#!/bin/bash

# Slackware build script for arno-iptables-firewall

# Copyright 2013-2020 Philip Lacroix <slackph at posteo dot de>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks
# after the first submission of this SlackBuild.

cd $(dirname $0) ; CWD=$(pwd)

PRGNAM=arno-iptables-firewall
SRCNAM=aif
VERSION=${VERSION:-2.1.0}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}

ARCH=noarch

# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
  echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
  exit 0
fi

TMP=${TMP:-/tmp/SBo}
PKG=${PKG:-$TMP/package-$PRGNAM}
OUTPUT=${OUTPUT:-/tmp}

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $SRCNAM-$VERSION

# The upstream tarball will be named differently, depending on
# the file being downloaded manually (web browser) or with wget.
if [ -e $CWD/$VERSION.tar.gz ]; then
  tar xvzf $CWD/$VERSION.tar.gz
else
  tar xvzf $CWD/$SRCNAM-$VERSION.tar.gz
fi

cd $SRCNAM-$VERSION
chown -R root:root .
find -L . \
 \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
  -o -perm 511 \) -exec chmod 755 {} \; -o \
 \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;

PRGBIN=$PKG/usr/sbin
PRGETC=$PKG/etc/$PRGNAM
PRGSHR=$PKG/usr/share/$PRGNAM
PRGDOC=$PKG/usr/doc/$PRGNAM-$VERSION
PRGMAN=$PKG/usr/man

# Install configuration, log filter and firewall executables; set
# permissions.
install -m 0755 -D ./configure.sh $PRGBIN/$PRGNAM-configure
install -m 0755 ./bin/arno-fwfilter $PRGBIN/
install -m 0755 ./bin/$PRGNAM $PRGBIN/

# Patch the configuration script. We need this to be able to run the
# script from outside the source directory as well. We're going to:
#
# 1) Change from relative to absolute the paths to the environment file
#    and the firewall executable.
# 2) Rename and change the path to the startup script, for consistency with
#    Slackware's init system.
# 3) Change the path to the unmodified copy of the config file, needed to
#    check for already existing setups.
# 4) Allow the script to be run correctly more than once, by removing
#    previously set values if no values are entered: this is to prevent,
#    for example, ports from remaining open, or NAT from remaining enabled.
# 5) Append the note, copied from the original install script and adapted
#    to the Slackware system, that users read when configuration is done:
#    this is mainly to inform that the "rc.firewall" symlink has to be
#    manually created in order to start up the firewall at boot-time. We
#    will NOT create the symlink automatically, as this should be done by
#    the system administrator.

patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff

# Copy and compress man pages.
mkdir -p $PRGMAN
cp -a ./share/man/* $PRGMAN/
find $PRGMAN -type f -exec gzip -9 {} \;

# Copy and rename configuration files; apply patch to main config file
# in order to fix paths; set permissions.
mkdir -p $PRGETC/conf.d
cp -a ./etc/$PRGNAM/* $PRGETC/
cat $CWD/files/conf.d.readme > $PRGETC/conf.d/README
patch $PRGETC/firewall.conf < $CWD/files/patch-configuration-file.diff
for conf in $( find $PRGETC -type f -not -name README ); do
  mv ${conf} ${conf}.new
  chmod 600 ${conf}.new
done

# Copy shared data; include a clean copy of the configuration file, as
# expected by the configuration script for comparison purposes; create
# link to plugin as in the original script.
mkdir -p $PRGSHR
cp -a ./share/$PRGNAM/{environment,plugins} $PRGSHR/
cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/

# Install startup script and set permissions; apply patch to fix the
# path to the executable file and make comments more consistent with
# the Slackware system.
install -m 0644 -D ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM
patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff

# Copy documentation, including third-party sample files.
mkdir -p $PRGDOC/contrib
for doc in README CHANGELOG gpl_license.txt ; do
  cp -a ./${doc} $PRGDOC/
done
cp -a ./contrib/adsl-failover $PRGDOC/contrib/
cp -a ./contrib/Slackware/syslog.conf $PRGDOC/contrib/
cat $CWD/$PRGNAM.SlackBuild > $PRGDOC/$PRGNAM.SlackBuild

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE