#!/bin/ksh
set -e

scan_dmesg() {
	# no bsort for now
	sed -n "$1" /var/run/dmesg.boot
}

# tmpdir, do_as, unpriv, and unpriv2 are from install.sub

# Create a temporary directory based on the supplied directory name prefix.
tmpdir() {
	local _i=1 _dir

	until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
		((++_i < 10000)) || return 1
	done
	echo "$_dir"
}

# Run a command ($2+) as unprivileged user ($1).
# Take extra care that after "cmd" no "user" processes exist.
#
# Optionally:
#	- create "file" and chown it to "user"
#	- after "cmd", chown "file" back to root
#
# Usage: do_as user [-f file] cmd
do_as() {
	(( $# >= 2 )) || return

	local _file _rc _user=$1
	shift

	if [[ $1 == -f ]]; then
		_file=$2
		shift 2
	fi

	if [[ -n $_file ]]; then
		>$_file
		chown "$_user" "$_file"
	fi

	doas -u "$_user" "$@"
	_rc=$?

	while doas -u "$_user" kill -9 -1 2>/dev/null; do
		echo "Processes still running for user $_user after: $@"
		sleep 1
	done

	[[ -n $_file ]] && chown root "$_file"

	return $_rc
}

unpriv() {
	do_as _sndio "$@"
}

unpriv2() {
	do_as _file "$@"
}

# "fail" needs to be replaced with the "ask_yn" loop like in the installer.
_issue=
fail() {
	echo $_issue >&2
	exit 1
}

VNAME=$(sysctl -n kern.osrelease)
VERSION="${VNAME%.*}${VNAME#*.}"
FWDIR="$VNAME"

# TODO: We need the firmware for the system we just installed
#       not the one we booted from.  For example:
#       * booting from a snapshot bsd.rd that thinks it is the 7.0 release
#         will install the firmware from the 7.0 directory instead of
#         from the snapshots dir.
#       If they're using sysupgrade, then the installer kernel will be correct.
#       If we're doing this in the installer we can check what they picked
#       for downloading sets and use that value.
#       Otherwise, the fw_update after first boot will fix it up for us.

HTTP_FWDIR=$FWDIR
set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p")
[[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots

FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
PKGDIR=${DESTDIR}/var/db/pkg
FWPATTERNS="file:${0%/*}/firmware_patterns"

# TODO: support srclocal installation of firmware somehow
fw_update() {
	local _src=$FWURL _tmpsrc _t=Get _cfile="/tmp/SHA256" _srclocal=false
	local _f _r _remove _i _installed
	local _d _drivers=$(
		last=''
		ftp -D "Detecting" -Vmo- $FWPATTERNS |
		while read _d _m; do
			grep=grep
			[ "$last" = "$_d" ] && continue
			[ "$_m" ] || _m="^$_d[0-9][0-9]* at "
			[ "$_m" = "${_m#^}" ] && grep=fgrep
			$grep -q "$_m" /var/run/dmesg.boot || continue
			echo $_d
			last=$_d
		done
	)

	if [ -z "$_drivers" ]; then
		echo "No devices found which need firmware files to be downloaded." >&2
		return
	fi

	if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then
		(
		>$_tmpsrc/t &&
		$_unpriv cat $_tmpsrc/t
		) >/dev/null 2>&1 ||
		    rm -r $_tmpsrc
	fi

	[[ ! -d $_tmpsrc ]] &&
		_issue="Cannot create prefetch area" && fail

	# Cleanup from previous runs.
	rm -f $_cfile $_cfile.sig

	_t=Get/Verify

	! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&
	    _issue="Cannot fetch SHA256.sig" && fail

	# Verify signature file with public keys.
	! unpriv -f "$_cfile" \
	    signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&
	    _issue="Signature check of SHA256.sig failed" && fail

	for _d in $_drivers; do
		_f=$( sed -n "s/.*(\($_d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )
		_installed=$(
	        for fw in "${PKGDIR}/$_d-firmware"*; do
		        [ -e "$fw" ] || continue
		        echo ${fw##*/}
	        done
		)

		for _i in $_installed; do
			if [ "$_f" = "$_i.tgz" ]; then
				echo "Firmware for $_d already installed ($_installed)"
				continue 2
			fi
		done

		rm -f /tmp/h /tmp/fail

		# Fetch firmware file and create a checksum by piping through
		# sha256. Create a flag file in case ftp failed. Firmware
		# from net is written to the prefetch area.
		( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |
		( $_srclocal && unpriv2 sha256 -b >/tmp/h ||
		    unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )

		# Handle failed transfer.
		if [[ -f /tmp/fail ]]; then
			rm -f "$_tmpsrc/$_f"
			_issue="Fetching of $_f failed!"
			fail
		fi

		# Verify firmware by comparing its checksum with SHA256.
		if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then
			#_unver=$(rmel $_f $_unver)
			true
		else
			[[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"
			_issue="Checksum test for $_f failed."
			fail
		fi

		# TODO: Check hash for files before deleting
		if [ "$_installed" ] && [ -e "${PKGDIR}/$_installed/+CONTENTS" ]; then
			echo "Uninstalling $_installed"
			cwd=${PKGDIR}/$_installed

			set -A _remove -- "${cwd}/+CONTENTS" "${cwd}"

			while read c g; do
				case $c in
				@cwd) cwd="${DESTDIR}/$g"
				  ;;
				@*) continue
				  ;;
				*)  set -A _remove -- "$cwd/$c" "${_remove[@]}"
				  ;;
				esac
			done < "${PKGDIR}/$_installed/+CONTENTS"

			# We specifically rm -f here because not removing files/dirs
			# is probably not worth failing over.
			for _r in "${_remove[@]}" ; do
				if [ -d "$_r" ]; then
					# Try hard not to actually remove recursively
					# without rmdir on the install media.
					[ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r"
				else
					rm -f "$_r"
				fi
			done
		fi

		# TODO: Should we mark these so real fw_update can -Drepair?
		echo "Installing $_f"
		tar -zxphf "$_tmpsrc/$_f" -C "${DESTDIR}/etc" "firmware/*"
		mkdir -p ${PKGDIR}/${_f%.tgz}/
		tar -zxphf "$_tmpsrc/$_f" -C "${PKGDIR}/${_f%.tgz}" "+*"
		ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL
/^@comment pkgpath/ -1a
@option manual-installation
@option firmware
@comment install-script
.
w
EOL
	done
}

fw_update