# Linux Vulnerability Mitigation
# Copyright (C) 2026 Daniel Baumann <daniel@debian.org>
#
# SPDX-License-Identifier: PD
#
# This program is free software: you have unlimited permission
# to copy, distribute and modify it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SHELL := sh -e

PROJECT := linux-vulnerability-mitigation
VERSION := $(shell cat VERSION.txt)

SCRIPTS := bin/* libexec/* mitigations/*

all: build

clean: clean-man

clean-man:
	$(MAKE) -C man clean

build: build-man

build-man:
	$(MAKE) -C man build

test:
	@echo -n "Checking for syntax errors with sh... "
	@for SCRIPT in $(SCRIPTS); \
	do \
		sh -n $${SCRIPT}; \
		echo -n "."; \
	done
	@echo " done."

	@echo -n "Checking for bashisms... "
	@if [ -x /usr/bin/checkbashisms ]; \
	then \
		for SCRIPT in $(SCRIPTS); \
		do \
			checkbashisms -f -x $${SCRIPT}; \
			echo -n "."; \
		done; \
	else \
		echo "Note: devscripts not installed, skipping checkbashisms."; \
	fi
	@echo " done."

	@echo -n "Checking with shellcheck... "
	@if [ -x /usr/bin/shellcheck ]; \
	then \
		for SCRIPT in $(SCRIPTS); \
		do \
			shellcheck $${SCRIPT}; \
			echo -n "."; \
		done; \
	else \
		echo "Note: shellcheck not installed, skipping shellcheck."; \
	fi
	@echo " done."

install: install-bin install-doc install-man install-mitigations

install-bin:
	mkdir -p $(DESTDIR)/usr/bin
	cp bin/* $(DESTDIR)/usr/bin

	mkdir -p $(DESTDIR)/usr/libexec
	cp -r libexec $(DESTDIR)/usr/libexec/linux-vulnerability-mitigation

	mkdir -p $(DESTDIR)/usr/share/linux-vulnerability-mitigation
	cp VERSION.txt $(DESTDIR)/usr/share/linux-vulnerability-mitigation

	mkdir -p $(DESTDIR)/usr/share/bash-completion/completions
	cp bash-completion/* $(DESTDIR)/usr/share/bash-completion/completions

install-doc:
	mkdir -p $(DESTDIR)/usr/share/doc/$(PROJECT)
	cp *.txt $(DESTDIR)/usr/share/doc/$(PROJECT)

install-man: build-man
	for SECTION in $$(seq 1 8); \
	do \
		if ls man/*.$${SECTION} > /dev/null 2>&1; \
		then \
			mkdir -p $(DESTDIR)/usr/share/man/man$${SECTION}; \
			cp man/*.$${SECTION} $(DESTDIR)/usr/share/man/man$${SECTION}; \
		fi; \
	done

install-mitigations:
	mkdir -p $(DESTDIR)/usr/share/linux-vulnerability-mitigation
	cp -a mitigations $(DESTDIR)/usr/share/linux-vulnerability-mitigation

uninstall: uninstall-bin uninstall-doc uninstall-man uninstall-mitigations
	rmdir --ignore-fail-on-non-empty $(DESTDIR) || true

uninstall-bin:
	for FILE in bin/*; \
	do \
		rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \
	done
	rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true

	rm -f $(DESTDIR)/usr/libexec/linux-vulnerability-mitigation
	rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/libexec || true

	rm -f $(DESTDIR)/usr/share/linux-vulnerability-mitigation/VERSION.txt
	rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/linux-vulnerability-mitigation || true

	for FILE in share/bash-completion/*; \
	do \
		rm -f $(DESTDIR)/usr/share/bash-completion/completions/$$(basename $${FILE}); \
	done
	rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/bash-completion/completions || true

uninstall-doc:
	rm -rf $(DESTDIR)/usr/share/doc/$(PROJECT)
	rmdir --ignore-fail-on-non-empty $(DESTDIR)/usr/share/doc || true

uninstall-man:
	for SECTION in $$(seq 1 8); \
	do \
		for FILE in man/*.$${SECTION}; \
		do \
			rm -f $(DESTDIR)/usr/share/man/man$${SECTION}/$$(basename $${FILE}); \
		done; \
		rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/man/man$${SECTION} || true; \
	done

uninstall-mitigations:
	rm -rf $(DESTDIR)/usr/share/linux-vulnerability-mitigation/mitigations
	rmdir --ignore-fail-on-non-empty $(DESTDIR)/usr/share/linux-vulnerability-mitigation || true

reinstall: clean uninstall build install

release: clean
	git commit -a -s -S -m 'Releasing version $(VERSION).' || true
	git tag -s -m 'Tagging version $(VERSION).' v$(VERSION) || true

	mkdir -p $(PROJECT)-$(VERSION)
	find . -mindepth 1 -maxdepth 1 -and -not -name ".git*" -and -not -name debian -and -not -name $(PROJECT)-$(VERSION) -exec cp \-a {} $(PROJECT)-$(VERSION) \;

	for FORMAT in xz lzip; \
	do \
		EXTENSION=$$(echo $${FORMAT} | cut -b-2); \
		tar --$${FORMAT} -cf ../$(PROJECT)-$(VERSION).tar.$${EXTENSION} $(PROJECT)-$(VERSION); \
		sha512sum ../$(PROJECT)-$(VERSION).tar.$${EXTENSION} > ../$(PROJECT)-$(VERSION).tar.$${EXTENSION}.sha512; \
		gpg --default-key 00xFBB4F0E80A80222 --armor -b ../$(PROJECT)-$(VERSION).tar.$${EXTENSION}; \
		mv ../$(PROJECT)-$(VERSION).tar.$${EXTENSION}.asc ../$(PROJECT)-$(VERSION).tar.$${EXTENSION}.sig; \
	done

	rm -rf $(PROJECT)-$(VERSION)

upload:
	scp ../$(PROJECT)-$(VERSION).* archive.progress-linux.org:/srv/archive.progress-linux.org/archive/upstream/$(PROJECT)
