#!/bin/bash
# Upload tor-browser-build directory from current HEAD commit and other
# dependencies to signing machine
set -e

script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
source ../set-config.rcodesign

cd "$script_dir/../../.."
tmpdir=$(mktemp -d)
tbbtar=$tmpdir/tor-browser-build.tar
git archive --prefix=tor-browser-build/ --output="$tbbtar" HEAD .

echo "Created $tbbtar"

make submodule-update
osslsigncodefile=$(./rbm/rbm showconf osslsigncode --target no-git var/srcfile)
if ! test -f "./out/osslsigncode/$osslsigncodefile"; then
  ./rbm/rbm tar osslsigncode
  echo "Created $osslsigncodefile"
fi

cd rbm
git archive --prefix=rbm/ --output="$tmpdir/rbm.tar" HEAD .
echo "Created rbm.tar"
cd ..

martools_filename=mar-tools-linux64.zip
if ! test -f "./out/mar-tools/$martools_filename"; then
  ./rbm/rbm build --step fetch_martools mar-tools
  echo "Downloaded $martools_filename"
fi

yubihsm_filename=$(./rbm/rbm showconf yubihsm-shell var/src_filename)
if ! test -f "./out/yubihsm-shell/$yubihsm_filename"; then
  ./rbm/rbm build yubihsm-shell --step fetch_src
  echo "Fetched $yubihsm_filename"
fi

android_build_tools_filename=$(./rbm/rbm showconf --step get_build_tools android-toolchain filename)
if ! test -f "./out/android-toolchain/$android_build_tools_filename"; then
  ./rbm/rbm build --step get_build_tools android-toolchain
  echo "Fetched $android_build_tools_filename"
fi

signing_machine='linux-signer'
setup_user='setup'
signing_dir='/signing'

echo "Uploading $osslsigncodefile to $signing_machine"
chmod go+r "./out/osslsigncode/$osslsigncodefile"
rsync -v "./out/osslsigncode/$osslsigncodefile" "$setup_user@$signing_machine:$signing_dir/$osslsigncodefile"

echo "Uploading rbm.tar to $signing_machine"
rsync -v "$tmpdir/rbm.tar" "$setup_user@$signing_machine:$signing_dir/rbm.tar"

echo "Uploading $martools_filename"
chmod go+r "./out/mar-tools/$martools_filename"
rsync -v "./out/mar-tools/$martools_filename" "$setup_user@$signing_machine:$signing_dir/$martools_filename"

echo "Uploading $yubihsm_filename"
chmod go+r "./out/yubihsm-shell/$yubihsm_filename"
rsync -v "./out/yubihsm-shell/$yubihsm_filename" "$setup_user@$signing_machine:$signing_dir/$yubihsm_filename"

echo "Uploading $android_build_tools_filename"
chmod go+r "./out/android-toolchain/$android_build_tools_filename"
rsync -v "./out/android-toolchain/$android_build_tools_filename" "$setup_user@$signing_machine:$signing_dir/$android_build_tools_filename"
echo "Extracting $android_build_tools_filename"
ssh "$setup_user@$signing_machine" mkdir -p $signing_dir/android-build-tools
ssh "$setup_user@$signing_machine" unzip -qo -d $signing_dir/android-build-tools "$signing_dir/$android_build_tools_filename"
ssh "$setup_user@$signing_machine" chmod -R o+rX "$signing_dir/$android_build_tools_filename"

echo "Uploading $rcodesign_filename"
tools/signing/setup-rcodesign
rsync -v "tools/local/$rcodesign_filename" "$setup_user@$signing_machine:$signing_dir/$rcodesign_filename"

echo "Uploading tor-browser-build.tar to $signing_machine"
scp -p "$tbbtar" "$setup_user@$signing_machine:$signing_dir/"
echo "Extracting tor-browser-build.tar on $signing_machine"
ssh "$setup_user@$signing_machine" tar -C $signing_dir -xf $signing_dir/tor-browser-build.tar
echo "You can now run this command on $signing_machine to update signing machine setup:"
echo " sudo -- $signing_dir/tor-browser-build/tools/signing/machines-setup/setup-signing-machine"
