#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
set -e

prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
ROLE=base

. /usr/local/bin/usr_local_tput.bash

error () { ERROR "$0 $2" ; exit $1 ; }

VERS=15.0.1.5.4
TYPE=XFCE
HTTP_DIR=/g/Privacy/net/Http
URL=download.whonix.org/ova/$VERS/Kicksecure-${TYPE}-$VERS
TMPDIR=URL=$HTTP_DIR/download.whonix.org/ova/

NBD_DEV=/dev/nbd1

if [ ! -f $HTTP_DIR/$URL.ova ] ; then
    wget -xcP $HTTP_DIR/ https://$URL.ova || error 2 wget
fi

[ -d $TMPDIR ] || mkdir -p $TMPDIR || error 3 $TMPDIR
cd  $TMPDIR || error 4 cd $TMPDIR

if [ ! -f Kicksecure-${TYPE}-$VERS-disk001.vmdk ] ; then
    echo INFO: $HTTP_DIR/$URL.ova
    tar xvf $HTTP_DIR/$URL.ova || error 4 tar
fi

if [ ! -f Kicksecure-${TYPE}-${VERS}-disk001.qcow2 ] ; then
    echo INFO:  Kicksecure-${TYPE}-$VERS-disk001.qcow2
    qemu-img convert -O qcow2 Kicksecure-${TYPE}-$VERS-disk001.vmdk Kicksecure-${TYPE}-$VERS-disk001.qcow2
fi


# must be run as root
if [ "$( id -u )" != "0" ] ; then
    echo ERROR: $0 run as root
    exit 0
  fi
if [ "$#" -eq "0" ] ; then
    root=/mnt/qcow2/KickXFCE150154
  else
    root=$1
  fi
[ -d "$root" ] || mkdir $root
if [ ! -d "$root" ] ; then
    error 3 "give an absolute directory name for chroot - $root"
  fi

if  [ ! -e ${NBD_DEV}p1 ] ; then
    echo INFO: qemu-nbd -c ${NBD_DEV} Kicksecure-${TYPE}-$VERS-disk001.qcow2
    qemu-nbd -c ${NBD_DEV} Kicksecure-${TYPE}-${VERS}-disk001.qcow2
fi

fdisk -l ${NBD_DEV} | grep  ${NBD_DEV}p1 || exit 6

df | grep " $root" || mount ${NBD_DEV}p1 $root

[ -d /usr/local/tmp/wheels ] || \
  ( cd /usr/local/tmp ; bash /usr/local/sbin/bootstrap_wheels.bash ; )

[ -d $root/usr/local/tmp ] || \
    { mkdir $root/usr/local/tmp ; chmod 1777 $root/usr/local/tmp ; }
[ -d $root/usr/local/tmp/wheels ] || \
    cp -rip /usr/local/tmp/wheels $root/usr/local/tmp/wheels
[ -d $root/usr/local/sbin ] || \
    { mkdir $root/usr/local/sbin ; }
[ -f $root/usr/local/sbin/bootstrap_pip_ansible.bash ] || \
    { cp -p /usr/local/sbin/bootstrap_*.bash $root/usr/local/sbin ; }
[ -d $root/usr/local/etc/ssl ] || \
    { mkdir $root/usr/local/etc/ssl ; }
[ -f /usr/local/etc/ssl/cacert-testforge.pem -a \
     ! -f $root//usr/local/etc/ssl/cacert-testforge.pem ] && \
    cp -p /usr/local/etc/ssl/cacert-testforge.pem $root/usr/local/etc/ssl/cacert-testforge.pem

. /usr/local/bin/proxy_export.bash
echo INFO: /usr/local/sbin/update_chroot.bash $root
echo BOX_DEBIAN10_VAR_APT_ARCHIVES=/mnt/o/Cache/Apt/Debian/10.6/var/cache/apt/archives
echo BOX_BOXUSER_PLAY_PIP_CACHE=/mnt/o/Cache/Pip
echo BOX_USER_NAME=user
echo export http_proxy=$http_proxy
echo export https_proxy=$https_proxy
echo export socks_proxy=$socks_proxy
echo /usr/local/sbin/bootstrap_pip_ansible.bash