RELEASE_NAME=buster
RELEASE_NO=10
TARGET_DIR=./rootfs_${RELEASE_NAME}
SOURCES_DATE=20230611T103552Z
RELEASE_DATE="2023-06-11T10:35:52Z"
# SOURCES_DATE=20190608T160814Z
# RELEASE_DATE=2019-06-08T16:08:14Z
ROOTFS_TAR=rootfs_${RELEASE_NAME}-${SOURCES_DATE}.tar.xz
KEYRING_DATE=2023.3
KEYRING=${KEYRING_DIR}/${RELEASE_NAME}-${SOURCES_DATE}_Release.gpg
HOST_KEYS=yes


# Signing keys that are current should be downloaded, where signing keys have 
# been removed set HOST_KEYS to yes.
echo "***** set keyring."
if [ "${HOST_KEYS}" ]; then
	# debian-archive-keyring provides: 
	# /usr/share/keyrings/debian-archive-removed-keys.gpg
	# /usr/share/keyrings/debian-archive-keyrings.gpg
	# KEYRING="/usr/share/keyrings/debian-archive-removed-keys.gpg"
	KEYRING="/usr/share/keyrings/debian-archive-keyring.gpg"
else
	# Use release keys from snapshot rather than removed keys from hosts debian-archive-keyring package.
	# wget -q -c https://ftp-master.debian.org/keys/release-${RELEASE_NO}.asc -qO- | \
	# 	gpg --import --no-default-keyring --keyring ./debian-${RELEASE_NO}.gpg
       	# KEYRING="./debian-${RELEASE_NO}.gpg"
	wget -c -qO "${KEYRING}" http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/dists/${RELEASE_NAME}/Release.gpg
fi


echo "***** initialize the chroot."
# Be explicit with the debootstrap script (jessie name collision under devuan)
DEBOOTSTRAP_SCRIPT="/usr/share/debootstrap/scripts/${RELEASE_NAME}"
if [ ! -d ${TARGET_DIR} ]; then
	debuerreotype-init --keyring "${KEYRING}" --debootstrap-script ${DEBOOTSTRAP_SCRIPT} ${TARGET_DIR} ${RELEASE_NAME} ${RELEASE_DATE}
else
	echo "Target dir exists: ${TARGET_DIR} skipping init."
fi

# catch the failure of init.
if [ ! -f ${TARGET_DIR}/debuerreotype-epoch ]; then
	echo "***** init failed to create the epoch file."
else
	echo "***** Found: $(ls ${TARGET_DIR}/debuerreotype-epoch)"
fi


echo "***** install snapshot keyring."
mkdir -p ${TARGET_DIR}/var/tmp
wget -c -q -O ${TARGET_DIR}/var/tmp/debian-archive-keyring_${KEYRING_DATE}_all.deb https://snapshot.debian.org/archive/debian/${SOURCES_DATE}/pool/main/d/debian-archive-keyring/debian-archive-keyring_${KEYRING_DATE}_all.deb || exit 1

debuerreotype-chroot ${TARGET_DIR} bash -c 'dpkg -i /var/tmp/debian-archive-keyring*deb && apt-get -y install'
debuerreotype-chroot ${TARGET_DIR} bash -c "apt-key update"

# This must match the output of `apt-key list` in the base image which sometimes changes between releases.
# jessie apt 1.0.9.8.4
echo "***** Adding finger prints."
debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"\$(apt-key finger | grep -v '\[expired' | grep 'Key fingerprint =' | awk -F' = ' '{getline;print substr(\$0, length(\$0)-18)}' | sed 's/ //g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys"

# bullseye apt 2.6.1devuan1
# debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"$(apt-key finger | grep -v '\[expired' | awk -F' ' '/pub/{getline;print substr($0, length($0)-18)}' | sed 's/ *//g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys"

echo "***** Adding sources."
mkdir -p ${TARGET_DIR}/etc/apt
# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
# deb http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
# deb http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}/updates main contrib non-free
# EOF

cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
deb [trusted=yes] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
deb [trusted=yes] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}/updates main contrib non-free
EOF

# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
# deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
# deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}/updates main contrib non-free
# EOF



echo "***** Adding apt config. Snapshot fixes."
mkdir -p ${TARGET_DIR}/etc/apt/apt.conf.d/
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/10_snapshot-fixes << EOF
Acquire::Check-Valid-Until "false";
Acquire::http::Dl-Limit "1000";
Acquire::https::Dl-Limit "1000";
Acquire::Retries "5";
EOF

echo "***** Adding apt config. No recommends."
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_recommends << EOF
APT::Install-Recommends "0";
APT::AutoRemove::RecommendsImportant "false";
EOF

echo "***** Adding apt config. No suggests."
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_suggests << EOF
APT::Install-Suggests "0";
APT::AutoRemove::SuggestsImportant "false";
EOF

echo "***** Running apt-get update."
debuerreotype-apt-get ${TARGET_DIR} update -qq
debuerreotype-recalculate-epoch "${TARGET_DIR}"

debuerreotype-apt-get ${TARGET_DIR} install -y --allow-change-held-packages apt-transport-https ca-certificates debian-archive-keyring sudo
debuerreotype-chroot ${TARGET_DIR} bash -c 'update-ca-certificates'

debuerreotype-apt-get ${TARGET_DIR} dist-upgrade -yqq

mkdir -p ${TARGET_DIR}/var/tmp
#cp packages.list_tonny-20170617T034212Z rootfs/var/tmp/packages.list

echo "***** Installing dselect."
debuerreotype-apt-get ${TARGET_DIR} install -y --allow-change-held-packages dselect


# This should be done in the Dockerfile.
#debuerreotype-chroot ${TARGET_DIR} bash -c "dpkg --set-selections 2>&1 < /var/tmp/packages.list"

# This should be done in the Dockerfile.
# echo "***** Installing evolution."
# debuerreotype-chroot ${TARGET_DIR} bash -c 'dselect update'
# debuerreotype-apt-get ${TARGET_DIR} install -y -u dselect-upgrade
# debuerreotype-apt-get ${TARGET_DIR} install -y --allow-change-held-packages evolution dbus-x11
debuerreotype-apt-get ${TARGET_DIR} install -y -f


echo "***** Minimizing and slimifying."
debuerreotype-minimizing-config ${TARGET_DIR}
debuerreotype-slimify ${TARGET_DIR}


echo "***** Taring the rootfs."
debuerreotype-tar ${TARGET_DIR} ${ROOTFS_TAR}

# Remove the dated copy before creating the new one.
rm -rf ${TARGET_DIR}-${SOURCES_DATE} 
mv ${TARGET_DIR} ${TARGET_DIR}-${SOURCES_DATE}

# Copy this script to a corresponding dated version.
SCRIPT_NAME="$(basename "$0")"
cp ./"${SCRIPT_NAME}" ./"${SCRIPT_NAME}-${SOURCES_DATE}"