#! /bin/sh
# shellcheck disable=SC2317  # Don't warn about unreachable commands in this file

set -e

# adapted from '/etc/kernel/postinst.d/zz-update-grub and
# /usr/lib/kernel/install.d/90-loaderentry.install, see also
# https://kernel-team.pages.debian.net/kernel-handbook/ch-update-hooks.html



# - cleanup - gently delete all kernels not in kernel-keep-list

if command -V systemd-detect-virt >/dev/null 2>&1 &&
	systemd-detect-virt --quiet --container; then
	exit 0
fi

cleanup() {

	for mount in "${MOUNTROOT}"/* ; do
		if echo "${mount}" | grep -qE '[0-9a-fA-F]{4}-[0-9a-fA-F]{4}' && \
			mountpoint -q "${mount}"; then
			umount "${mount}" || \
			    { warn "umount of ${mount} failed - failure"; exit 0; }
		fi
	done

}

trap cleanup EXIT INT TERM QUIT

. /usr/share/proxmox-kernel-helper/scripts/functions

LOADER_TITLE="Proxmox Virtual Environment"
if [ -d /etc/pve/ ]; then
	LOADER_TITLE="Proxmox Virtual Environment"
elif [ -d /usr/share/doc/proxmox-mailgateway/ ]; then
	LOADER_TITLE="Proxmox Mailgateway"
elif [ -d /usr/share/doc/proxmox-backup/ ]; then
	LOADER_TITLE="Proxmox Backup Server"
fi

update_esps() {
	if [ ! -f "${ESP_LIST}" ]; then
	    warn "No ${ESP_LIST} found, skipping ESP sync."
	    return
	fi
	if [ -f /etc/kernel/cmdline ]; then
		# we can have cmdline files with multiple or no new line at all, handle both!
		CMDLINE=$(get_first_line /etc/kernel/cmdline)
		echo ${CMDLINE} | grep -q 'root=' || \
			{ warn "No root= parameter in /etc/kernel/cmdline found!"; exit 1; }
	else
		warn "No /etc/kernel/cmdline found - falling back to /proc/cmdline"
		# remove initrd entries
		CMDLINE="$(perl -pe 's/\binitrd=([0-9a-zA-Z\\\/.-])*\s*//g;' /proc/cmdline)"
	fi

	loop_esp_list update_esp_func
}

update_esp_func() {
	if ! (echo "${curr_uuid}" | grep -qE '[0-9a-fA-F]{4}-[0-9a-fA-F]{4}'); then
		warn "WARN: ${curr_uuid} read from ${ESP_LIST} does not look like a VFAT-UUID - skipping"
		return
	fi

	path="/dev/disk/by-uuid/$curr_uuid"
	if [ ! -e "${path}" ]; then
		warn "WARN: ${path} does not exist - clean '${ESP_LIST}'! - skipping"
		return
	fi

	mountpoint="${MOUNTROOT}/${curr_uuid}"
	mkdir -p "${mountpoint}" || \
		{ warn "creation of mountpoint ${mountpoint} failed - skipping"; return; }
	mount -t vfat -o umask=0077 "${path}" "${mountpoint}" || \
		{ warn "mount of ${path} failed - skipping"; return; }

	if [ -e "${mountpoint}/EFI/proxmox/grubx64.efi" ]; then
		grub=1
	fi
	if [ -d /sys/firmware/efi ] && [ "$grub" != 1 ]; then
		if [ ! -f "${mountpoint}/$PMX_LOADER_CONF" ]; then
			warn "${path} contains no loader.conf - skipping"
			return
		fi
		if [ ! -d "${mountpoint}/$PMX_ESP_DIR" ]; then
			warn "${path}/$PMX_ESP_DIR does not exist- skipping"
			return
		fi
	elif [ ! -d "${mountpoint}/grub" ]; then
		warn "${path} contains no grub directory - skipping"
		return
	fi
	warn "Copying and configuring kernels on ${path}"
	copy_and_config_kernels "${mountpoint}" "$grub"

	pinned_kernel=$(get_first_line "${PINNED_KERNEL_CONF}")

	if [ -e "${NEXT_BOOT_PIN}" ]; then
	    pinned_kernel=$(get_first_line "${NEXT_BOOT_PIN}")
	fi
	if [ "$grub" = 1 ]; then
		set_grub_default "${pinned_kernel}"
		remove_old_kernels_legacy "${mountpoint}"
		mount --bind "${mountpoint}" "/boot"
		update-grub
		umount /boot
	elif [ -d /sys/firmware/efi ]; then
		set_systemd_boot_default "${mountpoint}" "${pinned_kernel}"
		remove_old_kernels_efi "${mountpoint}"
	else
		set_grub_default "${pinned_kernel}"
		remove_old_kernels_legacy "${mountpoint}"
		mount --bind "${mountpoint}" "/boot"
		update-grub
		umount /boot

	fi

	umount "${mountpoint}" || \
		{ warn "umount of ${path} failed - failure"; exit 0; }

	rmdir "${mountpoint}" || true
}

copy_and_config_kernels() {
	esp="$1"
	grub="$2"

	for kver in ${BOOT_KVERS}; do

		linux_image="/boot/vmlinuz-${kver}"
		initrd="/boot/initrd.img-${kver}"

		if [ ! -f "${linux_image}" ]; then
			warn "No linux-image ${linux_image} found - skipping"
			continue
		fi
		if [ ! -f "${initrd}" ]; then
			warn "No initrd-image ${initrd} found - skipping"
			continue
		fi

		if [ -d /sys/firmware/efi ] && [ "$grub" != 1 ]; then

			warn "	Copying kernel and creating boot-entry for ${kver}"
			KERNEL_ESP_DIR="${PMX_ESP_DIR}/${kver}"
			KERNEL_LIVE_DIR="${esp}/${KERNEL_ESP_DIR}"
			mkdir -p "${KERNEL_LIVE_DIR}"
			cp --preserve=timestamps "${linux_image}" "${KERNEL_LIVE_DIR}/"
			cp --preserve=timestamps "${initrd}" "${KERNEL_LIVE_DIR}/"

			# create loader entry
			cat > "${esp}/loader/entries/proxmox-${kver}.conf" <<- EOF
				title    ${LOADER_TITLE}
				version  ${kver}
				options  ${CMDLINE}
				linux    /${KERNEL_ESP_DIR}/vmlinuz-${kver}
				initrd   /${KERNEL_ESP_DIR}/initrd.img-${kver}
			EOF
		else
			warn "	Copying kernel ${kver}"
			cp --preserve=timestamps "${linux_image}" "${esp}/"
			cp --preserve=timestamps "${initrd}" "${esp}/"
		fi
	done

}

remove_old_kernels_efi() {
	esp="$1"

	for kerneldir in "${esp}/${PMX_ESP_DIR}"/*; do
		if [ ! -d "${kerneldir}" ]; then
			warn "	${kerneldir} is not a directory - skipping"
			continue
		fi

		kver="$(echo "${kerneldir}" | sed -r "s#^${esp}/${PMX_ESP_DIR}/(.+)\$#\\1#")"

		echo "${BOOT_KVERS}" | grep -q "${kver}" && continue;
		warn "	Removing old version ${kver}"
		rm -rf "${kerneldir}"
		rm -f "${esp}/loader/entries/proxmox-${kver}.conf"
	done

}

remove_old_kernels_legacy() {
	esp="$1"

	for kernel in "${esp}/"vmlinuz-*; do
		kver="$(echo "${kernel}" | sed -r "s#^${esp}/vmlinuz-(.+)\$#\\1#")"

		echo "${BOOT_KVERS}" | grep -q "${kver}" && continue;
		warn "	Removing old version ${kver}"
		rm -rf "${esp}/vmlinuz-${kver}"
		rm -rf "${esp}/initrd.img-${kver}"
	done

}

disable_systemd_boot_hook() {

	if [ ! -f "${ESP_LIST}" ]; then
		return
	fi

	marker="# This hookfile has been disabled by proxmox-boot-tool"
	for hookfile in \
		"/etc/initramfs/post-update.d/systemd-boot" \
		"/etc/kernel/postinst.d/zz-systemd-boot" \
		"/etc/kernel/postrm.d/zz-systemd-boot" ; \
	do
		if [ -e "$hookfile" ] && ! grep -q "$marker" "$hookfile"; then
			warn "	Disabling upstream hook $hookfile"
			printf '#!/bin/sh\n\n%s\nexit 0\n' "$marker" > "$hookfile.pbt.tmp"
			cat "$hookfile" >> "$hookfile.pbt.tmp"
			mv "$hookfile.pbt.tmp" "$hookfile"
		fi
	done

}

check_grub_efi_package() {

	if [ -f "${ESP_LIST}" ]; then
		return
	fi

	if [ ! -d /sys/firmware/efi ]; then
		return
	fi

	if [ -f /usr/share/doc/grub-efi-amd64/changelog.Debian.gz ]; then
		return
	fi

	warn "System booted in EFI-mode but 'grub-efi-amd64' meta-package not installed!"
	warn "Install 'grub-efi-amd64' to get updates."
}

check_grub_efi_removable_status() {
	# not booted in EFI, no need to care about removable bootloader
	if [ ! -d /sys/firmware/efi ]; then
		return
	fi

	# no removable bootloader
	if [ ! -f "/boot/efi/EFI/BOOT/BOOTX64.efi" ]; then
		return
	fi

	debconf_value="$(debconf-show --db configdb grub-efi-amd64 grub-pc | grep 'force_efi_extra_removable')"

	# packages already set up to install a removable copy, let's trust that it works
	if echo "${debconf_value}" | grep -qE ': true$'; then
		return
	fi

	echo ""
	echo "Removable bootloader found at '/boot/efi/EFI/BOOT/BOOTX64.efi', but GRUB packages not set up to update it!"
	echo "Run the following command:"
	echo ""
	echo "echo 'grub-efi-amd64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections -v -u"
	echo ""
	echo "Then reinstall GRUB with 'apt install --reinstall grub-efi-amd64'"
	echo ""
}

set -- $DEB_MAINT_PARAMS
mode="${1#\'}"
mode="${mode%\'}"
case $0:$mode in
	# Only run on postinst configure and postrm remove, to avoid wasting
	# time by calling update-grub multiple times on upgrade and removal.
	# Also run if we have no DEB_MAINT_PARAMS, in order to work with old
	# kernel packages.
	*/postinst.d/*:|*/postinst.d/*:configure)
		reexec_in_mountns "$@"
		BOOT_KVERS="$(boot_kernel_list "$@")"
		update_esps
		disable_systemd_boot_hook
		check_grub_efi_package
		check_grub_efi_removable_status
	;;
	 */postrm.d/*:|*/postrm.d/*:remove)
		reexec_in_mountns "$@"
		# no newly installed kernel
		BOOT_KVERS="$(boot_kernel_list)"
		update_esps
		disable_systemd_boot_hook
		check_grub_efi_package
		check_grub_efi_removable_status
	;;
esac

exit 0
