#!/bin/bash
set -eu

# Check secureboot.d/how-to-contribute-to-secureboot.d.md on how this script works
# and how to contribute with other vendors

# Environment variables:
#
# SHIM_FULLPATH_BINARY
# GRUB_FULLPATH_BINARY
# SHIM_FULLPATH_SOURCE_CODE_TAR_GZ
# GRUB_FULLPATH_SOURCE_CODE_TAR_GZ

SHIM_SIGNED_DEB_URL='https://snapshot.debian.org/archive/debian/20230309T024347Z/pool/main/s/shim-signed/shim-signed_1.39+15.7-1_amd64.deb'
SHIM_SIGNED_TAR_XZ_URL='https://snapshot.debian.org/archive/debian/20230309T024347Z/pool/main/s/shim-signed/shim-signed_1.39.tar.xz'
SHIM_SIGNED_DSC_URL='https://snapshot.debian.org/archive/debian/20230309T024347Z/pool/main/s/shim-signed/shim-signed_1.39.dsc'
SHIM_SIGNED_DEB=$(basename "${SHIM_SIGNED_DEB_URL}")

GRUB_EFI_AMD64_SIGNED_DEB_URL='https://snapshot.debian.org/archive/debian/20231011T085836Z/pool/main/g/grub-efi-amd64-signed/grub-efi-amd64-signed_1+2.06+13+deb12u1_amd64.deb'
GRUB_EFI_AMD64_SIGNED_TAR_XZ_URL='https://snapshot.debian.org/archive/debian/20231011T085836Z/pool/main/g/grub-efi-amd64-signed/grub-efi-amd64-signed_1+2.06+13+deb12u1.tar.xz'
GRUB_EFI_AMD64_SIGNED_DSC_URL='https://snapshot.debian.org/archive/debian/20231011T085836Z/pool/main/g/grub-efi-amd64-signed/grub-efi-amd64-signed_1+2.06+13+deb12u1.dsc'
GRUB_EFI_AMD64_SIGNED_DEB=$(basename "${GRUB_EFI_AMD64_SIGNED_DEB_URL}")

SHIM_DEBIAN_TAR_XZ_URL='https://snapshot.debian.org/archive/debian/20230201T153118Z/pool/main/s/shim/shim_15.7-1.debian.tar.xz'
SHIM_DSC_URL='https://snapshot.debian.org/archive/debian/20230201T153118Z/pool/main/s/shim/shim_15.7-1.dsc'
SHIM_ORIG_TAR_BZ2_URL='https://snapshot.debian.org/archive/debian/20230201T153118Z/pool/main/s/shim/shim_15.7.orig.tar.bz2'

GRUB2_DEBIAN_TAR_XZ_URL='https://snapshot.debian.org/archive/debian/20231011T085836Z/pool/main/g/grub2/grub2_2.06-13+deb12u1.debian.tar.xz'
GRUB2_DSC_URL='https://snapshot.debian.org/archive/debian/20231011T085836Z/pool/main/g/grub2/grub2_2.06-13+deb12u1.dsc'
GRUB2_ORIG_TAR_XZ_URL='https://snapshot.debian.org/archive/debian/20211128T160803Z/pool/main/g/grub2/grub2_2.06.orig.tar.xz'

# Definitions
SB_VENDOR="debian"
SB_EFI_PLATFORM="x64"
CURRENT_DIRECTORY="$(pwd)"
DOWNLOAD_TMP_DIR="${CURRENT_DIRECTORY}-${SB_VENDOR}-${SB_EFI_PLATFORM}-tmp"

if [ ! -d "${DOWNLOAD_TMP_DIR}" ] ; then
  mkdir "${DOWNLOAD_TMP_DIR}"
fi

# Signed SHIM Binary download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'shim-download'
cd 'shim-download'
wget -q "${SHIM_SIGNED_DEB_URL}"
dpkg-deb -x ${SHIM_SIGNED_DEB} ./

# Signed SHIM Binary final copy
cp usr/lib/shim/shimx64.efi.signed ${SHIM_FULLPATH_BINARY}

# Signed GRUB Binary download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'grub-download'
cd 'grub-download'
wget -q "${GRUB_EFI_AMD64_SIGNED_DEB_URL}"
dpkg-deb -x ${GRUB_EFI_AMD64_SIGNED_DEB} ./

# Signed GRUB Binary final copy
cp usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed ${GRUB_FULLPATH_BINARY}

# Signed SHIM Source code download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'shim-src-download'
cd 'shim-src-download'
wget -q "${SHIM_SIGNED_TAR_XZ_URL}"
wget -q "${SHIM_SIGNED_DSC_URL}"

wget -q "${SHIM_DEBIAN_TAR_XZ_URL}"
wget -q "${SHIM_DSC_URL}"

wget -q "${SHIM_ORIG_TAR_BZ2_URL}"

# Signed SHIM Source code final copy
cd ${DOWNLOAD_TMP_DIR}
tar czf "${SB_VENDOR}-${SB_EFI_PLATFORM}-shim-sourcecode.tar.gz" 'shim-src-download'
cp "${SB_VENDOR}-${SB_EFI_PLATFORM}-shim-sourcecode.tar.gz" "${SHIM_FULLPATH_SOURCE_CODE_TAR_GZ}"

# Signed GRUB Source code download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'grub-src-download'
cd 'grub-src-download'

wget -q "${GRUB_EFI_AMD64_SIGNED_TAR_XZ_URL}"
wget -q "${GRUB_EFI_AMD64_SIGNED_DSC_URL}"

wget -q "${GRUB2_DEBIAN_TAR_XZ_URL}"
wget -q "${GRUB2_DSC_URL}"

wget -q "${GRUB2_ORIG_TAR_XZ_URL}"

# Signed GRUB Source code final copy
cd ${DOWNLOAD_TMP_DIR}
tar czf "${SB_VENDOR}-${SB_EFI_PLATFORM}-grub-sourcecode.tar.gz" 'grub-src-download'
cp "${SB_VENDOR}-${SB_EFI_PLATFORM}-grub-sourcecode.tar.gz" "${GRUB_FULLPATH_SOURCE_CODE_TAR_GZ}"

# Make sure to download temporary directory
rm -rf ${DOWNLOAD_TMP_DIR}

# Make sure to come back to the original directory
cd ${CURRENT_DIRECTORY}
