assert
  # this will allow us to run this script outside chroot.
  # Running this script outside chroot requires copying delta_generator binary
  # and also copying few shared libraries with it.
  assert_inside_chroot
fi

if [[ "${FLAGS_extract}" -eq "${FLAGS_TRUE}" ]]; then
  if [[ -n "${FLAGS_src_image}" ]]; then
    SRC_KERN_PATH="${FLAGS_src_kern_path:-old_kern.dat}"
    SRC_ROOT_PATH="${FLAGS_src_root_path:-old_root.dat}"
    extract_kern "${FLAGS_src_image}" "${SRC_KERN_PATH}"
    extract_root "${FLAGS_src_image}" "${SRC_ROOT_PATH}"
  fi
  if [[ -n "${FLAGS_image}" ]]; then
    KERN_PATH="${FLAGS_kern_path:-new_kern.dat}"
    ROOT_PATH="${FLAGS_root_path:-new_root.dat}"
    extract_kern "${FLAGS_image}" "${KERN_PATH}"
    extract_root "${FLAGS_image}" "${ROOT_PATH}"
  fi
  echo Done extracting kernel/root
  exit 0
fi

[[ -n "${FLAGS_output}" ]] ||
  die "Error: you must specify an output filename with --output FILENAME"

DELTA="${FLAGS_TRUE}"
PAYLOAD_TYPE="delta"
if [[ -z "${FLAGS_src_image}" ]]; then
  DELTA="${FLAGS_FALSE}"
  PAYLOAD_TYPE="full"
fi

echo "Generating ${PAYLOAD_TYPE} update"

# Sanity check that the real generator exists:
GENERATOR="$(which delta_generator)"
[[ -x "${GENERATOR}" ]] || die "can't find delta_generator"

if [[ "${DELTA}" -eq "${FLAGS_TRUE}" ]]; then
  if [[ "${FLAGS_full_kernel}" -eq "${FLAGS_FALSE}" ]]; then
    SRC_KERNEL=$(extract_kern "${FLAGS_src_image}" "${FLAGS_src_kern_path}")
    echo md5sum of src kernel:
    md5sum "${SRC_KERNEL}"
  else
    echo "Generating a full kernel update."
  fi
  SRC_ROOT=$(extract_root "${FLAGS_src_image}" "${FLAGS_src_root_path}")
  echo md5sum of src root:
  md5sum "${SRC_ROOT}"
fi

DST_KERNEL=$(extract_kern "${FLAGS_image}" "${FLAGS_kern_path}")
DST_ROOT=$(extract_root "${FLAGS_image}" "${FLAGS_root_path}")

GENERATOR_ARGS=(
  # Common payload args:
  -major_version=1
  -out_file="${FLAGS_output}"
  -private_key="${FLAGS_private_key}"
  # Target image args:
  -new_image="${DST_ROOT}"
  -new_kernel="${DST_KERNEL}"
  -new_channel="${FLAGS_channel}"
  -new_board="${FLAGS_board}"
  -new_version="${FLAGS_version}"
  -new_key="${FLAGS_key}"
  -new_build_channel="${FLAGS_build_channel}"
  -new_build_version="${FLAGS_build_version}"
)

if [[ "${DELTA}" -eq "${FLAGS_TRUE}" ]]; then
  GENERATOR_ARGS+=(
    # Source image args:
    -old_image="${SRC_ROOT}"
    -old_kernel="${SRC_KERNEL}"
    -old_channel="${FLAGS_src_channel}"
    -old_board="${FLAGS_src_board}"
    -old_version="${FLAGS_src_version}"
    -old_key="${FLAGS_src_key}"
    -old_build_channel="${FLAGS_src_build_channel}"
    -old_build_version="${FLAGS_src_build_version}"
  )

  # The passed chunk_size is only used for delta payload. Use delta_generator's
  # default if no value is provided.
  if [[ -n "${FLAGS_chunk_size}" ]]; then
    echo "Forcing chunk_size to ${FLAGS_chunk_size}";
    GENERATOR_ARGS+=( -chunk_size="${FLAGS_chunk_size}" )
  fi
fi

# Add partition size. Only *required* for minor_version=1.
DST_ROOT_PARTITION_SECTORS=$(gpt_part_size "${FLAGS_image}" \
  "${ROOTFS_PART_NUM}")
if [[ -n "${DST_ROOT_PARTITION_SECTORS}" ]]; then
  DST_ROOT_PARTITION_SIZE=$(( DST_ROOT_PARTITION_SECTORS * 512 ))
  echo "Using rootfs partition size: ${DST_ROOT_PARTITION_SIZE}";
  GENERATOR_ARGS+=( -rootfs_partition_size="${DST_ROOT_PARTITION_SIZE}" )
else
  echo "Using the default partition size."
fi

echo "Running delta_generator with args: ${GENERATOR_ARGS[@]}"
"${GENERATOR}" "${GENERATOR_ARGS[@]}"

if [[ -n "${FLAGS_out_payload_hash_file}" ||
      -n "${FLAGS_out_metadata_hash_file}" ]]; then
    # The out_metadata_hash_file flag requires out_hash_file flag to be set in
    # delta_generator, if the caller doesn't provide it, we set it to /dev/null.
    OUT_PAYLOAD_HASH_FILE="${FLAGS_out_payload_hash_file}"
    if [[ -z "${OUT_PAYLOAD_HASH_FILE}" ]]; then
      OUT_PAYLOAD_HASH_FILE="/dev/null"
    fi
    # The manifest - unfortunately - contain two fields called
    # signature_offset and signature_size with data about the how the
    # manifest is signed. This means we have to pass the signature
    # size used. The value 256 is the number of bytes the SHA-256 hash
    # value of the manifest signed with a 2048-bit RSA key occupies.
    "${GENERATOR}" \
        -in_file="${FLAGS_output}" \
        -signature_size=256 \
        -out_hash_file="${OUT_PAYLOAD_HASH_FILE}" \
        -out_metadata_hash_file="${FLAGS_out_metadata_hash_file}"
fi

echo "Done generating ${PAYLOAD_TYPE} update."