#!/bin/sh -
#
# Pull down latest FreeBSD ports of the rpki.net tools, drop them into
# /usr/ports/rpki, and turn portupgrade loose on them to do whatever
# needs doing.
#
# For this to work, you need to tweak two variables in your
# /usr/local/etc/pkgtools.conf file:
#
# * Add "rpki" (or whatever you specify as $category, below) to
#   EXTRA_CATEGORIES.
#
# * Add "ENV['PORTSDIR'] + '/INDEX.rpki'" (or whatever you specify as
#   $index, below) to ALT_INDEX.
#
# Example:
#
#    EXTRA_CATEGORIES = [
#          'rpki',
#    ]
#
#    ALT_INDEX = [
#          ENV['PORTSDIR'] + '/INDEX.rpki',
#    ]

# Warn users about programs we're going to need.
if ! test -x /usr/local/bin/curl -a -x /usr/local/sbin/portmaster
then
    echo 1>&2 "This script requires curl and portupgrade."
    echo 1>&2 "See /usr/ports/ftp/curl and /usr/ports/ports-mgmt/portupgrade."
    exit 1
fi

# Which ports this script should manage.  rpki-rp should come before
# rpki-ca in this list.  The default is to manage both, but if you
# just want rpki-rp you can do it by removing rpki-ca here.

ports='rpki-rp rpki-ca'

# Whence to fetch the port tarballs.

url=https://download.rpki.net/FreeBSD_Packages

# "Category" to use for RPKI tools.  Unlike our hack with portmaster,
# we can't use an existing category, so we invent a new category
# "rpki" for this purpose.

category=rpki

dir=/usr/ports/$category
index=/usr/ports/INDEX.$category

# Drop this stuff in magic directory

test -d $dir || mkdir $dir || exit

cd $dir

# Create the extra Makefile portupgrade requires if it's missing.

if test ! -f Makefile
then
    echo > Makefile '# Local hack for rpki.net code.'
    echo >>Makefile ''
    echo >>Makefile '    COMMENT = rpki.net tools'
    echo >>Makefile ''
    for port in $ports
    do
	echo >>Makefile "    SUBDIR += $port"
    done
    echo >>Makefile ''
    echo >>Makefile '.include <bsd.port.subdir.mk>'
fi

# Download fresh copies of the ports

for port in $ports
do
    echo "==> Downloading $port"
    /bin/rm -rf $port
    /usr/local/bin/curl --tlsv1 --cacert /dev/stdin $url/${port}-port.tgz |
    /usr/bin/tar --extract --verbose --file - $port
done

# Whack CATEGORY setting in Makefiles to match what portupgrade forces
# us to do here, then regenerate the portsdb.

echo "==> Fixing up port Makefiles and whacking RPKI ports into portsdb"

/bin/cp /dev/null $index

for port in $ports
do
    cd $port
    /usr/bin/awk <Makefile >Makefile.hacked -v category=$category '
	/^[ \t]*CATEGORIES[ \t]*=[ \t]*net[ \t]*$/ {
	    print "CATEGORIES=\t" category;
	    print "VALID_CATEGORIES+=", category;
	    next;
	}
	{
	    print;
	}'
    /bin/mv Makefile.hacked Makefile
    /usr/bin/make describe >>$index
    cd $dir
done

/usr/local/sbin/portsdb --force --update

# And build whatever needs building.  portupgrade seems to get
# confused if we specify -N when one of these ports is already
# installed, don't really know or care why, just kludge around it.
#
# We don't attempt to use a single portupgrade run for both ports,
# because we can't control the order in which portupgrade will try to
# build them, we can't assume that they're both installed just because
# one of them is installed, and the whackiness of having to use an
# invented category to make portupgrade happy means we can't trust the
# ports system to do the right thing if portupgrade decides to install
# rpki-ca before installing rpki-rp.  What with all that, it's easier
# just to run portupgrade twice to force the correct ordering.

for port in $ports
do
    echo "==> Running portupgrade for $port"
    if /usr/sbin/pkg_info -oaq 2>/dev/null | /usr/bin/fgrep -q /$port
    then
	new_flag=''
    else
	new_flag='--new'
    fi
    /usr/local/sbin/portupgrade --verbose $new_flag $category/$port
done