#!/bin/bash -eu
#
# Builds an ACI containing a go implementation of an ACE validator
#

PREFIX="ace"

if ! [[ $0 =~ "${PREFIX}/build_aci" ]]; then 
	echo "invoke from repository root" 1>&2
	exit 255
fi

if ! [[ -f "bin/ace-validator" ]]; then 
	./build
fi

for typ in main sidekick; do 
	layoutdir="bin/ace-${typ}-layout"
	mkdir -p ${layoutdir}/rootfs/opt/acvalidator
	cp bin/ace-validator ${layoutdir}/rootfs/
	cp ${PREFIX}/image_manifest_${typ}.json ${layoutdir}/manifest
	# now build the tarball, and sign it
	pushd ${layoutdir} >/dev/null
		# Set a consistent timestamp so we get a consistent hash
		# TODO(jonboulle): make this cleaner..
		for path in rootfs rootfs/ace-validator; do
			touch -a -m -d 1415660606 ${path}
		done
		../actool build --overwrite ./ ../ace-validator-${typ}.aci
		# TODO(jonboulle): create uncompressed instead, then gzip?
		HASH=sha512-$(gzip -d -f ../ace-validator-${typ}.aci -c | sha512sum - | awk '{print $1}')
		gpg --cipher-algo AES256 --output ace-validator-${typ}.sig --detach-sig ../ace-validator-${typ}.aci
		mv ace-validator-${typ}.sig ../
	popd >/dev/null
	echo "Wrote ${typ} layout to      ${layoutdir}"
	echo "Wrote unsigned ${typ} ACI   bin/ace-validator-${typ}.aci"
	ln -s ${PWD}/bin/ace-validator-${typ}.aci bin/${HASH}
	echo "Wrote ${typ} layout hash    bin/${HASH}"
	echo "Wrote ${typ} ACI signature  bin/ace-validator-${typ}.sig"
done
