#!/bin/bash
set -eu

# Check secureboot.d/how-to-contribute-to-secureboot.d.md on how this script works
# and how to contribute with other vendors

# Environment variables:
#
# SHIM_FULLPATH_BINARY
# GRUB_FULLPATH_BINARY
# SHIM_FULLPATH_SOURCE_CODE_TAR_GZ
# GRUB_FULLPATH_SOURCE_CODE_TAR_GZ

SHIM_SIGNED_DEB_URL='http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.51.3+15.7-0ubuntu1_amd64.deb'
SHIM_SIGNED_TAR_XZ_URL='http://archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.51.3.tar.xz'
SHIM_SIGNED_DSC_URL='http://archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.51.3.dsc'
SHIM_SIGNED_DEB=$(basename "${SHIM_SIGNED_DEB_URL}")

GRUB_EFI_AMD64_SIGNED_DEB_URL='http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.187.6+2.06-2ubuntu14.4_amd64.deb'
GRUB2_SIGNED_TAR_XZ_URL='http://archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub2-signed_1.187.6.tar.xz'
GRUB2_SIGNED_DSC_URL='http://archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub2-signed_1.187.6.dsc'
GRUB_EFI_AMD64_SIGNED_DEB=$(basename "${GRUB_EFI_AMD64_SIGNED_DEB_URL}")

SHIM_DEBIAN_TAR_XZ_URL='http://archive.ubuntu.com/ubuntu/pool/main/s/shim/shim_15.7-0ubuntu1.debian.tar.xz'
SHIM_DSC_URL='http://archive.ubuntu.com/ubuntu/pool/main/s/shim/shim_15.7-0ubuntu1.dsc'
SHIM_ORIG_TAR_BZ2_URL='http://archive.ubuntu.com/ubuntu/pool/main/s/shim/shim_15.7.orig.tar.bz2'

GRUB2_DEBIAN_TAR_XZ_URL='http://archive.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_2.06-2ubuntu7.2.debian.tar.xz'
GRUB2_DSC_URL='http://archive.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_2.06-2ubuntu7.2.dsc'
GRUB2_ORIG_TAR_XZ_URL='http://archive.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_2.06.orig.tar.xz'

# Definitions
SB_VENDOR="ubuntu"
SB_EFI_PLATFORM="x64"
CURRENT_DIRECTORY="$(pwd)"
DOWNLOAD_TMP_DIR="${CURRENT_DIRECTORY}-${SB_VENDOR}-${SB_EFI_PLATFORM}-tmp"

if [ ! -d "${DOWNLOAD_TMP_DIR}" ] ; then
  mkdir "${DOWNLOAD_TMP_DIR}"
fi

# Signed SHIM Binary download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'shim-download'
cd 'shim-download'
wget -q "${SHIM_SIGNED_DEB_URL}"
dpkg-deb -x ${SHIM_SIGNED_DEB} ./

# Signed SHIM Binary final copy
cp usr/lib/shim/shim${SB_EFI_PLATFORM}.efi.dualsigned ${SHIM_FULLPATH_BINARY}

# Signed GRUB Binary download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'grub-download'
cd 'grub-download'
wget -q "${GRUB_EFI_AMD64_SIGNED_DEB_URL}"
ar x ${GRUB_EFI_AMD64_SIGNED_DEB}
zstd -d data.tar.zst -o data.tar
tar xf data.tar

# Signed GRUB Binary final copy
cp usr/lib/grub/x86_64-efi-signed/grub${SB_EFI_PLATFORM}.efi.signed ${GRUB_FULLPATH_BINARY}

# Signed SHIM Source code download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'shim-src-download'
cd 'shim-src-download'
wget -q "${SHIM_SIGNED_TAR_XZ_URL}"
wget -q "${SHIM_SIGNED_DSC_URL}"

wget -q "${SHIM_DEBIAN_TAR_XZ_URL}"
wget -q "${SHIM_DSC_URL}"

wget -q "${SHIM_ORIG_TAR_BZ2_URL}"

# Signed SHIM Source code final copy
cd ${DOWNLOAD_TMP_DIR}
tar czf "${SB_VENDOR}-${SB_EFI_PLATFORM}-shim-sourcecode.tar.gz" 'shim-src-download'
cp "${SB_VENDOR}-${SB_EFI_PLATFORM}-shim-sourcecode.tar.gz" "${SHIM_FULLPATH_SOURCE_CODE_TAR_GZ}"

# Signed GRUB Source code download
cd ${DOWNLOAD_TMP_DIR}
mkdir 'grub-src-download'
cd 'grub-src-download'

wget -q "${GRUB2_SIGNED_TAR_XZ_URL}"
wget -q "${GRUB2_SIGNED_DSC_URL}"

wget -q "${GRUB2_DEBIAN_TAR_XZ_URL}"
wget -q "${GRUB2_DSC_URL}"

wget -q "${GRUB2_ORIG_TAR_XZ_URL}"

# Signed GRUB Source code final copy
cd ${DOWNLOAD_TMP_DIR}
tar czf "${SB_VENDOR}-${SB_EFI_PLATFORM}-grub-sourcecode.tar.gz" 'grub-src-download'
cp "${SB_VENDOR}-${SB_EFI_PLATFORM}-grub-sourcecode.tar.gz" "${GRUB_FULLPATH_SOURCE_CODE_TAR_GZ}"

# Make sure to download temporary directory
rm -rf ${DOWNLOAD_TMP_DIR}

# Make sure to come back to the original directory
cd ${CURRENT_DIRECTORY}
