#!/bin/bash
set -e

CDIR=$(cd `dirname "$0"`/.. && pwd)
cd "$CDIR"

ORG_PATH="github.com/cloudflare"
REPO_PATH="${ORG_PATH}/cfssl"

relabel() {
  chcon -R -t "${1}" "${CDIR}"
}

if [ -z "$1" ]; then
    OS_PLATFORM_ARG=(-os="darwin linux windows")
else
    OS_PLATFORM_ARG=($1)
fi

if [ -z "$2" ]; then
    OS_ARCH_ARG=(-arch="386 amd64 arm ppc64le")
else
    OS_ARCH_ARG=($2)
fi

# Build Docker image unless we opt out of it
if [[ -z "$SKIP_BUILD" ]]; then
    docker build --build-arg HTTP_PROXY=${HTTP_PROXY} --build-arg HTTPS_PROXY=${HTTPS_PROXY} -t cfssl-build -f Dockerfile.build .
fi

# Temporarily change SELinux context of build directory
if [[ "$(command getenforce 2>&1)" == "Enforcing" ]]; then
  USER_CONTEXT="$(getfattr --only-values -n security.selinux "${CDIR}" | awk -F':' '{ print $3 }')"
  CONTAINER_CONTEXT="svirt_sandbox_file_t"

  trap "relabel '${USER_CONTEXT}'" EXIT
  relabel "${CONTAINER_CONTEXT}"
fi

# Get rid of existing binaries
rm -f *-386
rm -f *-amd64
rm -f dist/*
docker run --rm -v "${CDIR}":/go/src/${REPO_PATH} -u $(id -u):$(id -g) cfssl-build "${OS_PLATFORM_ARG[@]}" "${OS_ARCH_ARG[@]}" -output="dist/{{.Dir}}_{{.OS}}-{{.Arch}}" -ldflags="-w" ./cmd/...
