#########################################################################
# Multiplatform build and packaging recipes for BitmaskVPN
# (c) LEAP Encryption Access Project, 2019-2021
#########################################################################

.PHONY: all get build icon locales generate_locales clean check_qtifw HAS-qtifw relink_vendor

XBUILD ?= no
RELEASE ?= no
QMAKE ?= qmake
LRELEASE ?= lrelease
SKIP_CACHECK ?= no
VENDOR_PATH ?= providers
APPNAME ?= $(shell VENDOR_PATH=${VENDOR_PATH} branding/scripts/getparam appname | tail -n 1)
TARGET ?= $(shell VENDOR_PATH=${VENDOR_PATH} branding/scripts/getparam binname | tail -n 1)
PROVIDER ?= $(shell grep ^'provider =' ${VENDOR_PATH}/vendor.conf | cut -d '=' -f 2 | tr -d "[:space:]")
VERSION ?= $(shell git describe 2> /dev/null)
ifeq ($(VERSION),)
    VERSION := "unknown"
endif
WINCERTPASS ?= pass
OSXAPPPASS  ?= pass
OSXMORDORUID ?= uid

# go paths
GOPATH = $(shell go env GOPATH)
TARGET_GOLIB=lib/libgoshim.a
SOURCE_GOLIB=gui/backend.go

# detect OS
UNAME = $(shell uname -s)
ifeq ($(OS), Windows_NT)
PLATFORM = windows
else
PLATFORM ?= $(shell echo ${UNAME} | awk "{print tolower(\$$0)}")
endif

QTBUILD = build/qt
INSTALLER = build/installer
OSX_CERT="Developer ID Application: LEAP Encryption Access Project"
MACDEPLOYQT_OPTS = -appstore-compliant -always-overwrite -codesign="${OSX_CERT}"

ifeq ($(PLATFORM), darwin)
INST_ROOT =${INSTALLER}/packages/bitmaskvpn/data/
INST_DATA = ${INST_ROOT}/${APPNAME}.app/
else
INST_DATA = ${INSTALLER}/packages/bitmaskvpn/data/
endif

SCRIPTS = branding/scripts
TEMPLATES = branding/templates

TAP_WINDOWS = https://build.openvpn.net/downloads/releases/tap-windows-9.24.2-I601-Win10.exe 

ifeq ($(PLATFORM), windows)
HAS_QTIFW := $(shell which binarycreator.exe)
else
HAS_QTIFW := $(shell PATH=$(PATH) which binarycreator)
endif
OPENVPN_BIN = "$(HOME)/openvpn_build/sbin/$(shell grep OPENVPN branding/thirdparty/openvpn/build_openvpn.sh | head -n 1 | cut -d = -f 2 | tr -d '"')"


#########################################################################
# go build
#########################################################################

install_go:
	# the version of go in bionic is too old. let's get something newer from a ppa.
	@sudo apt install software-properties-common
	@sudo add-apt-repository ppa:longsleep/golang-backports
	@sudo apt-get update
	@sudo apt-get install golang-go

depends:
	-@make depends$(UNAME)

dependsLinux:
	@sudo apt install golang pkg-config dh-golang golang-golang-x-text-dev cmake devscripts fakeroot debhelper curl g++ qt5-qmake qttools5-dev-tools qtdeclarative5-dev qml-module-qtquick-controls libqt5qml5 qtdeclarative5-dev qml-module-qt-labs-platform qml-module-qt-labs-qmlmodels qml-module-qtquick-extras qml-module-qtquick-dialogs
	@make -C docker deps
	@# debian needs also: snap install snapcraft --classic; snap install  multipass --beta --classic

dependsDarwin:
	@brew install git golang make qt5
	#@brew install --default-names gnu-sed
	@brew link qt5

dependsCYGWIN_NT-10.0:
	@echo
	@echo "==================================WARNING=================================="
	@echo "You need to install all dependencies manually, please see README.md!"
	@echo "==================================WARNING=================================="
	@echo

ifeq ($(PLATFORM), darwin)
EXTRA_FLAGS = MACOSX_DEPLOYMENT_TARGET=10.10 GOOS=darwin CC=clang
else
EXTRA_FLAGS =
endif

ifeq ($(PLATFORM), windows)
EXTRA_GO_LDFLAGS = "-H=windowsgui"
endif

ifeq ($(PLATFORM), windows)
PKGFILES = $(wildcard "pkg/*") # syntax err in windows with find 
else
PKGFILES = $(shell find pkg -type f -name '*.go')
endif

lib/%.a: $(PKGFILES)
	@XBUILD=no ./gui/build.sh --just-golib

relink_vendor:
	@echo "============RELINK VENDOR============="
	@echo "PLATFORM: ${PLATFORM} (${UNAME})"
	@echo "VENDOR_PATH: ${VENDOR_PATH}"
	@echo "PROVIDER: ${PROVIDER}"
ifeq ($(PLATFORM), windows)
	@rm -rf providers/assets || true
ifeq ($(UNAME), MINGW64_NT-10.0)
ifeq ($(VENDOR_PATH), providers)
	@cp -r providers/${PROVIDER}/assets providers/assets || true
endif
endif # end mingw
ifeq ($(UNAME), CYGWIN_NT-10.0)
	@[ -L providers/assets ] || (CYGWIN=winsymlinks:nativestrict ln -s ${PROVIDER}/assets providers/assets)
endif # end cygwin
else # not windows: linux/osx
ifeq ($(VENDOR_PATH), providers)
	@unlink providers/assets || true
	@ln -s ${PROVIDER}/assets providers/assets || true
endif
endif

	@echo "============RELINK VENDOR============="

build_golib: lib/libgoshim.a

build_gui: relink_vendor
	@echo "==============BUILD GUI==============="
	@echo "TARGET: ${TARGET}"
	@echo "VENDOR_PATH: ${VENDOR_PATH}"
	@XBUILD=no QMAKE=${QMAKE} LRELEASE=${LRELEASE} TARGET=${TARGET} VENDOR_PATH=${VENDOR_PATH} gui/build.sh --skip-golib
	@echo "============BUILD GUI================="

build: build_golib build_helper build_gui

build_helper:
ifeq ($(PLATFORM), linux)
# no helper needed for linux, we use polkit/bitmask-root
else
	@echo "=============BUILDER HELPER==========="
	@echo "PLATFORM: ${PLATFORM}"
	@echo "APPNAME: ${APPNAME}"
	@echo "VERSION: ${VERSION}"
	@echo "EXTRA_GO_LDFLAGS: ${EXTRA_GO_LDFLAGS}"
	@mkdir -p build/bin/${PLATFORM}
	@go build -o build/bin/${PLATFORM}/bitmask-helper -ldflags "-X main.AppName=${APPNAME} -X main.Version=${VERSION} ${EXTRA_GO_LDFLAGS}" ./cmd/bitmask-helper/
	@echo "===========BUILDER HELPER============="
endif

build_openvpn:
	@[ -f $(OPENVPN_BIN) ] && echo "OpenVPN already built at" $(OPENVPN_BIN) || ./branding/thirdparty/openvpn/build_openvpn.sh

dosign:
ifeq (${PLATFORM}, windows)
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-file-version ${VERSION}
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-product-version ${VERSION}
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-version-string CompanyName "LEAP Encryption Access Project"
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-version-string FileDescription "${APPNAME}"
	"c:\windows\system32\signtool.exe" sign -debug -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} ${QTBUILD}/release/${TARGET}.exe
	cp build/bin/${PLATFORM}/bitmask-helper build/bin/${PLATFORM}/bitmask-helper.exe
	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-file-version ${VERSION}
	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-product-version ${VERSION}
	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-version-string ProductName "bitmask-helper-v2"
	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-version-string CompanyName "LEAP Encryption Access Project"
	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-version-string FileDescription "Administrative helper for ${APPNAME}"
	"c:\windows\system32\signtool.exe" sign -debug -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} build/bin/${PLATFORM}/bitmask-helper.exe
endif

checksign:
ifeq (${PLATFORM}, windows)
	@"c:\windows\system32\sigcheck.exe" ${QTBUILD}/release/${TARGET}.exe
	@"c:\windows\system32\sigcheck.exe" build/bin/${PLATFORM}/bitmask-helper.exe
	@"c:\windows\system32\sigcheck.exe" "/c/Program Files/OpenVPN/bin/openvpn.exe"
endif

installer: check_qtifw checksign
	@mkdir -p ${INST_DATA}
	@cp -r ${TEMPLATES}/qtinstaller/packages ${INSTALLER}
	@cp -r ${TEMPLATES}/qtinstaller/installer.pro ${INSTALLER}
	@cp -r ${TEMPLATES}/qtinstaller/config ${INSTALLER}
	@cp ${VENDOR_PATH}/assets/icon.ico ${INSTALLER}/config/installer-icon.ico
	@cp ${VENDOR_PATH}/assets/icon.icns ${INSTALLER}/config/installer-icon.icns
	@cp ${VENDOR_PATH}/assets/installer-logo.png ${INSTALLER}/config/installer-logo.png
ifeq (${PLATFORM}, darwin)
	@mkdir -p ${INST_DATA}/helper
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/gen-qtinstaller osx ${INSTALLER}
	@cp "${TEMPLATES}/osx/bitmask.pf.conf" ${INST_DATA}helper/bitmask.pf.conf
	@cp "${TEMPLATES}/osx/client.up.sh" ${INST_DATA}/
	@cp "${TEMPLATES}/osx/client.down.sh" ${INST_DATA}/
	@cp "${TEMPLATES}/qtinstaller/osx-data/post-install.py" ${INST_ROOT}/
	@cp "${TEMPLATES}/qtinstaller/osx-data/uninstall.py" ${INST_ROOT}/
	@cp "${TEMPLATES}/qtinstaller/osx-data/se.leap.bitmask-helper.plist" ${INST_DATA}
	@cp $(OPENVPN_BIN) ${INST_DATA}/openvpn.leap
	@cp build/bin/${PLATFORM}/bitmask-helper ${INST_DATA}/
ifeq (${RELEASE}, yes)
	@echo "[+] Running macdeployqt (release mode)"
	@macdeployqt ${QTBUILD}/release/${PROVIDER}-vpn.app -qmldir=gui/qml ${MACDEPLOYQT_OPTS}
else
	@echo "[+] Running macdeployqt (debug mode)"
	@macdeployqt ${QTBUILD}/release/${PROVIDER}-vpn.app -qmldir=gui/qml
endif
	@cp -r "${QTBUILD}/release/${TARGET}.app"/ ${INST_DATA}/
endif
ifeq (${PLATFORM}, windows)
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/gen-qtinstaller windows ${INSTALLER}
	@cp build/bin/${PLATFORM}/bitmask-helper.exe ${INST_DATA}helper.exe
ifeq (${VENDOR_PATH}, providers)
	@cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.ico ${INST_DATA}/icon.ico
else
	@cp ${VENDOR_PATH}/assets/icon.ico ${INST_DATA}/icon.ico
endif
	@cp ${QTBUILD}/release/${TARGET}.exe ${INST_DATA}${TARGET}.exe
	# FIXME get the signed binaries with curl from openvpn downloads page.
	@cp "/c/Program Files/OpenVPN/bin/openvpn.exe" ${INST_DATA}
	@cp "/c/Program Files/OpenVPN/bin/"*.dll ${INST_DATA}
ifeq (${RELEASE}, yes)
	@windeployqt --release --qmldir gui/qml ${INST_DATA}${TARGET}.exe
else
	@windeployqt --qmldir gui/qml ${INST_DATA}${TARGET}.exe
endif
	# TODO stage it to shave some time
	@wget ${TAP_WINDOWS} -O ${INST_DATA}/tap-windows.exe
endif
ifeq (${PLATFORM}, linux)
	@VERSION=${VERSION} ${SCRIPTS}/gen-qtinstaller linux ${INSTALLER}
endif
	@echo "[+] All templates, binaries and libraries copied to build/installer."
	@echo "[+] Now building the installer."
	@cd build/installer && qmake VENDOR_PATH=${VENDOR_PATH} INSTALLER=${APPNAME}-installer-${VERSION} && make

sign_installer:
ifeq (${PLATFORM}, windows)
	# TODO add flag to skip signing for regular builds
	"c:\windows\system32\signtool.exe" sign -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} build/installer/${APPNAME}-installer-${VERSION}.exe
endif
ifeq (${PLATFORM}, darwin)
	gsed -i "s/com.yourcompany.installerbase/se.leap.bitmask.${TARGET}/g" build/installer/${APPNAME}-installer-${VERSION}.app/Contents/Info.plist
	codesign -s ${OSX_CERT} --options "runtime" build/installer/${APPNAME}-installer-${VERSION}.app
	ditto -ck --rsrc --sequesterRsrc build/installer/${APPNAME}-installer-${VERSION}.app build/installer/${APPNAME}-installer-${VERSION}.zip
endif

notarize_installer:
# courtesy of https://skyronic.com/2019/07/app-notarization-for-qt-applications/
ifeq (${PLATFORM}, darwin)
	xcrun altool --notarize-app -t osx -f build/installer/${APPNAME}-installer-${VERSION}.zip --primary-bundle-id="se.leap.bitmask.${TARGET}" -u "info@leap.se" -p ${OSXAPPPASS}
endif

notarize_check:
ifeq (${PLATFORM}, darwin)
	xcrun altool --notarization-info ${OSXMORDORUID} -u "info@leap.se" -p ${OSXAPPPASS}
endif

notarize_staple:
ifeq (${PLATFORM}, darwin)
	xcrun stapler staple build/installer/${APPNAME}-installer-${VERSION}.app
endif

create_dmg:
ifeq (${PLATFORM}, darwin)
	@create-dmg deploy/${APPNAME}-${VERSION}.dmg build/installer/${APPNAME}-installer-${VERSION}.app
endif


check_qtifw:
ifdef HAS_QTIFW
	@echo "[+] Found QTIFW"
else
	$(error "[!] Cannot find QTIFW. Please install it and add it to your PATH")
endif

clean:
	@rm -rf lib/*
	@rm -rf build/
	@unlink branding/assets/default || true


########################################################################
# tests
#########################################################################

qmllint:
	@qmllint gui/qml/*.qml

qmlfmt:
	# needs https://github.com/jesperhh/qmlfmt in your path
	@qmlfmt -w gui/qml/*.qml

test:
	@go test -tags "integration $(TAGS)" ./pkg/...

test_ui: build_golib
	@qmake -o tests/Makefile test.pro
	@make -C tests clean
	@make -C tests
ifeq ($(PLATFORM), windows)
	@./tests/build/test_ui.exe
else
	@./tests/build/test_ui
endif


#########################################################################
# packaging templates
#########################################################################

vendor_init:
	@VENDOR_PATH=${VENDOR_PATH} ./branding/scripts/init

vendor_check:
	@VENDOR_PATH=${VENDOR_PATH} ./branding/scripts/check ${PROVIDER}
ifeq (${SKIP_CACHECK}, no)
	@VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/check-ca-crt ${PROVIDER}
endif

vendor: gen_providers_json prepare_templates gen_pkg_snap gen_pkg_deb

gen_providers_json:
	@VENDOR_PATH=${VENDOR_PATH} branding/scripts/gen-providers-json gui/providers/providers.json

prepare_templates: generate tgz
	@mkdir -p build/${PROVIDER}/bin/ deploy
	@cp ${TEMPLATES}/makefile/Makefile build/${PROVIDER}/Makefile
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/generate-vendor-make build/${PROVIDER}/vendor.mk

generate:
	@go generate gui/backend.go
	@go generate pkg/config/version/genver/gen.go

TGZ_NAME = bitmask-vpn_${VERSION}-src
TGZ_PATH = $(shell pwd)/build/${TGZ_NAME}
tgz:
	@mkdir -p $(TGZ_PATH)
	git archive HEAD | tar -x -C $(TGZ_PATH)
	@cd build/ && tar czf bitmask-vpn_$(VERSION).tgz ${TGZ_NAME}
	@rm -rf $(TGZ_PATH)


gen_pkg_deb:
ifeq (${PLATFORM}, linux)
	@cp -r ${TEMPLATES}/debian build/${PROVIDER}
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/generate-debian build/${PROVIDER}/debian/data.json
	@mkdir -p build/${PROVIDER}/debian/icons/scalable && cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.svg build/${PROVIDER}/debian/icons/scalable/icon.svg
	@cd build/${PROVIDER}/debian && python3 generate.py
	@cd build/${PROVIDER}/debian && rm app.desktop-template changelog-template rules-template control-template generate.py data.json && chmod +x rules
endif

gen_pkg_snap:
ifeq (${PLATFORM}, linux)
	@cp -r ${TEMPLATES}/snap build/${PROVIDER}
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/generate-snap build/${PROVIDER}/snap/data.json
	@cp helpers/se.leap.bitmask.snap.policy build/${PROVIDER}/snap/local/pre/
	@cp helpers/bitmask-root build/${PROVIDER}/snap/local/pre/
	@cd build/${PROVIDER}/snap && python3 generate.py
	@rm build/${PROVIDER}/snap/data.json build/${PROVIDER}/snap/snapcraft-template.yaml
	@mkdir -p build/${PROVIDER}/snap/gui
ifeq (${VENDOR_PATH}, providers)
	@cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.svg build/${PROVIDER}/snap/gui/icon.svg
	@cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.png build/${PROVIDER}/snap/gui/${PROVIDER}-vpn.png
else
	@cp ${VENDOR_PATH}/assets/icon.svg build/${PROVIDER}/snap/gui/icon.svg
	@cp ${VENDOR_PATH}/assets/icon.png build/${PROVIDER}/snap/gui/${PROVIDER}-vpn.png
endif
	@rm build/${PROVIDER}/snap/generate.py
endif


#########################################################################
# packaging action
#########################################################################
run:
	./build/qt/release/riseup-vpn

builder_image:
	@make -C docker build

packages: package_deb package_snap package_osx package_win

package_win_release: build dosign installer sign_installer

package_win: build installer

package_snap_in_docker:
	@make -C docker package_snap

package_snap:
	@unlink snap || true
	@cp build/${PROVIDER}/snap/local/${TARGET}.desktop build/${PROVIDER}/snap/gui/
	@ln -s build/${PROVIDER}/snap snap
	@make -C build/${PROVIDER} pkg_snap

package_deb:
	@make -C build/${PROVIDER} pkg_deb

sign_artifact:
	@find ${FILE} -type f -not -name "*.asc" -print0 | xargs -0 -n1 -I{} sha256sum -b "{}" | sed 's/*deploy\///' > ${FILE}.sha256
	@gpg --clear-sign --armor ${FILE}.sha256

upload_artifact:
	scp ${FILE} downloads.leap.se:./
	scp ${FILE}.sha256.asc downloads.leap.se:./


#########################################################################
# icons & locales
#########################################################################

icon:
	@make -C icon


LANGS ?= $(foreach path,$(wildcard gui/i18n/main_*.ts),$(patsubst gui/i18n/main_%.ts,%,$(path)))

locales: $(foreach lang,$(LANGS),get_$(lang))

generate_locales:
	@lupdate bitmask.pro

get_%:
	@curl -L -X GET --user "api:${API_TOKEN}" "https://www.transifex.com/api/2/project/bitmask/resource/bitmask-vpn/translation/${subst -,_,$*}/?file" > gui/i18n/main_$*.ts