#!/bin/sh
#
# kas - setup tool for bitbake based projects
#
# Copyright (c) Siemens AG, 2017-2023
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

# kas-isar: sudo update-binfmts --enable && [ -f /proc/sys/fs/binfmt_misc/status ]

chown_managed_dirs()
{
	for DIR in /build /work /sstate /downloads /repo-ref; do
		if [ -d "$DIR" ]; then
			chown "$1":"$2" "$DIR"
		fi
	done

	# SSH Directory Permissions
	if [ -d "/builder/.ssh" ]; then
		chown -R "$1":"$2" "/builder/.ssh"
	fi
}

restore_managed_dirs_owner()
{
	chown_managed_dirs 0 0
}

if mount | grep -q "on / type aufs"; then
    cat <<EOF >&2
WARNING: Generation of wic images will fail!

Your docker host setup uses broken aufs as storage driver. Adjust the docker
configuration to use a different driver (overlay, overlay2, devicemapper). You
may also need to update the host distribution (e.g. Debian Jessie -> Stretch).

EOF
fi

if [ -z "$USER_ID" ] || [ "$USER_ID" = 0 ]; then
	# Not a kas-container call, or we shall run everything as root
	GOSU=""
else
	GROUP_ID=${GROUP_ID:-$(id -g)}

	groupmod -o --gid "$GROUP_ID" builder
	usermod -o --uid "$USER_ID" --gid "$GROUP_ID" builder >/dev/null
	chown -R "$USER_ID":"$GROUP_ID" /builder
	# copy host SSH config into home of builder
	if [ -d /var/kas/userdata/.ssh ]; then
		cp -a /var/kas/userdata/.ssh /builder/
	fi

	GOSU="gosu builder"
fi
# kas-container on rootless docker workaround
if [ -n "$USER_ID" ] && [ "$USER_ID" -ne 0 ] && \
   [ "$KAS_DOCKER_ROOTLESS" = "1" ] && [ "$(stat -c %u /repo)" -eq 0 ]; then
	# Docker rootless does not support keeping the user namespace
	# (podman option --userns=keep-id). By that, the bind mounts
	# are owned by root.
	git config --system safe.directory /repo
	chown_managed_dirs "$USER_ID" "$GROUP_ID"

	# Copy userdata to a writable location so we can chown it.
	if [ -d "/var/kas/userdata" ]; then
		mv /var/kas/userdata /var/kas/userdata.orig
		cp -r /var/kas/userdata.orig /var/kas/userdata
		chown -R "$USER_ID":"$GROUP_ID" /var/kas/userdata
	fi
fi

if [ "$PWD" = / ]; then
	cd /builder || exit 1
fi

if [ -n "$1" ]; then
	case "$1" in
	build|checkout|clean*|diff|dump|for-all-repos|lock|menu|purge|shell|-*)
		# We must restore the dir owner after every kas invocation.
		# This is cheap as only the top-level dirs are changed (non recursive).
		if [ "$KAS_DOCKER_ROOTLESS" = "1" ]; then
			trap restore_managed_dirs_owner EXIT INT TERM
			$GOSU kas "$@"
		else
			# SC2086: Double quote to prevent globbing and word splitting.
			# shellcheck disable=2086
			exec $GOSU kas "$@"
		fi
		;;
	*)
		if [ -n "$USER_ID" ]; then
			echo "kas-container: this container does not support \"kas $1\"" >&2
			exit 1
		fi
		# SC2086: Double quote to prevent globbing and word splitting.
		# shellcheck disable=2086
		exec $GOSU "$@"
		;;
	esac
else
	# SC2086: Double quote to prevent globbing and word splitting.
	# shellcheck disable=2086
	exec $GOSU bash
fi
