#!/bin/bash

## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

true "$BASH_SOURCE INFO: begin"

#echo "INFO: Currently running script: $BASH_SOURCE"

## {{ Sanity Tests.

dist_build_missing_dependency() {
   error "dist_build_missing_dependency
programs_to_check_installed_item: $1

Did you install dependencies as mentioned in build documentation chapter
Host Preparation
?"
   true
}

variables_script_sanity_test() {
   local dist_build_programs_to_check_installed_list programs_to_check_installed_item
   dist_build_programs_to_check_installed_list="logname whoami dirname basename awk grep"

   for programs_to_check_installed_item in $dist_build_programs_to_check_installed_list ; do
      $SUDO_TO_ROOT command -v "$programs_to_check_installed_item" >/dev/null || dist_build_missing_dependency "$programs_to_check_installed_item"
   done
}

variables_script_sanity_test
bash -n "$BASH_SOURCE"

## }}

MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

[ -n "$user_name" ] || user_name=$(whoami) || true
[ -n "$user_name" ] || user_name="$USER"
[ -n "$user_name" ] || user_name="$(logname)" || true
[ -n "$user_name" ] || user_name="$SUDO_USER"
if [ "$user_name" = "" ]; then
   error "Variable user_name is empty."
fi
export user_name

[ -n "$SUDO_TO_ROOT" ] || SUDO_TO_ROOT="sudo --non-interactive"
[ -n "$SUDO_TO_VBOX_TEMP" ] || SUDO_TO_VBOX_TEMP="sudo --non-interactive -u dm-vbox-temp"
[ -n "$HOMEVAR_VBOX_TEMP" ] || HOMEVAR_VBOX_TEMP="/home/dm-vbox-temp"

[ -n "$HOMEVAR" ] || HOMEVAR="/home/$user_name"
export HOMEVAR
[ -n "$binary_build_folder_dist" ] || binary_build_folder_dist="$HOMEVAR/derivative-binary"
export binary_build_folder_dist

MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
[ -n "$source_code_folder_dist" ] || source_code_folder_dist="$(dirname "$MYDIR")"
export source_code_folder_dist

build_script_main="${source_code_folder_dist}/derivative-maker"

[ -n "$dist_parent_folder" ] || dist_parent_folder="$(dirname "$source_code_folder_dist")"
[ -n "$dist_developer_meta_files_folder" ] || dist_developer_meta_files_folder="${source_code_folder_dist}/packages/kicksecure/developer-meta-files"

[ -n "$dist_source_parentdir" ] || dist_source_parentdir="$(dirname "$source_code_folder_dist")"
export dist_source_parentdir

[ -n "$dist_source_help_steps_folder" ] || dist_source_help_steps_folder="${source_code_folder_dist}/help-steps"
export dist_source_help_steps_folder

[ -n "$str_replace_tool" ] || str_replace_tool="env LANG=C ${source_code_folder_dist}/packages/kicksecure/helper-scripts/usr/bin/str_replace"

cd "$source_code_folder_dist"

[ -n "$dist_aptgetopt_file" ] || dist_aptgetopt_file="$binary_build_folder_dist/30_derivative-maker.conf"
export dist_aptgetopt_file
## XXX: sudo with '--'
$SUDO_TO_ROOT rm -f "$dist_aptgetopt_file"

aptgetopt_add() {
   APTGETOPT[${#APTGETOPT[@]}]="$1"
   APTGETOPT_ALT="$APTGETOPT_ALT $1"
   if echo "$@" | grep --quiet --ignore-case "proxy" ; then
      return 0
   fi
   APTGETOPT_WITHOUT_APT_CACHE[${#APTGETOPT_WITHOUT_APT_CACHE[@]}]="$1"
}

aptgetopt_conf_add () {
   mkdir --parents "$binary_build_folder_dist/"
   echo "$1" | tee --append "$dist_aptgetopt_file" >/dev/null
}

## Avoiding "perl: warning: Setting locale failed." as suggested on
## https://wiki.ubuntu.com/DebootstrapChroot and
## https://lists.debian.org/debian-amd64/2005/08/msg00249.html.
#[ -n "$LANG" ] || LANG="C"
LANG="C"
export LANG

## Deterministic.
LC_ALL=C.UTF-8
TZ=UTC
export LC_ALL TZ

## Disable uwt while building Whonix,
## because it is not functional while building Whonix from source code.
[ -n "$UWT_DEV_PASSTHROUGH" ] || UWT_DEV_PASSTHROUGH="1"
export UWT_DEV_PASSTHROUGH

## used by mmdebstrap
## dpkg-parsechangelog (from package dpkg-dev) is not available before dependencies are installed.
if command -v dpkg-parsechangelog &>/dev/null ; then
   SOURCE_DATE_EPOCH="$(dpkg-parsechangelog -STimestamp)"
else
   true "INFO: SOURCE_DATE_EPOCH not available yet because dpkg-parsechangelog has not been installed yet."
fi

## TODO: do not export without thinking this through since also used by debhelper
export SOURCE_DATE_EPOCH

#[ -n "$DEBDEBUG" ] || export DEBDEBUG="1"

[ -n "$tpo_downloader_debug" ] || tpo_downloader_debug="1"
export tpo_downloader_debug

## {{{ dist_build_target_arch

## Default architecture.
## Assume target architecture is the same as the build system.
## Using export, so it can be read by chroot-post.d scripts.
[ -n "$dist_build_target_arch" ] || dist_build_target_arch="$(dpkg --print-architecture)"
export dist_build_target_arch

## }}}

if [ ! "$dist_build_one_parsed" = "true" ]; then
   MINUS_X_SET="0"
   test -o xtrace || { MINUS_X_SET="$?" ; true; };
   if [ "$MINUS_X_SET" = "0" ]; then
      ## -x was set
      bash -n "${source_code_folder_dist}/help-steps/parse-cmd"
      source "${source_code_folder_dist}/help-steps/parse-cmd"
      dist_build_one_parse_cmd "$@"
   else
      ## -x was not set
      bash -n "${source_code_folder_dist}/help-steps/parse-cmd"
      source "${source_code_folder_dist}/help-steps/parse-cmd"
      dist_build_one_parse_cmd "$@"
   fi
   dist_build_one_parsed="true"
   export dist_build_one_parsed
fi

## dist_build_redistributable=true is set in help-steps/dm-build-official
if [ "$dist_build_redistributable" = "true" ]; then
   ## Enable binary derivative repository by default for official builds.
   ## Same as: '--repo true'
   ## Needs to be set before parsing buildconfig.d folder / dist_build_source_config_dir function!
   build_remote_repo_enable="true"
   export build_remote_repo_enable

   ## Make sure official builds come with a downloaded browser (Tor Browser) installed by default.
   ## Fail closed by default in case of Tor Browser download issues.
   ## Same as: '--tb closed'
   anon_shared_inst_tb="closed"
   export anon_shared_inst_tb
fi

## repository-dist-initializer
repository_dist_initializer_setup() {
   [ -n "${binary_build_folder_dist}" ] || error "repository_dist_initializer_setup: variable binary_build_folder_dist missing!"
   [ -n "${CHROOT_FOLDER}" ] || error "repository_dist_initializer_setup: variable CHROOT_FOLDER missing!"

   ## Enable generation of repository-dist config file
   if [ "${build_remote_repo_enable}" = 'true' ]; then
      echo "${DERIVATIVE_APT_REPOSITORY_OPTS}" | sponge -- "${binary_build_folder_dist}/derivative_apt_repository_opts"
      $SUDO_TO_ROOT mkdir --parents "${CHROOT_FOLDER}/var/lib/repository-dist/"
      $SUDO_TO_ROOT cp "${binary_build_folder_dist}/derivative_apt_repository_opts" "${CHROOT_FOLDER}/var/lib/repository-dist/derivative_apt_repository_opts"
   else
      safe-rm -f "${binary_build_folder_dist}/derivative_apt_repository_opts"
   fi
}

export dist_build_sources_list_primary

## https://forums.whonix.org/t/kicksecure-etc-hostname-etc-hosts/10919
[ -n "$dist_build_hostname" ] || dist_build_hostname="localhost"

if [ "$dist_build_flavor" = "internalrun" ]; then
   [ -n "$dist_build_type_long" ] || dist_build_type_long="internalrun"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="internalrun"
fi

if [ "$dist_build_flavor" = "dist-installer-cli" ]; then
   [ -n "$dist_build_type_long" ] || dist_build_type_long="dist-installer-cli"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="dist-installer-cli"
fi

if [ "$dist_build_flavor" = "whonix-gateway-xfce" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Gateway"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Gateway-Xfce"
   [ -n "$VMRAM" ] || VMRAM="1280"
   [ -n "$VRAM" ] || VRAM="128"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="gateway"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="Xfce"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" non-qubes-whonix-gateway-xfce "
fi

if [ "$dist_build_flavor" = "whonix-gateway-rpi" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Gateway"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Gateway-RPi"
   [ -n "$VMRAM" ] || VMRAM="768"
   [ -n "$VRAM" ] || VRAM="16"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="gateway"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="RPi"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" whonix-gateway-rpi "
fi

if [ "$dist_build_flavor" = "whonix-gateway-cli" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Gateway"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Gateway-CLI"
   [ -n "$VMRAM" ] || VMRAM="512"
   [ -n "$VRAM" ] || VRAM="16"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="gateway"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="CLI"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" non-qubes-whonix-gateway-cli "
fi

if [ "$dist_build_flavor" = "whonix-workstation-xfce" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Workstation"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Workstation-Xfce"
   [ -n "$VMRAM" ] || VMRAM="2048"
   [ -n "$VRAM" ] || VRAM="128"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="workstation"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="Xfce"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" non-qubes-whonix-workstation-xfce "
fi

if [ "$dist_build_flavor" = "whonix-workstation-cli" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Workstation"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Workstation-CLI"
   [ -n "$VMRAM" ] || VMRAM="512"
   [ -n "$VRAM" ] || VRAM="16"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="workstation"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="CLI"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" non-qubes-whonix-workstation-cli "
fi

if [ "$dist_build_flavor" = "whonix-custom-workstation" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Custom-Workstation"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Custom-Workstation"
   [ -n "$VMRAM" ] || VMRAM="2048"
   [ -n "$VRAM" ] || VRAM="128"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="custom-workstation"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="CUSTOM"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   #[ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" none "
fi

if [ "$dist_build_flavor" = "whonix-host-cli" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Host"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Host-CLI"
   [ -n "$VMRAM" ] || VMRAM="512"
   [ -n "$VRAM" ] || VRAM="16"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="whonix-host"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="CLI"
   [ -n "$dist_build_host_operating_system" ] || dist_build_host_operating_system="true"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   error "${red}${bold}dist_build_flavor $dist_build_flavor is not implemented.${reset}"
fi

if [ "$dist_build_flavor" = "whonix-host-xfce" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Whonix-Host"
   [ -n "$VMNAME" ] || VMNAME="Whonix-Host-Xfce"
   [ -n "$VMRAM" ] || VMRAM="2048"
   [ -n "$VRAM" ] || VRAM="128"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="whonix-host"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="whonix"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="Xfce"
   [ -n "$dist_build_host_operating_system" ] || dist_build_host_operating_system="true"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="host"
   ## TODO: Do not hardcode to VirtualBox.
   [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" whonix-xfce-host-virtualbox "
fi

if [ "$dist_build_flavor" = "kicksecure-cli" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Kicksecure"
   [ -n "$VMNAME" ] || VMNAME="Kicksecure-CLI"
   [ -n "$VMRAM" ] || VMRAM="512"
   [ -n "$VRAM" ] || VRAM="16"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="kicksecure"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="CLI"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="localhost"
   if [ "$dist_build_type" = "vm" ]; then
      [ -n "$dist_build_host_operating_system" ] || dist_build_host_operating_system="false"
      [ -n "$dist_build_type_long" ] || dist_build_type_long="kicksecure"
      [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" kicksecure-cli-vm "
   elif [ "$dist_build_type" = "host" ]; then
      [ -n "$dist_build_host_operating_system" ] || dist_build_host_operating_system="true"
      [ -n "$dist_build_type_long" ] || dist_build_type_long="kicksecure-host"
      [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" kicksecure-cli-host "
   fi
fi

if [ "$dist_build_flavor" = "kicksecure-xfce" ]; then
   [ -n "$SHORT_VMNAME" ] || SHORT_VMNAME="Kicksecure"
   [ -n "$VMNAME" ] || VMNAME="Kicksecure-Xfce"
   [ -n "$VMRAM" ] || VMRAM="2048"
   [ -n "$VRAM" ] || VRAM="128"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="kicksecure"
   [ -n "$dist_build_desktop" ] || dist_build_desktop="Xfce"
   #[ -n "$dist_build_hostname" ] || dist_build_hostname="localhost"
   if [ "$dist_build_type" = "vm" ]; then
      [ -n "$dist_build_host_operating_system" ] || dist_build_host_operating_system="false"
      [ -n "$dist_build_type_long" ] || dist_build_type_long="kicksecure"
      [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" kicksecure-xfce-vm "
   elif [ "$dist_build_type" = "host" ]; then
      [ -n "$dist_build_host_operating_system" ] || dist_build_host_operating_system="true"
      [ -n "$dist_build_type_long" ] || dist_build_type_long="kicksecure-host"
      [ -n "$flavor_meta_packages_to_install" ] || flavor_meta_packages_to_install=" kicksecure-xfce-host "
   fi
fi

[ -n "$build_freedom_only" ] || build_freedom_only="false"

if echo "$dist_build_type_long" | grep --quiet "host" ; then
   if [ "$build_freedom_only" = "true" ]; then
      true "$BASH_SOURCE INFO: --freedom true, therefore omitting firmware-nonfreedom and only adding firmware-linux-free, ok."
      [ -n "$meta_package_firmware" ] || meta_package_firmware=" firmware-linux-free "
   elif [ "$build_freedom_only" = "false" ]; then
      true "$BASH_SOURCE INFO: --freedom false, therefore adding firmware-nonfreedom, ok. See also: https://www.kicksecure.com/wiki/Dev/nonfree"
      [ -n "$meta_package_firmware" ] || meta_package_firmware=" firmware-nonfreedom "
   else
      error "${red}${bold}You need to add either '--freedom true' or '--freedom false'!${reset}"
   fi
else
   [ -n "$meta_package_firmware" ] || meta_package_firmware="none"
fi

true "meta_package_firmware: $meta_package_firmware"

## derivative_name_list is used by:
## - help-steps/variables to identify valid derivative names.
## - help-steps/create-local-temp-apt-repo to create one or multiple local APT repositories.
## - help-steps/cleanup-files to clean one or multiple folders.
## - help-steps/unchroot-raw to unmount one or multiple local APT repositories.
## - buildconfig.d/30_pkg_list.conf to create a list of packages to be built.
## - buildconfig.d/25_apt_sources.conf to create a APT URIs.
## - build-steps.d/*_create-debian-packages to iterate trough one or multiple package folders.

if [ "$dist_build_internal_run" = "true" ]; then
   if [ "$VMNAME" = "" ]; then
      VMNAME="internal"
      export VMNAME
   fi
   [ -n "$derivative_name_list" ] || derivative_name_list="kicksecure whonix"
   [ -n "$dist_build_type_long" ] || dist_build_type_long="internalrun"
   [ -n "$dist_build_type_short" ] || dist_build_type_short="internalrun"
fi

export dist_build_type_long

export VMNAME VMRAM VRAM

maybe_disable_dist_build_windows_installer() {
   if [ "$dist_build_internal_run" = "true" ]; then
      true "$BASH_SOURCE INFO: dist_build_internal_run set to true, skipping $FUNCNAME, ok."
   else
      true "$BASH_SOURCE INFO: dist_build_internal_run is not set to true, therefore: dist_build_windows_installer=false"
      dist_build_windows_installer=false
   fi
}

if [ "$dist_build_type_short" = "kicksecure" ]; then
   [ -n "$derivative_name_list" ] || derivative_name_list="kicksecure"
   [ -n "$dist_build_type_short_pretty" ] || dist_build_type_short_pretty="Kicksecure"
   [ -n "$dist_server_with_upload_location_list_list" ] || dist_server_with_upload_location_list_list="kicksecure.com"
   [ -n "$project_clearnet" ] || project_clearnet="kicksecure.com"
   true "$BASH_SOURCE INFO: dist_build_type_short is 'kicksecure'. Build Whonix Windows Installer only for Whonix Xfce for VirtualBox. Therefore: maybe_disable_dist_build_windows_installer"
   maybe_disable_dist_build_windows_installer
elif [ "$dist_build_type_short" = "whonix" ]; then
   [ -n "$derivative_name_list" ] || derivative_name_list="kicksecure whonix"
   [ -n "$dist_build_type_short_pretty" ] || dist_build_type_short_pretty="Whonix"
   [ -n "$dist_server_with_upload_location_list_list" ] || dist_server_with_upload_location_list_list="whonix.org"
   [ -n "$project_clearnet" ] || project_clearnet="whonix.org"
elif [ "$dist_build_type_short" = "dist-installer-cli" ]; then
   [ -n "$derivative_name_list" ] || derivative_name_list="kicksecure whonix"
   [ -n "$dist_build_type_short_pretty" ] || dist_build_type_short_pretty="dist-installer-cli"
   ## XXX: Does not support lists.
   # -n "$dist_server_with_upload_location_list_list" ] || dist_server_with_upload_location_list_list="kicksecure.com whonix.org"
   [ -n "$project_clearnet" ] || project_clearnet="kicksecure.com"
   true "$BASH_SOURCE INFO: dist_build_type_short is 'dist-installer-cli'. Build Whonix Windows Installer only for Whonix Xfce for VirtualBox. Therefore: maybe_disable_dist_build_windows_installer"
   maybe_disable_dist_build_windows_installer
   VMNAME=dist-installer-cli
elif [ "$dist_build_type_short" = "internalrun" ]; then
   true
else
   error "unknown dist_build_type_short!"
fi

## example dist_build_desktop_lowercase:
## xfce
[ -n "$dist_build_desktop_lowercase" ] || dist_build_desktop_lowercase=$(echo "$dist_build_desktop" | tr '[:upper:]' '[:lower:]')

if [ ! "$dist_build_desktop_lowercase" = "xfce" ] ; then
   true "$BASH_SOURCE INFO: dist_build_desktop_lowercase is '$dist_build_desktop_lowercase'. Not 'xfce'. Build Whonix Windows Installer only for Whonix Xfce for VirtualBox. Therefore: maybe_disable_dist_build_windows_installer"
   maybe_disable_dist_build_windows_installer
fi

## {{{ initramfs

## binutils dmsetup:
## https://packages.debian.org/bullseye/dmsetup lists 'Recommends:' which
## are actually required for a functional boot process.
## pigz: maybe not required but useful.
[ -n "$BUILD_INITRAMFS_DRACUT" ] || BUILD_INITRAMFS_DRACUT="dracut dracut-live dracut-config-generic dracut-config-rescue binutils dmsetup pigz"

[ -n "$BUILD_INITRAMFS_INITRAMFSTOOLS" ] || BUILD_INITRAMFS_INITRAMFSTOOLS="initramfs-tools"

[ -n "$BUILD_INITRAMFS_PKGS" ] || BUILD_INITRAMFS_PKGS="$BUILD_INITRAMFS_DRACUT"

if echo "$BUILD_INITRAMFS_PKGS" | grep --quiet "dracut" ; then
   ## INITRD_GENERATOR_OPTS gets read by grml-debootstrap and passed to dracut and is also
   ## read by build-steps.d/*_install-packages
   ##
   ## Worked but issue:
   ## https://forums.kicksecure.com/t/iso-error-message-during-boot-mount-sysroot-special-device-liveos-rootfs-does-not-exist/418
   [ -n "$INITRD_GENERATOR_OPTS" ] || INITRD_GENERATOR_OPTS='--add dmsquash-live --add overlayfs --add bash'
   export INITRD_GENERATOR_OPTS
fi

true "${cyan}$BASH_SOURCE INFO: BUILD_INITRAMFS_PKGS (--initramfs): $BUILD_INITRAMFS_PKGS${reset}"

## }}}

## vmsize 100 GB does not matter because grml-debootstrap creates sparse files,
## i.e. only space, which gets actually filled up, will take disk space.

if [ "$build_dry_run" = "true" ]; then
   [ -n "$VMSIZE" ] || VMSIZE="1M"
fi
[ -n "$VMSIZE" ] || VMSIZE="100G"
export VMSIZE

## Disk identifier for grml-debootstrap.
## https://github.com/grml/grml-debootstrap/pull/28
[ -n "$DISK_IDENTIFIER" ] || DISK_IDENTIFIER='26ada0c0-1165-4098-884d-aafd2220c2c6'
export DISK_IDENTIFIER

if [ "$dist_build_install_to_root" = "true" ]; then
   [ -n "$CHROOT_FOLDER" ] || CHROOT_FOLDER=""
else
   [ -n "$CHROOT_FOLDER" ] || CHROOT_FOLDER="$binary_build_folder_dist/${VMNAME}_image"
fi
export CHROOT_FOLDER

true "$BASH_SOURCE INFO: CHROOT_FOLDER: $CHROOT_FOLDER"

if [ "$VMNAME" = "unknown" ]; then
   true "variables ERROR: VMNAME is unknown. Please report this bug!"
   exit 1
fi

if [ "$dist_build_internal_run" = "true" ]; then
   true "$BASH_SOURCE INFO: Internal run."
else
   true "$BASH_SOURCE INFO: VMNAME is $VMNAME"
fi

if [ "$VMNAME" = "" ]; then
   MSG="${red}${bold}variables ERROR: VMNAME is empty! Please report this bug!${reset}"
   echo "$MSG"
   error "$MSG"
fi

[ -n "$XZ_OPT" ] || XZ_OPT="--threads=8"
export XZ_OPT

if [ "$dist_build_unsafe_io" = "true" ]; then
   eatmydata_install="true"
   aptgetopt_add "-o Dpkg::Options::=--force-unsafe-io"
   aptgetopt_conf_add "Dpkg::Options:: \"--force-unsafe-io\";"
   libeatmydata_file=/usr/lib/*-linux-gnu/libeatmydata.so
   if test -f "$libeatmydata_file" ; then
      true "INFO: eatmydata installed, preloading."
      if [ -z "$LD_PRELOAD" ]; then
         LD_PRELOAD="$libeatmydata_file"
      else
         LD_PRELOAD="${LD_PRELOAD}:${libeatmydata_file}"
      fi
      export LD_PRELOAD
      SUDO_TO_ROOT="$SUDO_TO_ROOT LD_PRELOAD=$LD_PRELOAD"
   else
      true "INFO: eatmydata not yet installed, not yet preloading."
   fi
   sync() {
      true "$FUNCNAME: Not running $FUNCNAME, because using '--unsafe-io true'."
   }
fi

## use apt-cacher-ng by default
## required for --connection clearnet
## for build_sources apt-cacher-ng http://HTTPS///
[ -n "$REPO_PROXY" ] || REPO_PROXY="http://127.0.0.1:3142"

if [ -n "${REPO_PROXY}" ]; then
   ## apt parameters must be without quotes
   ## apt parameters must be without equals sign
   ## apt parameters must be without colon sign
   ## apt config file must be with quotes
   ## apt config file must be without equals sign
   ## apt config file must be trailing colon sign

   aptgetopt_add "-o Acquire::http::Proxy=${REPO_PROXY}"
   aptgetopt_conf_add "Acquire::http::Proxy \"${REPO_PROXY}\";"

   aptgetopt_add "-o Acquire::https::Proxy=${REPO_PROXY}"
   aptgetopt_conf_add "Acquire::https::Proxy \"${REPO_PROXY}\";"

   aptgetopt_add "-o Acquire::tor::Proxy=${REPO_PROXY}"
   aptgetopt_conf_add "Acquire::tor::Proxy \"${REPO_PROXY}\";"

   DEBOOTSTRAP_PREFIX+=" env http_proxy=${REPO_PROXY} https_proxy=${REPO_PROXY} ALL_PROXY=${REPO_PROXY}"
   COWBUILDER_PREFIX+=" env http_proxy=${REPO_PROXY} https_proxy=${REPO_PROXY} ALL_PROXY=${REPO_PROXY}"
   LIVEBUILD_PREFIX+=" env http_proxy=${REPO_PROXY} https_proxy=${REPO_PROXY} ALL_PROXY=${REPO_PROXY}"
fi

## Export COWBUILDER_PREFIX so it is available in make-helper.bsh.
export COWBUILDER_PREFIX

chroot_env_vars_var_remove_item="
   TEMP
   TEMPDIR
   TMP
   TMPDIR
"

for chroot_env_vars_var_remove_item in $chroot_env_vars_var_remove_item ; do
   if [ "$chroot_env_vars_var_remove_item" = "" ]; then
      true "INFO: variable $chroot_env_vars_var_remove_item is empty."
      continue
   fi
   if [ "$chroot_remove_env_list" = "" ]; then
      chroot_remove_env_list="--unset $chroot_env_vars_var_remove_item"
   else
      chroot_remove_env_list+=" --unset $chroot_env_vars_var_remove_item"
   fi
done

if [ "$dist_build_install_to_root" = "true" ]; then
   if [ "$CHROOT" = "" ]; then
      CHROOT=""
   fi
else
   [ -n "$CHROOT" ] || CHROOT="env $chroot_remove_env_list chroot $CHROOT_FOLDER"
   #[ -n "$CHROOT" ] || CHROOT="env $chroot_remove_env_list systemd-nspawn --directory=$CHROOT_FOLDER"
fi

if [ "$no_git" = "1" ]; then
   [ -n "$git_bin" ] || git_bin="true"
else
   [ -n "$git_bin" ] || git_bin="git"
fi

## Otherwise errors out because there is a folder grml-debootstarp in the root source folder.
## Cannot use `which grml-debootstrap` because that would fail before grml-debootstrap gets installed.
#[ -n "$dist_build_grml_bin" ] || dist_build_grml_bin="$(which grml-debootstrap)"
[ -n "$dist_build_grml_bin" ] || dist_build_grml_bin="/usr/sbin/grml-debootstrap"

[ -n "$rsync_cmd" ] || rsync_cmd="rsync"

if [ "$rsync_opts" = "" ]; then
   rsync_opts="\
   --links \
   --hard-links \
   --safe-links \
   --owner \
   --group \
   --chown=root:www-data \
   --chmod=uog+r \
   --times \
   --sparse \
   --partial \
   --progress \
   --verbose"
fi

# if [ "$build_dry_run" = "true" ]; then
#    rsync_opts="$rsync_opts --dry-run"
# fi

## TODO: auto retry function error handler trap lacks variables
## such as variable APTGETOPT.
## Would miss out on security related APT configuration options:
## apt-get --error-on=any / -o APT::Update::Error-Mode=any
[ -n "$dist_build_auto_retry" ] || dist_build_auto_retry="0"

[ -n "$dist_build_wait_auto_retry" ] || dist_build_wait_auto_retry="5"

## Sanity Test.
command -v "$git_bin" >/dev/null

[ -n "$DEB_INSTALL_FOLDER" ] || DEB_INSTALL_FOLDER="mnt/initialdeb"
export DEB_INSTALL_FOLDER

[ -n "$EMPTY_DIR" ] || EMPTY_DIR="/tmp/empty"
export EMPTY_DIR

[ -n "$derivative_maker" ] || derivative_maker=true
export derivative_maker

## {{{ dist_build_on_operating_system

if [ "$dist_build_on_operating_system_detect_skip" = "1" ]; then
   true "Probably run by prepare-build-machine script. lsb_release may not yet installed. Skipping setting dist_build_on_operating_system."
else
   ## Let's find out on which host operating system the build script is running.
   [ -n "$dist_build_on_operating_system" ] || dist_build_on_operating_system="$(lsb_release --short --i)"
   ## Converting dist_build_on_operating_system to lower case to make later if comparison easier.
   dist_build_on_operating_system="${dist_build_on_operating_system,,}"
   ## Example dist_build_on_operating_system: debian
   ## Example dist_build_on_operating_system: ubuntu
   ## XXX
   if [ "$dist_build_on_operating_system" = "whonix" ]; then
      dist_build_on_operating_system="debian"
   fi
fi

## }}}

## {{{ dist_build_current_git_head

[ -n "$dist_build_current_git_head" ] || dist_build_current_git_head="$($git_bin rev-parse HEAD)"

#echo "dist_build_current_git_head: $dist_build_current_git_head"

## }}}

## {{{ dist_build_version

## --always because travis-ci does not fetch tags.
temp="$($git_bin describe --always --abbrev=1000000000)"
## Examples temp:
## 10-13-g20e1b49ff27053784e3e9e163dfd4c98dced73f5
## 10.0.0.0.3-13-g20e1b49ff27053784e3e9e163dfd4c98dced73f5-developers-only

if [ "$dist_build_version" = "" ]; then
   dist_build_version="$temp"
   dist_build_version="$(echo "$dist_build_version" | sed "s|-developers-only||g")"
   dist_build_version="$(echo "$dist_build_version" | sed "s|-testers-only||g")"
   dist_build_version="$(echo "$dist_build_version" | sed "s|-stable||g")"
   true "${cyan}INFO: Variable dist_build_version was unset. Auto detected. Set to: dist_build_version=${dist_build_version}${reset}"
else
   true "${cyan}INFO: Variable dist_build_version was already set to: dist_build_version=${dist_build_version}${reset}"
fi
unset temp

## Using `export`, so 70_log_build_version can read it.
export dist_build_version

## Example dist_build_version:
## 10.0.0.0.3-13-g20e1b49ff27053784e3e9e163dfd4c98dced73f5

## }}}

set_default_variable() {
    local var_name var_content
    var_name="$1"
    var_content="$2"

    # Check if the variable is set and not empty
    if [ -z "${!var_name}" ]; then
        eval "$var_name='$var_content'"
    fi
}

if [ "${dist_build_source_archive}" = "true" ]; then
    set_default_variable dist_unified_name "derivative-maker-source"
elif [ "$dist_build_type_short" = "kicksecure" ]; then
    set_default_variable dist_unified_name "Kicksecure-${dist_build_desktop}"
elif [ "$dist_build_type_short" = "whonix" ]; then
    set_default_variable dist_unified_name "Whonix-${dist_build_desktop}"
fi

set_default_variable dist_binary_build_folder "${binary_build_folder_dist}/${dist_build_version}"

set_default_variable binary_image_raw_file "${dist_binary_build_folder}/${VMNAME}-${dist_build_version}.${target_architecture_pretty_name}.raw"
set_default_variable binary_image_qcow2_file "${dist_binary_build_folder}/${VMNAME}-${dist_build_version}.${target_architecture_pretty_name}.qcow2"
set_default_variable binary_image_ova_file "${dist_binary_build_folder}/${dist_unified_name}-${dist_build_version}.${target_architecture_pretty_name}.ova"
set_default_variable binary_image_iso_file "${dist_binary_build_folder}/${VMNAME}-${dist_build_version}.${target_architecture_pretty_name}.iso"
set_default_variable binary_image_windows_installer_file "${dist_binary_build_folder}/${dist_unified_name}.exe"
set_default_variable libvirt_target_raw_xz_archive_file "${dist_binary_build_folder}/${dist_unified_name}-${dist_build_version}.${target_architecture_pretty_name}.raw.libvirt.xz"
set_default_variable libvirt_target_qcow2_xz_archive_file "${dist_binary_build_folder}/${dist_unified_name}-${dist_build_version}.${target_architecture_pretty_name}.qcow2.libvirt.xz"
set_default_variable source_archive_xz_file "${dist_binary_build_folder}/${dist_unified_name}-${dist_build_version}.${target_architecture_pretty_name}.xz"

set_default_variable binary_image_text "${dist_binary_build_folder}/${VMNAME}-${dist_build_version}.text"

set_default_variable binary_image_installer_dist_source "${source_code_folder_dist}/packages/kicksecure/usability-misc/usr/share/usability-misc/dist-installer-cli-standalone"
set_default_variable binary_image_installer_dist_file "${dist_binary_build_folder}/dist-installer-cli"

set_default_variable libvirt_source_kvm_file "${source_code_folder_dist}/packages/kicksecure/libvirt-dist/usr/share/libvirt-dist/xml/${SHORT_VMNAME}.xml"
set_default_variable libvirt_target_kvm_file "${dist_binary_build_folder}/${SHORT_VMNAME}.xml"

set_default_variable source_utm_file "${source_code_folder_dist}/packages/kicksecure/libvirt-dist/usr/share/utm/${SHORT_VMNAME}.plist.template"
set_default_variable binary_image_utm_folder "${dist_binary_build_folder}/${VMNAME}.utm"

set_default_variable libvirt_source_network_file_external "${source_code_folder_dist}/packages/kicksecure/libvirt-dist/usr/share/libvirt-dist/xml/Whonix-External.xml"
set_default_variable libvirt_target_network_file_external "${dist_binary_build_folder}/Whonix_external_network.xml"

set_default_variable libvirt_source_network_file_internal "${source_code_folder_dist}/packages/kicksecure/libvirt-dist/usr/share/libvirt-dist/xml/Whonix-Internal.xml"
set_default_variable libvirt_target_network_file_internal "${dist_binary_build_folder}/Whonix_internal_network.xml"

# TODO: broken
set_default_variable copy_vms_into_raw_file_one "${dist_binary_build_folder}/Whonix-Gateway-${dist_build_desktop}-${dist_build_version}.qcow2"
set_default_variable copy_vms_into_raw_file_two "${dist_binary_build_folder}/Whonix-Workstation-${dist_build_desktop}-${dist_build_version}.qcow2"

## Sanity test. dm-prepare-release uses 'rm --force --recursive'.
## XXX: hardcoded derivative-binary
if ! echo "$dist_binary_build_folder" | grep --quiet --fixed-strings -- "derivative-binary" ; then
   echo "$0: FAIL: wrong folder: dist_binary_build_folder: $dist_binary_build_folder"
   exit 1
fi

mkdir --parents "${dist_binary_build_folder}"

## {{{

## proper whitespace handling
## https://www.whonix.org/wiki/Dev/bash
unset dist_build_files_to_upload
declare -a dist_build_files_to_upload

if [ "$dist_build_virtualbox" = "true" ]; then
   [ -n "$ssh_uploader_account" ] || ssh_uploader_account="root"
   [ -n "$dist_server_with_upload_location_list" ] || dist_server_with_upload_location_list="${ssh_uploader_account}@${dist_server_with_upload_location_list_list}:/var/rsync/ova"

   dist_build_files_to_upload+=("$binary_image_ova_file")
fi

if [ "$dist_build_iso" = "true" ]; then
   [ -n "$ssh_uploader_account" ] || ssh_uploader_account="root"
   [ -n "$dist_server_with_upload_location_list" ] || dist_server_with_upload_location_list="${ssh_uploader_account}@${dist_server_with_upload_location_list_list}:/var/rsync/iso"

   dist_build_files_to_upload+=("$binary_image_iso_file")
fi

if [ "$dist_build_qcow2" = "true" ]; then
   #[ -n "$ssh_uploader_account" ] || ssh_uploader_account="hulahoop"
   [ -n "$ssh_uploader_account" ] || ssh_uploader_account="root"
   [ -n "$dist_server_with_upload_location_list" ] || dist_server_with_upload_location_list="${ssh_uploader_account}@${dist_server_with_upload_location_list_list}:/var/rsync/libvirt"

   dist_build_files_to_upload+=("$libvirt_target_qcow2_xz_archive_file")
fi

if [ "$dist_build_installer_dist" = "true" ]; then
   [ -n "$ssh_uploader_account" ] || ssh_uploader_account="root"
   [ -n "$dist_server_with_upload_location_list" ] || dist_server_with_upload_location_list="
${ssh_uploader_account}@kicksecure.com:/var/rsync/dist-installer-cli
${ssh_uploader_account}@whonix.org:/var/rsync/dist-installer-cli
"

   dist_build_files_to_upload+=("$binary_image_installer_dist_file")
fi

if [ "$dist_build_windows_installer" = "true" ]; then
   [ -n "$ssh_uploader_account" ] || ssh_uploader_account="root"
   [ -n "$dist_server_with_upload_location_list" ] || dist_server_with_upload_location_list="${ssh_uploader_account}@${dist_server_with_upload_location_list_list}:/var/rsync/windows"

   dist_build_files_to_upload+=("$binary_image_windows_installer_file")
fi

if [ "$dist_build_source_archive" = "true" ]; then
   [ -n "$ssh_uploader_account" ] || ssh_uploader_account="root"
   [ -n "$dist_server_with_upload_location_list" ] || dist_server_with_upload_location_list="${ssh_uploader_account}@${dist_server_with_upload_location_list_list}:/var/rsync/source"

   dist_build_files_to_upload+=("$source_archive_xz_file")
fi

## }}}

## {{{ buildconfig.d

[ -n "$dist_build_config_dirs" ] || dist_build_config_dirs="${source_code_folder_dist}/buildconfig.d /etc/buildconfig-dist.d ../buildconfig.d"

dist_build_source_config_dir() {
   true "${cyan}INFO: Checking if dist_build_config_dir $dist_build_config_dir exists...${reset}"
   if [ -d "$1" ]; then
      true "${cyan}INFO: Parsing $1...${reset}"
      shopt -s nullglob
      local i
      for i in "$1/"*".conf"; do
         bash -n "$i"
         source "$i"
      done
   else
      true "${cyan}INFO: Skipping $1 because it does not exist.${reset}"
   fi
}

for dist_build_config_dir in $dist_build_config_dirs; do
   dist_build_source_config_dir "$dist_build_config_dir"
done

if [ ! "$dist_build_custom_config_dir" = "" ]; then
   dist_build_source_config_dir "$dist_build_custom_config_dir"
fi

if [ ! "$dist_build_conf_file" = "" ]; then
   if [ -f "$dist_build_conf_file" ]; then
      bash -n "$dist_build_conf_file"
      source "$dist_build_conf_file"
   fi
fi

## }}}

export make_use_lintian
export genmkfile_make_cmd
export make_use_cowbuilder

[ -n "$gpg_bin" ] || gpg_bin="gpg"
#[ -n "$gpg_bin" ] || gpg_bin="qubes-gpg-client-wrapper"

[ -n "$signify_folder" ] || signify_folder="/home/$user_name/.signify"
[ -n "$signify_private_key" ] || signify_private_key="$signify_folder/keyname.sec"
[ -n "$signify_public_key" ] || signify_public_key="$signify_folder/keyname.pub"

## {{{ fallback variables for debchange (dch), dpkg-buildpackage and debuild

## 'dpkg-source --require-valid-signature' does not support the GNUPGHOME
## environment variable. Hence, hardcoding to the default folder. Otherwise
## genmkfile would break at 'dpkg-source --require-valid-signature'.
[ -n "$dist_local_signing_key_folder" ] || dist_local_signing_key_folder=~/.gnupg
[ -n "$dist_build_reprepro_signing_options" ] || dist_build_reprepro_signing_options="--gnupghome $dist_local_signing_key_folder"
[ -n "$GNUPGHOME" ] ||  GNUPGHOME="$dist_local_signing_key_folder"

## see: man debchange
[ -n "$DEBFULLNAME" ] || DEBFULLNAME="derivative distribution auto generated local APT signing key"
export DEBFULLNAME

[ -n "$DEBEMAIL" ] || DEBEMAIL="derivative-distribution@local-signing.key"
export DEBEMAIL

signing_gpg_key_fingerprint_function() {
   ## Unfortunately there is no simple way to get the fingerprint for a key id (e-mail address)
   ## using gpg command line.
   ## https://unix.stackexchange.com/questions/743982/how-to-use-grep-to-get-the-gpg-key-fingerprint-values
   ## Overwriting with '|| true' because a signing key might not have been created by the time
   ## this script is sourced. Sanity testing is done outside help-steps/variables.
   signing_gpg_key_fingerprint=$(gpg --list-secret-keys --keyid-format 0xlong --with-colons "$DEBEMAIL" 2>/dev/null | awk -F: '$1 == "fpr" || $1 == "fp2" {print $10}' | head -1) || true
}

if [ "$DEBSIGN_KEYID" = "" ]; then
   ## sets: signing_gpg_key_fingerprint
   signing_gpg_key_fingerprint_function
   export DEBSIGN_KEYID="$signing_gpg_key_fingerprint"
fi

## Not a duplicate. Useful for lkrg "dpkg-buildpackage -us -uc -ui -sa" since
## it its debian/changelog file is created by a different author.
export DEB_SIGN_KEYID="$DEBSIGN_KEYID"

export make_debsign_opts="-k$DEBSIGN_KEYID"

## For whatever it may be worth.
## https://forums.whonix.org/t/end-to-end-signed-debs-debsign-debsig-and-dpkg-sig
[ -n "$make_use_debsign" ] || make_use_debsign="true"
export make_use_debsign

## }}}

## {{{ apt repository variables

[ -n "$dist_build_apt_codename" ] || dist_build_apt_codename="local"
export dist_build_apt_codename
## developer local setting in buildconfig.d folder / dist_build_source_config_dir function:
## export dist_build_apt_codename="bookworm-developers"

## }}}

## {{{ reprepro variables

set_dist_build_reprepro_folder_options() {
   ## derivative_repository_name gets set by packages/kicksecure/genmkfile/usr/share/genmkfile/make-helper-one.bsh
   true "derivative_repository_name: $derivative_repository_name"
   true "make_reprepro_codename_item: $make_reprepro_codename_item"
   if [ "$derivative_repository_name" = "" ]; then
      error "derivative_repository_name is empty!"
   fi

   for derivative_name_item in $derivative_name_list ; do
      if [ "$derivative_repository_name" = "$derivative_name_item" ]; then
         valid_repository_name=true
         break
      fi
   done

   if [ ! "$valid_repository_name" = "true" ]; then
      error "derivative_repository_name '$derivative_repository_name' is invalid! (not in derivative_name_list)"
   fi

   [[ -v make_reprepro_codename_item ]] || make_reprepro_codename_item="$dist_build_apt_codename"

   if [ ! "$make_reprepro_codename_item" = "local" ]; then
      apt_repo_sub_folder="aptrepo_remote/$derivative_repository_name"
   else
      apt_repo_sub_folder="aptrepo_local/$derivative_repository_name"
   fi

   dist_apt_repository_folder="$binary_build_folder_dist/$apt_repo_sub_folder"
   export dist_apt_repository_folder

   dist_build_reprepro_folder_options="\
      --basedir ${source_code_folder_dist}/$apt_repo_sub_folder \
      --outdir $binary_build_folder_dist/$apt_repo_sub_folder \
      --dbdir $binary_build_folder_dist/$apt_repo_sub_folder/db \
      --logdir $binary_build_folder_dist/$apt_repo_sub_folder/log"
   export dist_build_reprepro_folder_options
}

## }}}

[ -n "$host_architecture" ] || host_architecture="$(dpkg --print-architecture)"
export host_architecture

[ -n "$make_cross_build_platform_list" ] || make_cross_build_platform_list="$dist_build_target_arch"
#[ -n "$make_cross_build_platform_list" ] || make_cross_build_platform_list="i386 amd64"
export make_cross_build_platform_list

set_cowbuilder_folders() {
   ## TODO: change that folder
   cow_folder="/var/cache/pbuilder/cow.cow_${dist_build_multiarch_package_item}"
   base_folder="/var/cache/pbuilder/base.cow_${dist_build_multiarch_package_item}"
}

[ -n "$dist_build_file_system" ] || dist_build_file_system="ext4"

dist_build_debopt+=" --verbose "

for grml_package_item in $(grep --invert-match "#" "${source_code_folder_dist}/grml_packages") ; do
   if [ "locales" = "$grml_package" ]; then
      ## XXX: Workaround for:
      ## https://github.com/grml/grml-debootstrap/issues/48
      continue
   fi
   grim_package_list+="$grml_package_item"
   grim_package_list+=","
done

if [ "$grim_package_list" = "" ]; then
   true "INFO: grml_package_list is empty, ok."
else
   dist_build_debopt+=" --include=$grim_package_list"
   ## Remove trailing ','.
   dist_build_debopt="${dist_build_debopt::-1}"
fi

true "INFO: dist_build_debopt: $dist_build_debopt"

## cowbuilder (which internally uses pbuilder).
dist_build_pbuilder_chroot_script="$dist_source_help_steps_folder/pbuilder-chroot-script"

dist_build_pbuilder_config_name="pbuilder.conf"
dist_build_pbuilder_config_file="$binary_build_folder_dist/$dist_build_pbuilder_config_name"
export dist_build_pbuilder_config_name
## export so it can be read by genmkfile
export dist_build_pbuilder_config_file

make_cowbuilder_dist_folder="$binary_build_folder_dist/genmkfile-packages-result"
export make_cowbuilder_dist_folder

$SUDO_TO_ROOT rm --force "$dist_build_pbuilder_config_file"
mkdir --parents "$binary_build_folder_dist"
mkdir --parents "$make_cowbuilder_dist_folder"

echo "\
## This is an auto generated file.
## Auto generated by $dist_source_help_steps_folder/$BASH_SOURCE.
## Edits will be lost!

## Debugging.
#set -x

APTGETOPT[\${#APTGETOPT[@]}]=\"${APTGETOPT[@]}\"

APTGETOPT[\${#APTGETOPT[@]}]=\"-o Acquire::BlockDotOnion=false\"

export dist_aptgetopt_file

## making pbuilder /usr/lib/pbuilder/pbuilder-createbuildenv work with mmdebstrap.
## so it can be read by help-steps/pbuilder-debootstrap-command-filter
export BUILDPLACE

## Debugging.
true \"APTGETOPT: \${APTGETOPT[@]}\"
true \"BUILDPLACE: \$BUILDPLACE\"
true \"dist_aptgetopt_file: \$dist_aptgetopt_file\"

APTCACHEHARDLINK=no

## E: Cross building is possible only with the APT dependency resolver
PBUILDERSATISFYDEPENDSCMD=/usr/lib/pbuilder/pbuilder-satisfydepends-apt

## End of $dist_build_pbuilder_config_file.
" | \
   tee "$dist_build_pbuilder_config_file" >/dev/null

#cat "$dist_build_pbuilder_config_file"

## Cannot export bash array.
export APTGETOPT

export APTGETOPT_ALT

## It depends on the order in which tb-updater is installed if
## update-torbrowser should or should not use temporarily reset
## anon-ws-dnf-conf.
tb_disable_anon_ws_dnf_conf=false
export tb_disable_anon_ws_dnf_conf

## {{{ SKIP_SCRIPTS

## Would be nicer to have this in the 'pre' script, but the 'variables' script
## runs after 'pre' to provide pretty color functions.
own_filename="$(basename "$0")"
for skip_script in $SKIP_SCRIPTS; do
   if matched_word=$(echo "$own_filename" | grep "$skip_script") ; then
      unset skip_script
      echo "${bold}${green}$BASH_SOURCE INFO: Skipping $own_filename, because SKIP_SCRIPTS matches it. matched_word: '$matched_word'${reset}"
      exit 0
   fi
done
unset skip_script

## }}}

true "INFO: LD_PRELOAD: $LD_PRELOAD"

env_vars_keep_list="
   tbb_version
   tb_onion
   tpo_downloader_debug
   tb_disable_anon_ws_dnf_conf
   anon_shared_inst_tb
   SKIP_SCRIPTS
   SOURCE_DATE_EPOCH
   dist_aptgetopt_file
   dist_build_sources_list_primary
   dist_mmdebstrap_build_sources_list_primary
   dist_build_sources_list_primary_contents
   dist_build_apt_sources_mirror
   dist_build_apt_stable_release
   dist_build_target_arch
   dist_grml_mount_point
   dist_source_help_steps_folder
   dist_build_multiarch_package_item
   dist_build_unsafe_io
   dist_build_version
   derivative_maker
   user_name
   LD_PRELOAD
   LANG
   LC_ALL
   TZ
   DEBDEBUG
   XZ_OPT
   REPO_PROXY
   APTGETOPT
   apt_unattended_opts
   DERIVATIVE_APT_REPOSITORY_OPTS
   DEBOOTSTRAP
   http_proxy
   https_proxy
   ALL_PROXY
   DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND
   INITRD
"
## TODO:
## UWT_DEV_PASSTHROUGH

true "INFO: Environment variables that will be passed..."

for env_vars_var_keep_item in $env_vars_keep_list ; do
   if [ "$sudo_preserve_env_list" = "" ]; then
      sudo_preserve_env_list="$env_vars_var_keep_item"
   else
      sudo_preserve_env_list+=",$env_vars_var_keep_item"
   fi
done

SUDO_TO_ROOT+=" "
SUDO_TO_ROOT+="--preserve-env=$sudo_preserve_env_list"

## XXX: Not possible because some scripts use extra sudo arguments such as "--preserve-env".
#SUDO_TO_ROOT+=" "
#SUDO_TO_ROOT+="--"

#echo "INFO: SUDO_TO_ROOT:"
#echo "${cyan}$SUDO_TO_ROOT${reset}"

## Development.
#set -x
#declare -p | awk '{print $3}' | sort > ~/varnames
#exit

if [ "$xtrace_was_set" = "true" ]; then
   echo "$BASH_SOURCE INFO: xtrace_was_set=true - Therefore re-enable xtrace. (set -x)"
   set -x
fi
true "$BASH_SOURCE INFO: End of script, ok."
