# live-image/Makefile — builds the Debian live image that PXE-booted
# hosts land in. Requires a Linux host (or WSL) with mkosi installed.
# On native Windows this Makefile short-circuits with a clear message.

ifeq ($(OS),Windows_NT)
UNAME_S := Windows
else
UNAME_S := $(shell uname -s)
endif

REPO_ROOT := $(abspath ..)
AGENT_BIN := $(REPO_ROOT)/bin/vetting-agent.linux-amd64
MKOSI_EXTRA_AGENT := mkosi.extra/usr/local/sbin/vetting-agent

.PHONY: all check-linux check-initrd agent clean
all: check-linux $(MKOSI_EXTRA_AGENT)
	mkosi --force build
	$(MAKE) check-initrd

# Fail the build if the initrd doesn't actually contain the firmware
# blobs we need. Catches two failure modes:
#   1. Packages didn't install (apt/bootstrap component misconfigured) —
#      the size check trips.
#   2. Packages installed but update-initramfs didn't pack them
#      (MODULES=dep regression, initramfs-tools default drift) — the
#      blob presence check trips.
# Requires unmkinitramfs (from initramfs-tools on the build host).
check-initrd:
	@size=$$(stat -c%s build/initrd.img); \
	 min=$$((150 * 1024 * 1024)); \
	 if [ "$$size" -lt "$$min" ]; then \
	   echo "ERROR: initrd.img is $$size bytes (< $$min) — firmware almost certainly missing."; \
	   echo "       Check mkosi build log for missing packages or apt failures."; \
	   exit 1; \
	 fi
	@tmp=$$(mktemp -d); \
	 trap 'rm -rf "$$tmp"' EXIT; \
	 unmkinitramfs build/initrd.img "$$tmp" >/dev/null 2>&1 || { \
	   echo "ERROR: unmkinitramfs failed — initrd.img may be corrupt."; exit 1; }; \
	 if ! find "$$tmp" -path '*lib/firmware/i915/tgl_guc*' -print -quit | grep -q .; then \
	   echo "ERROR: i915/tgl_guc firmware missing from initrd."; \
	   echo "       Package installed but update-initramfs didn't pack /lib/firmware."; \
	   echo "       Check MODULES= in /etc/initramfs-tools/initramfs.conf."; \
	   exit 1; \
	 fi
	@echo "initrd.img OK ($$(du -h build/initrd.img | cut -f1), i915 firmware present)"

agent: $(AGENT_BIN)

$(AGENT_BIN):
	cd $(REPO_ROOT) && GOOS=linux GOARCH=amd64 go build -o $(AGENT_BIN) ./cmd/vetting-agent

# Stage the prebuilt agent into mkosi.extra/ so mkosi copies it into the
# image root without the postinst needing to reach outside the source tree.
$(MKOSI_EXTRA_AGENT): $(AGENT_BIN)
	install -D -m 0755 $< $@

check-linux:
ifneq ($(UNAME_S),Linux)
	@echo "ERROR: live-image must be built on Linux (you're on $(UNAME_S))."
	@echo "Run 'wsl make -C live-image all' from Windows instead."
	@exit 1
endif
	@command -v mkosi >/dev/null 2>&1 || { echo "ERROR: mkosi not installed. Try: apt install mkosi"; exit 1; }

clean:
	rm -rf build mkosi.output mkosi.cache
	rm -f $(MKOSI_EXTRA_AGENT)
