#!/usr/bin/env python

import subprocess
import tempfile
import argparse
import hashlib
import tarfile
import json
import os

parser = argparse.ArgumentParser()
parser.add_argument("--gpgdir", default = "/home/aptbot/gnupg", help = "gpg keyring directory")
parser.add_argument("--dir-name", help = "internal directory name for files")
parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
args = parser.parse_args()

tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile)

status = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
sha256 = {}

def tar_add(fn, name = None):
    if name is None:
        name = os.path.basename(fn)
    tar.add(fn, name if args.dir_name is None else os.path.join(args.dir_name, name))

for fn in args.firmware:
    with open(fn, "rb") as f:
        sha256[fn] = hashlib.sha256(f.read()).hexdigest()
    tar_add(fn)

with tempfile.NamedTemporaryFile() as f:
    gpg = subprocess.Popen(("gpg",
                            "--clearsign",
                            "--no-random-seed-file",
                            "--no-default-keyring",
                            "--no-permission-warning",
                            "--personal-digest-preferences", "SHA256",
                            "--keyring",        os.path.join(args.gpgdir, "pubring.gpg"),
                            "--secret-keyring", os.path.join(args.gpgdir, "secring.gpg"),
                            "--trustdb-name",   os.path.join(args.gpgdir, "trustdb.gpg")),
                           stdin = subprocess.PIPE, stdout = f)
    json.dump(dict(commits = status, sha256  = sha256), gpg.stdin, indent = 2)
    gpg.stdin.close()
    gpg.wait()
    tar_add(f.name, "MANIFEST")