#!/bin/sh
# $Id: anubis.SlackBuild,v 1.6 2025/09/07 12:23:37 root Exp root $
# Copyright 2025  Eric Hameleers, Eindhoven, NL
# All rights reserved.
#
#   Permission to use, copy, modify, and distribute this software for
#   any purpose with or without fee is hereby granted, provided that
#   the above copyright notice and this permission notice appear in all
#   copies.
#
#   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
#   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
#   IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
#   SUCH DAMAGE.
# -----------------------------------------------------------------------------
#
# Slackware SlackBuild script 
# ===========================
# By:          Eric Hameleers <alien@slackware.com>
# For:         anubis
# Descr:       reverse proxy to protect against scraper bots
# URL:         https://anubis.techaro.lol/
# Build needs: esbuild, (Slackware 15.0:) google-go-lang
# Needs:       
# Changelog:   
# 1.21.3-1:    24/aug/2025 by Eric Hameleers <alien@slackware.com>
#              * Initial build.
# 1.22.0-1:    07/sep/2025 by Eric Hameleers <alien@slackware.com>
#              * Update.
# 1.23.1-1:    18/dec/2025 by Eric Hameleers <alien@slackware.com>
#              * Update.
# 
# Run 'sh anubis.SlackBuild' to build a Slackware package.
# The package (.t?z) and .txt file as well as build logs are created in /tmp .
# Install the package using 'installpkg' or 'upgradepkg --install-new'.
#
# -----------------------------------------------------------------------------

PRGNAM=anubis
VERSION=${VERSION:-1.23.1}
BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(nproc) "}
TAG=${TAG:-alien}

DOCS="LICENSE README.md VERSION data docs/docs/*"

# User 'anubis' (uidNr=390) and group 'anubis' (grpId=390) are also used by SBo.
ANUBIS_UID=${ANUBIS_UID:-390}
ANUBIS_GID=${ANUBIS_GID:-390}
ANUBIS_HOME="/var/run/anubis"

# Where do we look for sources?
SRCDIR=$(cd $(dirname $0); pwd)

# Place to build (TMP) package (PKG) and output (OUTPUT) the program:
TMP=${TMP:-/tmp/build}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

SOURCE[0]="$SRCDIR/${PRGNAM}-src-vendor-${VERSION}.tar.gz"
SRCURL[0]="https://github.com/TecharoHQ/${PRGNAM}/releases/download/v${VERSION}/${PRGNAM}-src-vendor-${VERSION}.tar.gz"

SOURCE[1]="$SRCDIR/${PRGNAM}-src-vendor-${VERSION}.tar.gz.asc"
SRCURL[1]="https://github.com/TecharoHQ/${PRGNAM}/releases/download/v${VERSION}/${PRGNAM}-src-vendor-${VERSION}.tar.gz.asc"

##
## --- with a little luck, you won't have to edit below this point --- ##
##

# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
  case "$(uname -m)" in
    i?86) ARCH=i586 ;;
    arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
    # Unless $ARCH is already set, use uname -m for all other archs:
    *) ARCH=$(uname -m) ;;
  esac
  export ARCH
fi
# Set CFLAGS/CXXFLAGS and LIBDIRSUFFIX:
case "$ARCH" in
  i?86)      SLKCFLAGS="-O2 -march=${ARCH} -mtune=i686"
             SLKLDFLAGS=""; LIBDIRSUFFIX=""
             ;;
  x86_64)    SLKCFLAGS="-O2 -fPIC"
             SLKLDFLAGS="-L/usr/lib64"; LIBDIRSUFFIX="64"
             ;;
  armv7hl)   SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16"
             SLKLDFLAGS=""; LIBDIRSUFFIX=""
             ;;
  *)         SLKCFLAGS=${SLKCFLAGS:-"-O2"}
             SLKLDFLAGS=${SLKLDFLAGS:-""}; LIBDIRSUFFIX=${LIBDIRSUFFIX:-""}
             ;;
esac

case "$ARCH" in
    arm*)    TARGET=$ARCH-slackware-linux-gnueabi ;;
    *)       TARGET=$ARCH-slackware-linux ;;
esac

# Exit the script on errors:
set -e
trap 'echo "$0 FAILED at line ${LINENO}" | tee $OUTPUT/error-${PRGNAM}.log' ERR
# Catch unitialized variables:
set -u
P1=${1:-1}

# Save old umask and set to 0022:
_UMASK_=$(umask)
umask 0022

# Create working directories:
mkdir -p $OUTPUT          # place for the package to be saved
mkdir -p $TMP/tmp-$PRGNAM # location to build the source
mkdir -p $PKG             # place for the package to be built
rm -rf $PKG/*             # always erase old package's contents
rm -rf $TMP/tmp-$PRGNAM/* # remove the remnants of previous build
rm -rf $OUTPUT/{checkout,configure,make,install,error,makepkg,patch}-$PRGNAM.log
                          # remove old log files

# Source file availability:
for (( i = 0; i < ${#SOURCE[*]}; i++ )) ; do
  if ! [ -f ${SOURCE[$i]} ]; then
    echo "Source '$(basename ${SOURCE[$i]})' not available yet..."
    # Check if the $SRCDIR is writable at all - if not, download to $OUTPUT
    [ -w "$SRCDIR" ] || SOURCE[$i]="$OUTPUT/$(basename ${SOURCE[$i]})"
    if [ -f ${SOURCE[$i]} ]; then echo "Ah, found it!"; continue; fi
    if ! [ "x${SRCURL[$i]}" == "x" ]; then
      echo "Will download file to $(dirname $SOURCE[$i])"
      wget --no-check-certificate -nv -T 20 -O "${SOURCE[$i]}" "${SRCURL[$i]}" || true
      if [ $? -ne 0 -o ! -s "${SOURCE[$i]}" ]; then
        echo "Fail to download '$(basename ${SOURCE[$i]})'. Aborting the build."
        mv -f "${SOURCE[$i]}" "${SOURCE[$i]}".FAIL
        exit 1
      fi
    else
      echo "File '$(basename ${SOURCE[$i]})' not available. Aborting the build."
      exit 1
    fi
  fi
done

if [ "$P1" == "--download" ]; then
  echo "Download complete."
  exit 0
fi

# --- PACKAGE BUILDING ---

echo "++"
echo "|| $PRGNAM-$VERSION"
echo "++"

cd $TMP/tmp-$PRGNAM
echo "Extracting the source archive(s) for $PRGNAM..."
tar -xf ${SOURCE[0]}
cd ${PRGNAM}-src-vendor-${VERSION}
chown -R root:root .
chmod -R u+w,go+r-w,a+rX-st .

echo Building ...
export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"

# Generate the assets to be embedded in anubis:
make assets \
  2>&1 | tee $OUTPUT/configure-${PRGNAM}.log
# Generate the final binaries with the correct version stamped into them:
make prebaked-build \
  2>&1 | tee $OUTPUT/make-${PRGNAM}.log

# Manually install the binaries:
install -D -m0755 -t $PKG/usr/bin ./var/anubis
install -D -m0755 ./var/robots2policy $PKG/usr/bin/anubis-robots2policy
# The startup script:
install -D -m0775 -t $PKG/etc/rc.d $SRCDIR/rc.anubis.new
# The startup script defaults:
mkdir $PKG/etc/anubis
cat <<EOT > $PKG/etc/anubis/default.env.new
# Leave bind/port values empty to use UNIX sockets instead:
BIND=127.0.0.1:8923
DIFFICULTY=4
METRICS_BIND=127.0.0.1:9090
TARGET=http://localhost:3000
ANUBIS_OPTS=""
#ANUBIS_OPTS="-serve-robots-txt -policy-fname /path/to/policy.yaml"
EOT

# Create the logging directory:
mkdir -p $PKG/var/log/anubis
chown ${ANUBIS_UID}:root $PKG/var/log/anubis
chmod 0770 $PKG/var/log/anubis

# Add a logrotate script:
install -D -m0644 $SRCDIR/anubis.logrotate $PKG/etc/logrotate.d/anubis.new

# Add this to the doinst.sh:
mkdir -p $PKG/install
cat <<EOINS >> $PKG/install/doinst.sh
# Handle the incoming configuration files:
config() {
  for infile in \$1; do
    NEW="\$infile"
    OLD="\$(dirname \$NEW)/\$(basename \$NEW .new)"
    # If there's no config file by that name, mv it over:
    if [ ! -r \$OLD ]; then
      mv \$NEW \$OLD
    elif [ "\$(cat \$OLD | md5sum)" = "\$(cat \$NEW | md5sum)" ]; then
      # toss the redundant copy
      rm \$NEW
    fi
    # Otherwise, we leave the .new copy for the admin to consider...
  done
}

preserve_perms() {
  NEW="\$1"
  OLD="\$(dirname \$NEW)/\$(basename \$NEW .new)"
  if [ -e \$OLD ]; then
    cp -a \$OLD \${NEW}.incoming
    cat \$NEW > \${NEW}.incoming
    mv \${NEW}.incoming \$NEW
  fi
  config \$NEW
}

preserve_perms etc/rc.d/rc.anubis.new
config etc/anubis/default.env.new
config etc/logrotate.d/anubis.new

# Only way to create and use the correct uid and gid on the target system,
# is to use chroot:
chroot . <<EOR 2>/dev/null
# Add the '${ANUBIS_GID}' group if it doesn't exist already:
/usr/sbin/groupadd -g ${ANUBIS_GID} anubis 2> /dev/null

# Add the '${ANUBIS_UID}' user if it doesn't exist already:
/usr/sbin/useradd -c "Anubis Web AI Firewall" -d ${ANUBIS_HOME} -M \\
  -s "/bin/false" -g ${ANUBIS_GID} -u ${ANUBIS_UID} anubis 2> /dev/null
EOR

# Update rc.local so that Anubis daemon will be started on boot
if ! grep "rc.anubis" etc/rc.d/rc.local 1>/dev/null 2>&1 ; then
  cat <<_EOM_ >> etc/rc.d/rc.local

if [ -x /etc/rc.d/rc.anubis ]; then
  # Start Anubis Web AI Firewall
  echo "Starting Anubis WAF daemon:    /etc/rc.d/rc.anubis start"
  /etc/rc.d/rc.anubis start
fi
_EOM_
fi

EOINS

# Add documentation:
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION || true
cat $SRCDIR/$(basename $0) > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
chown -R root:root $PKG/usr/doc/$PRGNAM-$VERSION
find $PKG/usr/doc -type f -exec chmod 644 {} \;

# Compress the man page(s):
if [ -d $PKG/usr/man ]; then
  find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \;
  for i in $(find $PKG/usr/man -type l -name "*.?") ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
fi

# Strip binaries (if any):
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

# Add a package description:
mkdir -p $PKG/install
cat $SRCDIR/slack-desc > $PKG/install/slack-desc

# Build the package:
cd $PKG
makepkg --linkadd y --chown n $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz} 2>&1 | tee $OUTPUT/makepkg-${PRGNAM}.log
cd $OUTPUT
md5sum ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz} > ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz}.md5
cd -
cat $PKG/install/slack-desc | grep "^${PRGNAM}" > $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.txt

# Restore the original umask:
umask ${_UMASK_}