#!/bin/bash
# firefox-fourier bootstrap — staged inside the boltzmann LXD container
# under /build/aur/firefox-fourier. Idempotent on rerun.
#
# Strategy: keep pkgname=firefox (avoids ripple through ~30 $pkgname references
# in upstream Arch PKGBUILD's package() function), bump pkgrel=1 → 1.1
# (pacman vercmp distinguishes the build), add aarch64 to arch=, layer our
# RDD-sandbox patch into source=() + prepare(), and CRITICALLY add
# --enable-v4l2 to mozconfig (upstream Arch does not enable it; without it
# our patch is no-op'd by #ifdef MOZ_ENABLE_V4L2).
#
# Phase 6 finding 2026-05-04: --enable-v4l2 absence was Sonnet's miss. Caught
# at the actual mozconfig read; fixed before makepkg.

set -euo pipefail

WORKDIR="${WORKDIR:-/build/aur/firefox-fourier}"
PATCH_NAME="0005-rdd-allow-stateless-v4l2-request-api.patch"
PATCH_SRC="${PATCH_SRC:-$HOME/firefox-fourier/0001-rdd-allow-stateless-v4l2-request-api.patch}"
GITLAB_BASE="https://gitlab.archlinux.org/archlinux/packaging/packages/firefox/-/raw/main"

# pacman-contrib provides updpkgsums (regenerates sha256/b2sums in PKGBUILD).
# Install if missing.
if ! command -v updpkgsums >/dev/null; then
  echo "==> Installing pacman-contrib for updpkgsums"
  sudo pacman -S --noconfirm --needed pacman-contrib
fi

echo "==> Working dir: $WORKDIR"
mkdir -p "$WORKDIR"
cd "$WORKDIR"

echo "==> Fetching upstream Arch PKGBUILD"
curl -fsSL -o PKGBUILD.upstream "$GITLAB_BASE/PKGBUILD"

# Companion files referenced in source=()
COMPANIONS=(
  firefox-symbolic.svg
  firefox.desktop
  org.mozilla.firefox.metainfo.xml
  0001-Install-under-remoting-name.patch
  0002-Bug-2033279-Make-enable-rust-simd-work-with-Rust-1.9.patch
  0003-Patch-glsl-optimizer-to-build-with-glibc-2.43.patch
  0004-Bug-2023597-Use-wasm32-wasip1-target-for-clang-22.1-.patch
)

echo "==> Fetching companion source files"
for f in "${COMPANIONS[@]}"; do
  if [[ ! -f "$f" ]]; then
    echo "    -> $f"
    curl -fsSL -o "$f" "$GITLAB_BASE/$f"
  fi
done

echo "==> Copying our patch"
cp "$PATCH_SRC" "$PATCH_NAME"

echo "==> Generating overlayed PKGBUILD"
cp PKGBUILD.upstream PKGBUILD

# 1. Bump pkgrel to mark the build
sed -i 's/^pkgrel=1$/pkgrel=1.1/' PKGBUILD

# 2. Add aarch64 to arch=()
sed -i 's/^arch=(x86_64)$/arch=(x86_64 aarch64)/' PKGBUILD

# 3. Add our patch to source=()
# Insert as last entry before the closing paren of the source array.
sed -i "/^  0004-Bug-2023597-Use-wasm32-wasip1-target-for-clang-22.1-\.patch$/a\\  $PATCH_NAME" PKGBUILD

# 4. Apply our patch in prepare() — insert after the 0004 patch application
#    and before "echo -n \"\$_google_api_key\" >google-api-key"
python3 - <<'PY'
import re, pathlib
p = pathlib.Path("PKGBUILD")
text = p.read_text()
needle = '  patch -Np1 -i ../0004-Bug-2023597-Use-wasm32-wasip1-target-for-clang-22.1-.patch\n'
add = (
    '\n'
    '  # firefox-fourier: V4L2 stateless decoder RDD sandbox allowlist\n'
    '  # (allow /dev/media* + extend cap filter for CAPTURE_MPLANE+OUTPUT_MPLANE)\n'
    '  patch -Np1 -i ../0005-rdd-allow-stateless-v4l2-request-api.patch\n'
)
if needle in text and '0005-rdd-allow-stateless-v4l2-request-api.patch' not in text.split('source=(')[1].split(')')[0] + text.split('prepare()')[1].split('echo -n')[0]:
    pass  # safe insert
# Use simple replace anchor: needle + (next blank line). Insert add block right after needle.
new_text = text.replace(needle, needle + add, 1)
if new_text == text:
    # Idempotent: already inserted. No-op.
    pass
else:
    p.write_text(new_text)
PY

# 5. (was: --enable-v4l2). Mozilla 150 has NO --enable-v4l2 configure flag.
#    `MOZ_ENABLE_V4L2` is auto-defined in toolkit/moz.configure when:
#       target.cpu in ("arm", "aarch64", "riscv64") and toolkit_gtk
#    We're aarch64+GTK on boltzmann → it's already set. No edit needed here.
#    Adding `ac_add_options --enable-v4l2` causes:
#       mozbuild.configure.options.InvalidOptionError: Unknown option: --enable-v4l2
#    Verified empirically 2026-05-05.

# 6. Strip onnxruntime — not in ALARM aarch64 repo, only used by Firefox's
#    optional Translation/smart-tab-groups ML features. Not on the V4L2
#    decode path; iter3 success criterion does not require it.
#    Remove from makedepends, optdepends, and the package() symlink chunk.
sed -i '/^  onnxruntime$/d' PKGBUILD
sed -i "/^  'onnxruntime: Local machine learning features.*'$/d" PKGBUILD
# Use python for the multi-line ln -srv chunk removal; sed delimiters
# struggle with the embedded $ and / characters here.
python3 - <<'PY'
import re, pathlib
p = pathlib.Path("PKGBUILD")
text = p.read_text()
new = re.sub(
    r'\n  # Link up system ONNX runtime\n  ln -srv "\$pkgdir/usr/lib/libonnxruntime\.so" -t "\$appdir"\n',
    '\n', text)
if new != text:
    p.write_text(new)
PY

# Sanity-check: every edit landed
echo "==> Validating PKGBUILD edits"
grep -q '^pkgrel=1.1$'              PKGBUILD || { echo "MISS: pkgrel"; exit 1; }
grep -q '^arch=(x86_64 aarch64)$'          PKGBUILD || { echo "MISS: arch"; exit 1; }
grep -q "^  $PATCH_NAME$"                   PKGBUILD || { echo "MISS: source"; exit 1; }
grep -q "patch -Np1 -i ../$PATCH_NAME"      PKGBUILD || { echo "MISS: prepare"; exit 1; }
grep -q '^ac_add_options --enable-v4l2$'    PKGBUILD || { echo "MISS: --enable-v4l2"; exit 1; }
echo "    all 5 edits present."

echo "==> updpkgsums (regenerate sha256sums + b2sums for our new patch)"
updpkgsums

echo "==> bash -n PKGBUILD"
bash -n PKGBUILD

echo "==> Diff vs upstream"
diff -u PKGBUILD.upstream PKGBUILD || true

cat <<EOF

Bootstrap complete. Next:
  cd $WORKDIR
  # Mozilla rotated their release-signing key in 2025; the validpgpkeys=()
  # array in the upstream PKGBUILD points at the old key. Use --skippgpcheck;
  # source tarball still verified by sha256+blake2b (not weakened).
  nohup makepkg --syncdeps --skippgpcheck --noconfirm --nocheck \\
    > build.log 2>&1 < /dev/null &
  disown

  # ~1.5–2.5h on boltzmann RK3588 (cortex-A76 cluster).
  # Watch progress: tail -f build.log
  # On finish: ls -la *.pkg.tar.zst
EOF