#!/bin/sh
# auto/config - live-build configuration for the bty live env.
#
# live-build invokes this script when (re)configuring the build dir
# (typically the first ``lb build`` run, and again whenever ``lb build``
# itself calls ``lb config``). Encodes our lb config args: Debian
# trixie, amd64, no debian-installer, no memtest, no apt recommends,
# no security.
#
# Two output modes, switched by the ``BTY_USB_ISO`` environment
# variable:
#
#   - **default (netboot)**: kernel + initrd + squashfs trio for the
#     ``live-x86`` PXE-flash flow. Server hosts these three files
#     over HTTP and clients chain into them via iPXE.
#   - **BTY_USB_ISO=1 (iso-hybrid)**: hybrid ISO image bootable from
#     CD or USB stick (BIOS + UEFI). Used by the ``usb-iso`` variant.
#     Adds ``--bootloaders syslinux,grub-efi`` for dual-firmware
#     boot. No ``bty.*`` cmdline params: USB-local boot has no
#     bty-server URL or self-MAC to pin, and ``bty-on-tty1.service``
#     fires unconditionally (v0.22.10+ retired the
#     ConditionKernelCommandLine gating).
#
# Both modes use the same chroot package set + hooks; only the binary
# packaging differs. ``lb build`` re-runs this script during its
# internal ``lb config`` step, so the env var must be set in the
# build invocation's environment - not just at the initial config
# call. ``cijoe/scripts/usb_iso_build.py`` does this via ``sudo env
# BTY_USB_ISO=1 lb build``.
#
# Requires live-build 20240208+ (Debian trixie or newer) which
# fetches ``dists/<release>/main/Contents-<arch>.gz`` from the
# per-component layout Debian now publishes. Ubuntu's stock
# live-build 20230502 still uses the obsolete top-level URL and
# 404s on every active Debian release; release.yml's live job
# pulls the trixie .deb explicitly to work around that.
set -e

# Plymouth was retired in v0.22.1: the kernel-stage graphical splash
# wedged plymouth-quit-wait on several Intel iGPUs (MS-01, EPYC
# bring-up box) and the mascot-splash value didn't justify the
# multi-layer workaround stack (cmdline disable + package purge +
# variant split). The live env now boots to plain kernel + systemd
# init messages; ``/etc/issue`` (rendered by agetty on tty1) carries
# the bty identity. ``plymouth.enable=0`` stays on the cmdline as
# belt-and-braces in case plymouth ever gets pulled in transitively
# by a future package change -- with no package installed it's a
# no-op.

# Transparency: NO ``quiet``, NO ``splash``. bty wants the full
# kernel + systemd boot stream visible on tty1/serial -- a wedge
# between `[ OK ] Started X` and `[ OK ] Started Y` is immediately
# diagnostic. Same reason plymouth was retired (v0.22.1): hiding
# init output makes operator debugging harder, polish is not worth
# the opacity.
if [ "${BTY_USB_ISO:-}" = "1" ]; then
    BINARY_IMAGES=iso-hybrid
    BOOTLOADERS_OPTS="--bootloaders syslinux,grub-efi"
    BOOTAPPEND="boot=live components noeject plymouth.enable=0 modprobe.blacklist=nouveau nouveau.modeset=0 bty.version=__BTY_VERSION__"
else
    BINARY_IMAGES=netboot
    BOOTLOADERS_OPTS=""
    # The PXE-flash chain (server's ipxe_flash.j2 / ipxe_tui.j2)
    # appends ``bty.server=...`` + ``bty.mac=...`` per-client at
    # render time, so the chroot's static bootappend doesn't carry
    # them.
    BOOTAPPEND="boot=live components plymouth.enable=0 modprobe.blacklist=nouveau nouveau.modeset=0 bty.version=__BTY_VERSION__"
fi

# shellcheck disable=SC2086 # BOOTLOADERS_OPTS is intentionally word-split
lb config noauto \
    --mode debian \
    --distribution trixie \
    --architectures amd64 \
    --archive-areas "main non-free-firmware" \
    --firmware-chroot true \
    --binary-images "${BINARY_IMAGES}" \
    --debian-installer none \
    --memtest none \
    --apt-recommends false \
    --security false \
    ${BOOTLOADERS_OPTS} \
    --bootappend-live "${BOOTAPPEND}" \
    "${@}"
# ``--archive-areas "main non-free-firmware"`` unlocks the
# ``firmware-*`` packages. Default areas are just ``main``, which
# silently drops every firmware blob and produces a live env where
# i915 wedges the GPU on probe and certain NIC / WiFi chipsets fail
# to load. Debian split ``non-free-firmware`` out of ``non-free``
# in bookworm precisely so this archive can be enabled on its own.
#
# ``--firmware-chroot true`` pulls ``firmware-linux-nonfree`` (a
# metapackage that Depends on EVERY individual nonfree ``firmware-*``
# package: realtek, iwlwifi, atheros, brcm80211, mediatek, ath11k,
# bnx2/bnx2x, netronome, nvidia-graphics, amd-graphics, and a long
# tail of server-NIC + old-WiFi blobs). The size cost (~300 MiB
# compressed) buys "boots on whatever bare-metal box the operator
# points it at" -- the alternative is the operator hits a missing
# firmware -> driver init failure -> dead NIC and can't proceed.
# A curated list is too narrow: Realtek WiFi/BT chipsets alone
# span half a dozen firmware packages and consumer mini-PCs cycle
# them quickly.
# The trixie-backports archive layered via
# ``config/archives/backports.list.chroot`` plus the pin in
# ``config/preferences/backports.pref.chroot`` makes apt pull the
# newest kernel + firmware Debian ships, not just trixie's.
# Bootloader-menu suppression: see
# ``hooks/binary/0500-bty-skip-bootloader-menu.hook.binary``. Don't
# add ``--syslinux-timeout`` here -- live-build trixie doesn't
# recognise that flag and ``lb config`` errors out.
