#!/bin/sh
export cmd=$0

export TEXTDOMAINDIR='/usr/share/locale'
export TEXTDOMAIN='podsec'

source podsec-functions
source podsec-get-platform

getPlatform

mes=$(isSigstoreServer)
if [ -n "$mes" ]
then
  echo $mes >&2
  echo $(gettext 'Unable to load images')  >&2
  exit 1
fi

if ! id | grep -q podman_dev
then
  echo $(gettext 'The script is called by a user not included in the podman_dev group') >&2
  exit 1
fi

if [ $# -ne 4 -a $# -ne 3 ]
then
  echo -ne "$(gettext 'Format'):\n\t$cmd $(gettext 'archive_file_name architecture EMail_signer [registry/path]')\n" >&2
  exit 1
fi

export archive=$1
export arch=$2
# regName=$(basename $3)
signBy="${3}"
if [ $# -eq 3 ]
then
  regName="registry.local/$U7S_PLATFORM"
  base="$U7S_PLATFORM/"
else
  dir=$(dirname $4)
  if [ $dir == '.' ]
  then
    echo $(gettext 'Missing path after registry name') | envsubst >&2
  echo -ne "$(gettext 'Format'):\n\t$cmd $(gettext 'archive_file_name architecture EMail_signer registry/path')\n" >&2
    exit 1
  fi
  base="$(basename $4)"
  regName="$dir/$base"
  base+="/"
fi
baselen=${#base}

if [ ! -f $archive ]
then
  echo "$(gettext 'Archive') $archive $(gettext 'is missing')" >&2
  echo -ne "$(gettext 'Format'):\n\t$cmd $(gettext 'archive_file_name architecture EMail_signer registry/path')\n" >&2
  exit 1
fi

case $arch in
amd64 | arm64 | arm | ppc64le | 386) :;;
*)
  echo "$(gettext 'Unknown architecture') $arch" >&2
  echo $(gettext 'Allowed: amd64, arm64, arm, ppc64le, 386') >&2
  echo -ne "$(gettext 'Format'):\n\t$cmd $(gettext 'archive_file_name architecture EMail_signer registry/path')\n" >&2
  exit 3
  ;;
esac

if [ -z "$regName" ]
then
  echo $(gettext 'Registry name not specified')  >&2
  echo -ne "$(gettext 'Format'):\n\t$cmd $(gettext 'archive_file_name architecture EMail_signer registry/path')\n" >&2
  exit 4
fi

ifs=$IFS IFS=/
set -- $regName
IFS=.
set -- $1
IFS=$ifs
if [ $# -eq 1 ]
then
  echo $(gettext 'The registry name must contain a period (.) in the name')  >&2
  echo -ne "$(gettext 'Format'):\n\t$cmd $(gettext 'archive_file_name architecture EMail_signer registry/path')\n" >&2
  exit 5
fi

TMPDIR=/var/tmp/ociDir.$$
mkdir -p $TMPDIR

if xz -d < $archive | tar xvCf $TMPDIR -
then
  :;
else
  echo $(gettext 'Unsuccessful archive unfolding')  >&2
  exit 6
fi

archDir="$TMPDIR/$arch"
if [ ! -d $archDir ]
then
  echo "$(gettext 'Invalid archive format. Archive directory') $arch $(gettext 'is missing')" >&2
  exit 7
fi

archIndexFile="$archDir/index.json"
if [ ! -f "$archIndexFile" ]
then
  echo "$(gettext 'Invalid archive format. Architecture directory') $arch/index.json $(gettext 'is missing')" >&2
  exit 8
fi

image=$(jq '[.manifests[].annotations[]][0]' $archIndexFile)
image=${image:1:-1}
ifs=$IFS
IFS=/
set -- $image
IFS=$ifs
export platform=$1
if [ "$platform" != "$U7S_PLATFORM" ]
then
  echo "$(gettext 'Current platform') $U7S_PLATFORM $(gettext 'does not match installed') $platform" >&2
  echo $(gettext 'Continue (y/N)?') >&2
  read answer
  if [ "$answer" != "y" ]
  then
      exit 1
  else
    if [ ${platform:0:4} = 'k8s-' ]
    then
      echo "C 31.08.2025 префикс k8- в имени образа не поддерживается (см. https://www.altlinux.org/Registry_(%D0%9D%D0%BE%D0%B2%D0%B0%D1%8F_%D1%81%D1%82%D1%80%D1%83%D0%BA%D1%82%D1%83%D1%80%D0%B0))"
      exit 1
    fi
    base="$platform/"
    baselen=${#base}
  fi
fi

imagesList=$(jq '.manifests[].annotations[]' $archIndexFile)
ImageList=""
for image in $imagesList
do
  image=${image:1:-1}
  echo "$(gettext 'Deploying the image') $image $(gettext 'to the local system')" >&2
  if [ "${image:0:$baselen}" == "$base" ]
  then
    image=${image:$baselen}
    ociImage="$base$image"
    Image="$regName/$image"
  else
    ociImage=$image
    Image="registry.local/$image"
  fi
  skopeo --override-arch $arch copy oci:$archDir:$ociImage containers-storage:$Image
  if [ "$base" = 'c10f/' ]
  then
    oldImage="k8s-c10f2/${ociImage:5}"
    OldImage="registry.local/$oldImage"
    ImageList+=" $OldImage"
    podman tag $Image $OldImage
  fi
  ImageList+=" $Image"
done

for Image in $ImageList
do
  echo "$(gettext 'Signing and transferring the') $Image $(gettext 'to the registry')" >&2
  podman push --tls-verify=false --sign-by="$signBy" $Image
done

rm -rf $TMPDIR

