#!/usr/bin/env bash

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
USBBOOT_DIR="${SCRIPT_DIR}/usbboot"
TOOLS_SCRIPT="${USBBOOT_DIR}/tools/rpi-eeprom-digest"
MSD_DIR="${USBBOOT_DIR}/secure-boot-msd"
KEY_FILE="${SCRIPT_DIR}/private.pem"

if [[ ! -d "${USBBOOT_DIR}" ]]; then
  echo "Error: usbboot/ directory not found at ${USBBOOT_DIR}." >&2
  exit 1
fi

if [[ ! -f "${TOOLS_SCRIPT}" ]]; then
  echo "rpi-eeprom-digest not found at ${TOOLS_SCRIPT}, initialising usbboot submodules..." >&2
  (
    cd "${USBBOOT_DIR}" &&
    git submodule update --init
  )

  if [[ ! -f "${TOOLS_SCRIPT}" ]]; then
    echo "Error: rpi-eeprom-digest still not found at ${TOOLS_SCRIPT} after submodule init." >&2
    exit 1
  fi
fi

if [[ ! -d "${MSD_DIR}" ]]; then
  echo "Error: secure-boot-msd directory not found at ${MSD_DIR}." >&2
  exit 1
fi

if [[ ! -f "${MSD_DIR}/boot.img" ]]; then
  echo "Error: boot.img not found at ${MSD_DIR}/boot.img." >&2
  exit 1
fi

if [[ ! -f "${KEY_FILE}" ]]; then
  echo "Error: private key not found at ${KEY_FILE}." >&2
  exit 1
fi

echo "Signing ${MSD_DIR}/boot.img with key ${KEY_FILE}..."

# Call the helper script via bash to avoid executable/symlink issues
bash "${TOOLS_SCRIPT}" -i "${MSD_DIR}/boot.img" -o "${MSD_DIR}/boot.sig" -k "${KEY_FILE}"

echo "Created ${MSD_DIR}/boot.sig"