#!/bin/bash
set -e

APPLY_PATCHES=true
#APPLY_PATCHES=false

if wget -qS http://proxyserver:3128 2>&1 | grep -q Server\:\ squid; then
	http_proxy=http://proxyserver:3128
	https_proxy=http://proxyserver:3128
	ftp_proxy=http://proxyserver:3128
	export http_proxy https_proxy ftp_proxy
fi

VERSION_DEBIAN="${1}"
VERSION="${2}"
VERSION_DEBIAN_BINNMU="${3}"

K_TEMP="${VERSION%%~*}"
K_TEMP="${K_TEMP%%-*}"

K_VERSION="$(echo ${K_TEMP} | cut -d\. -f1)"
K_PATCHLEVEL="$(echo ${K_TEMP} | cut -d\. -f2)"
K_SUBLEVEL="$(echo ${K_TEMP} | cut -d\. -f3)"

if [ -x "$(which pixz)" ]; then
	XZ="pixz -8"
elif [ -x "$(which xz)" ]; then
	XZ="xz -6"
else
	echo "ERROR: neither xz nor pixz found in the PATH" >&2
fi

MAJOR_VER="${K_VERSION}.${K_PATCHLEVEL}"
K_PATCHLEVEL_SYM="x"

RC_VER="${VERSION#*\~}"
[ "x${VERSION%\~*}" = "x${RC_VER}" ] && RC_VER=""

TMP_DIR="$(mktemp -d --tmpdir linux-aptosid.XXXXXX)"
pushd "${TMP_DIR}"
	if [ -z "$RC_VER" ]; then
		# stable kernel
		UP_TARBALL="linux-${MAJOR_VER}.tar.xz"
		if ! wget --no-hsts -Nc "http://cdn.kernel.org/pub/linux/kernel/v${K_VERSION}.${K_PATCHLEVEL_SYM}/${UP_TARBALL}"; then
			UP_TARBALL="linux-${MAJOR_VER}.tar"

			git clone \
				--bare \
				--branch v${MAJOR_VER} \
				--depth 1 \
					https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

			git archive \
				--remote=./linux.git \
				--format=tar \
				--prefix="linux-${MAJOR_VER}/" \
				-o linux-${MAJOR_VER}.tar \
					v${MAJOR_VER}

			rm -rf linux-git
		fi

		if [ -n "${K_SUBLEVEL}" ]; then
			ORIG_TARBALL="linux-aptosid_${K_VERSION}.${K_PATCHLEVEL}.${K_SUBLEVEL}.orig.tar.xz"
		else
			ORIG_TARBALL="linux-aptosid_${K_VERSION}.${K_PATCHLEVEL}.orig.tar.xz"
		fi
	else
		# rc kernel
		UP_TARBALL="linux-${MAJOR_VER}-${RC_VER}.tar"
		git clone \
			--bare \
			--branch v${MAJOR_VER}-${RC_VER} \
			--depth 1 \
				https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

		git archive \
			--remote=./linux.git \
			--format=tar \
			--prefix="linux-${MAJOR_VER}-${RC_VER}/" \
			-o linux-${MAJOR_VER}-${RC_VER}.tar \
				v${MAJOR_VER}-${RC_VER}

		rm -rf linux-git

		if [ -n "${K_SUBLEVEL}" ]; then
			ORIG_TARBALL="linux-aptosid_${K_VERSION}.${K_PATCHLEVEL}.${K_SUBLEVEL}~${RC_VER}.orig.tar.xz"
		else
			ORIG_TARBALL="linux-aptosid_${K_VERSION}.${K_PATCHLEVEL}~${RC_VER}.orig.tar.xz"
		fi
	fi
popd >/dev/null 2>&1

mkdir "${TMP_DIR}/linux-${VERSION}"
pushd "${TMP_DIR}/linux-${VERSION}" >/dev/null 2>&1
	case "${UP_TARBALL}" in
		*.tar.bz2)
			tar --strip 1 -xjf "${TMP_DIR}/${UP_TARBALL}"
			;;
		*.tar.gz)
			tar --strip 1 -xzf "${TMP_DIR}/${UP_TARBALL}"
			;;
		*.tar.xz)
			tar --strip 1 -xJf "${TMP_DIR}/${UP_TARBALL}"
			;;
		*.tar)
			tar --strip 1 -xf "${TMP_DIR}/${UP_TARBALL}"
			;;
	esac
	rm "${TMP_DIR}/${UP_TARBALL}"

	# remove individual blobby files throughout the tree
	rm	Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt

	rm	arch/powerpc/platforms/8xx/micropatch.c

	rm	drivers/media/usb/dvb-usb/af9005-script.h

	# These include apparently obfuscated code
	rm -r	drivers/video/fbdev/nvidia/
	rm -r	drivers/video/fbdev/riva/

popd >/dev/null 2>&1

if $APPLY_PATCHES; then
	echo "mark pruned modules as BROKEN"
	for patch in $(cat debian/patches/dfsg/orig/series); do
		patch	--directory="${TMP_DIR}/linux-${VERSION}" \
			-p1 \
			-i "$(pwd)/debian/patches/dfsg/orig/${patch}"
	done
fi

pushd "${TMP_DIR}" >/dev/null 2>&1
	echo ""
	echo "create pruned ${ORIG_TARBALL}"
	tar	\
		--exclude \*\\.orig \
		--posix \
		--numeric-owner \
		--owner=0 \
		--group=0 \
		-cf - "linux-${VERSION}" | \
			${XZ} >"${TMP_DIR}/${ORIG_TARBALL}"

	rm -rf ${TMP_DIR}/linux-${VERSION}
popd >/dev/null 2>&1

echo "COMPLETED: ${TMP_DIR}/${ORIG_TARBALL}"
