#!/bin/bash

if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail

[ -n "$ARCH" ]
[ -n "$TARGET_ROOT" ]

if [ 'amd64' = "$ARCH" ] ; then
    ARCH="x86_64"
fi

if ! [ 'x86_64' = "$ARCH" ] ; then
    echo "Only x86_64 images are currently available but ARCH is set to $ARCH."
    exit 1
fi

DIB_RELEASE=${DIB_RELEASE:-13.1}
# NOTE(toabctl): if something changes here on the buildservice side, please
# first ask in #opensuse-cloud on freenode before you change the format here!
DIB_CLOUD_IMAGES=${DIB_CLOUD_IMAGES:-http://download.opensuse.org/repositories/Cloud:/Images:/openSUSE_${DIB_RELEASE}/images/}
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-openSUSE-${DIB_RELEASE}-OS-rootfs.${ARCH}.tbz}
SHA256SUMS_FILE=${SHA256SUMS_FILE:-${BASE_IMAGE_FILE}.sha256}

CACHED_FILE=$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE
CACHED_SHA256SUMS_FILE=$DIB_IMAGE_CACHE/SHA256SUMS.$BASE_IMAGE_FILE

# FIXME: either check the checksums into git or verify the signature
# on the checksums. We should not be trusting checksums we download
# over HTTP
if [ -n "$DIB_OFFLINE" -a -f "$CACHED_FILE" ] ; then
    echo "Not checking freshness of cached $CACHED_FILE."
else
    echo "Fetching Base Image"
    $TMP_HOOKS_PATH/bin/cache-url $DIB_CLOUD_IMAGES/$SHA256SUMS_FILE $CACHED_SHA256SUMS_FILE
    $TMP_HOOKS_PATH/bin/cache-url $DIB_CLOUD_IMAGES/$BASE_IMAGE_FILE $CACHED_FILE
    pushd $DIB_IMAGE_CACHE
    # Calculate sha256sum of downloaded image and check against content from sha256 file
    SHA256SUM=$(sha256sum ${BASE_IMAGE_FILE} | cut -d " " -f1)
    grep -q $SHA256SUM SHA256SUMS.$BASE_IMAGE_FILE
    popd
fi

# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
# image tarball and host OS)
sudo tar -C $TARGET_ROOT --numeric-owner -xjf $CACHED_FILE
