#!/bin/bash

## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -x
set -e

true "INFO: Currently running script: $BASH_SOURCE $@"

MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd "$MYDIR"

## XXX: hardcoded path
source "$HOME/derivative-maker/help-steps/pre"
source "$HOME/derivative-maker/help-steps/colors"
source "$HOME/derivative-maker/help-steps/variables"

main() {
   trap "exception_handler_unchroot_unmount" ERR INT TERM

   ## Lockfile for systemcheck.
   touch "/run/package_manager_lock"

   sync

   "$dist_source_help_steps_folder/mount-raw" "$@"
   #"$dist_source_help_steps_folder/prevent-daemons-from-starting"

   dist_chroot_mount_resolv_conf="0" "$dist_source_help_steps_folder/chroot-raw" "$@"

   sync

   ## Sanity test.
   chroot_run sync

   sync

   ## Backup exiting /etc/apt/sources.list, might be useful for bare metal users.
   ## No longer required, we are no longer shipping /etc/apt/sources.list.
   #if [ -f "$CHROOT_FOLDER/etc/apt/sources.list" ]; then
      #cp --no-clobber --recursive --preserve "$CHROOT_FOLDER/etc/apt/sources.list" "$CHROOT_FOLDER/etc/apt/sources.list.backup"
      #chmod o+r -- "$CHROOT_FOLDER/etc/apt/sources.list.backup"
   #fi

   ## We have to manually fix /etc/apt/sources.list, because the list which comes with
   ## grml-debootstrap is incomplete (does not complain debian security repository) and points to 127.0.0.1.

   ## This file doesn't include the derivative's APT repository.
   cp -- "$source_code_folder_dist/packages/kicksecure/anon-apt-sources-list/etc/apt/sources.list.d/debian.sources" "$CHROOT_FOLDER/etc/apt/sources.list.d/debian.sources"
   chmod o+r -- "$CHROOT_FOLDER/etc/apt/sources.list.d/debian.sources"

   ## Not using any /etc/apt/preferences.d snippets at the moment.
   #cp "$source_code_folder_dist/packages/...todo.../etc/apt/preferences.d/"* "$CHROOT_FOLDER/etc/apt/preferences.d/"
   #chmod...

   ## Not using any important /etc/apt/apt.conf.d snippets at the moment.
   #cp "$source_code_folder_dist/packages/...todo.../etc/apt/apt.conf.d/"* "$CHROOT_FOLDER/etc/apt/apt.conf.d/"
   #chmod...

   sync

   ## Upgrade from regular repository.
   ## Out commented. Instructions leave that to the user. This is better,
   ## because this script would fail if some repository would not be reachable,
   ## such as torproject's Tor 0.2.4 apt repository.
   #chroot_run apt-get "${APTGETOPT[@]}" update
   #chroot_run apt-get "${APTGETOPT[@]}" --yes dist-upgrade

   "$dist_source_help_steps_folder/create-local-temp-apt-repo" "$@"

   ## Check if we are running on a Whonix-Gateway.
   if [ -f "/usr/share/anon-gw-base-files/gateway" ]; then
      true 'INFO: We are running on a Whonix-Gateway, setting UWT_DEV_PASSTHROUGH="0", ok.'

      ## Someone trying to update Whonix-Gateway from source code. By default,
      ## export UWT_DEV_PASSTHROUGH="1" has been set in help-steps/variables.
      ## This won't work from within an installed Whonix-Gateway, because it by
      ## design does not have functional system DNS.
      export UWT_DEV_PASSTHROUGH="0"
   fi

   ## Reading [apt repository containing snapshot.debian.org and] local repository containing Whonix's packages.
   chroot_run apt-get "${APTGETOPT[@]}" $apt_sourcelist_empty $apt_sourceparts -o APT::Get::List-Cleanup="0" update

   ## TODO: ?
#    if [ "$dist_build_flavor" = "whonix-gateway-lxqt" ]; then
#       chroot_run apt-get "${APTGETOPT[@]}" $apt_sourcelist_empty $apt_sourceparts --yes install
#    elif [ "$dist_build_flavor" = "whonix-gateway-cli" ]; then
#       chroot_run apt-get "${APTGETOPT[@]}" $apt_sourcelist_empty $apt_sourceparts --yes install
#    else
#       local MSG="${bold}${red}$BASH_SOURCE ERROR: VMNAME is neither Whonix-Gateway nor Whonix-Workstation. Please report this bug! ${reset}"
#       error "$MSG"
#    fi

   ## Upgrade Whonix Debian Packages.
   chroot_run apt-get "${APTGETOPT[@]}" $apt_sourcelist_empty $apt_sourceparts --yes dist-upgrade

   #chroot_run apt-get "${APTGETOPT[@]}" $apt_sourcelist_empty $apt_sourceparts -f install

   "$dist_source_help_steps_folder/remove-local-temp-apt-repo" "$@"

   ## Forget about local repository containing Whonix's packages.
   chroot_run apt-get --no-download --list-cleanup update

   chroot_run sync
   sync

   ## Remove lockfile for systemcheck.
   rm --force "/run/package_manager_lock"

   "$dist_source_help_steps_folder/unchroot-raw" "$@"
   #"$dist_source_help_steps_folder/unprevent-daemons-from-starting"
   "$dist_source_help_steps_folder/unmount-raw" "$@"

   sync
}

main "$@"
