#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2023  IPFire Team  info@ipfire.org                       #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

# All supported architectures
ARCHES=(
	aarch64
	riscv64
	x86_64
)

# A list of files that are not scanned
# because they probably cause some false positives.
EXCLUDED_FILES=(
	qemu
)

ARGS=(
	# Search path
	"config/rootfiles"

	# Exclude old core updates
	"--exclude-dir" "oldcore"

	# Ignore the update scripts
	"--exclude" "update.sh"
)

check_for_arch() {
	local arch="${1}"

	local args=(
		"${ARGS[@]}"
	)

	# Exclude any architecture-specific directories
	local a
	for a in ${ARCHES[@]}; do
		args+=( "--exclude-dir" "${a}" )
	done

	# Exclude all excluded files
	local x
	for x in ${EXCLUDED_FILES[@]}; do
		args+=( "--exclude" "${x}" )
	done

	# Search for all lines that contain the architecture, but exclude commented lines
	grep -r "^[^#].*${arch}" "${args[@]}"
}

check_for_pattern() {
	local pattern="${1}"
	local message="${2}"

	local args=(
		"${ARGS[@]}"
	)

	if grep -r "${pattern}" "${args[@]}"; then
		if [ -n "${message}" ]; then
			echo "ERROR: ${message}"
		else
			echo "ERROR: Files matching '${pattern}' have been found in the rootfiles"
		fi
		return 1
	fi

	return 0
}

main() {
	local failed=0

	# Check for /etc/init.d
	if ! check_for_pattern "^etc/init\.d/" \
			"/etc/init.d/* has been found. Please replace by /etc/rc.d/init.d"; then
		failed=1
	fi

	# Check for /var/run
	if ! check_for_pattern "^var/run/.*" \
			"You cannot ship files in /var/run as it is a ramdisk"; then
		failed=1
	fi

	# Check architectures
	local arch
	for arch in ${ARCHES[@]}; do
		check_for_arch "${arch}" || failed=$?
	done

	# Return the error
	return ${failed}
}

main "$@" || exit $?