#!/usr/bin/make -f

# Enable all hardening options
export DEB_BUILD_MAINT_OPTIONS = hardening=+all

# Cargo build options
export CARGO_HOME = $(CURDIR)/debian/.cargo
export CARGO_TARGET_DIR = $(CURDIR)/target/debian

# Determine architecture-specific PAM path
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
PAM_MODULE_DIR = /lib/$(DEB_HOST_MULTIARCH)/security

%:
	dh $@

override_dh_auto_clean:
	cargo clean --target-dir $(CARGO_TARGET_DIR) || true
	$(MAKE) -C pam-module clean || true
	rm -rf debian/.cargo

override_dh_auto_configure:
	mkdir -p $(CARGO_HOME)
	@echo "[net]" > $(CARGO_HOME)/config.toml
	@echo "offline = false" >> $(CARGO_HOME)/config.toml

override_dh_auto_build:
	# Build Rust binaries in release mode
	cargo build --release --target-dir $(CARGO_TARGET_DIR) \
		--package linux-hello-daemon \
		--package linux-hello-cli
	# Build PAM module
	$(MAKE) -C pam-module CFLAGS="$(CFLAGS) -fPIC" LDFLAGS="$(LDFLAGS)"

override_dh_auto_test:
	# Run Rust tests (skip integration tests that need hardware)
	cargo test --release --target-dir $(CARGO_TARGET_DIR) \
		--package linux-hello-common \
		--package linux-hello-daemon \
		--package linux-hello-cli \
		-- --skip integration || true

override_dh_auto_install:
	# Install daemon
	install -D -m 755 $(CARGO_TARGET_DIR)/release/linux-hello-daemon \
		debian/linux-hello-daemon/usr/libexec/linux-hello-daemon
	# Install CLI
	install -D -m 755 $(CARGO_TARGET_DIR)/release/linux-hello \
		debian/linux-hello/usr/bin/linux-hello
	# Install PAM module to architecture-specific directory
	install -D -m 755 pam-module/pam_linux_hello.so \
		debian/libpam-linux-hello$(PAM_MODULE_DIR)/pam_linux_hello.so
	# Install configuration
	install -D -m 644 dist/config.toml \
		debian/linux-hello-daemon/etc/linux-hello/config.toml
	# Install systemd service
	install -D -m 644 dist/linux-hello.service \
		debian/linux-hello-daemon/lib/systemd/system/linux-hello.service
	# Install PAM configuration template (NOT auto-configured - dangerous!)
	install -D -m 644 debian/pam-config.example \
		debian/libpam-linux-hello/usr/share/doc/libpam-linux-hello/pam-config.example
	# Create state directories (actual permissions set in postinst)
	install -d -m 755 debian/linux-hello-daemon/var/lib/linux-hello

override_dh_installsystemd:
	dh_installsystemd --package=linux-hello-daemon --name=linux-hello

override_dh_fixperms:
	dh_fixperms
	# Config file should be readable
	chmod 644 debian/linux-hello-daemon/etc/linux-hello/config.toml || true

.PHONY: override_dh_auto_clean override_dh_auto_configure override_dh_auto_build \
        override_dh_auto_test override_dh_auto_install override_dh_installsystemd \
        override_dh_fixperms