#!/usr/bin/ash
#
# SPDX-License-Identifier: GPL-3.0-or-later

# args: source, newroot, mountpoint
_mnt_dmsnapshot() {
    local img="${1}"
    local newroot="${2}"
    local mnt="${3}"
    local img_fullname="${img##*/}"
    local img_name="${img_fullname%%.*}"
    local dm_snap_name="${dm_snap_prefix}_${img_name}"
    local ro_dev ro_dev_size rw_dev

    ro_dev="$(losetup --find --show --read-only -- "${img}")"
    ro_dev_size="$(blockdev --getsz "${ro_dev}")"

    if [ "${cow_persistent}" = "P" ]; then
        if [ -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow" ]; then
            msg ":: Found '/run/archiso/cowspace/${cow_directory}/${img_name}.cow', using as persistent."
        else
            msg ":: Creating '/run/archiso/cowspace/${cow_directory}/${img_name}.cow' as persistent."
            truncate -s "${cow_spacesize}" "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
        fi
    else
        if [ -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow" ]; then
            msg ":: Found '/run/archiso/cowspace/${cow_directory}/${img_name}.cow' but non-persistent requested, removing."
            rm -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
        fi
        msg ":: Creating '/run/archiso/cowspace/${cow_directory}/${img_name}.cow' as non-persistent."
        truncate -s "${cow_spacesize}" "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
    fi

    rw_dev="$(losetup --find --show "/run/archiso/cowspace/${cow_directory}/${img_name}.cow")"

    dmsetup create "${dm_snap_name}" --table \
        "0 ${ro_dev_size} snapshot ${ro_dev} ${rw_dev} ${cow_persistent} ${cow_chunksize}"

    if [ "${cow_persistent}" != "P" ]; then
        rm -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
    fi

    _mnt_dev "/dev/mapper/${dm_snap_name}" "${newroot}${mnt}" "-w" "defaults"
}

# args: source, newroot, mountpoint
_mnt_overlayfs() {
    local src="${1}"
    local newroot="${2}"
    local mnt="${3}"
    mkdir -p "/run/archiso/cowspace/${cow_directory}/upperdir" "/run/archiso/cowspace/${cow_directory}/workdir"
    mount -t overlay -o \
        "lowerdir=${src},upperdir=/run/archiso/cowspace/${cow_directory}/upperdir,workdir=/run/archiso/cowspace/${cow_directory}/workdir" \
        airootfs "${newroot}${mnt}"
}

# args: /path/to/image_file, mountpoint
_mnt_fs() {
    local img="${1}"
    local mnt="${2}"
    local img_fullname="${img##*/}"
    local img_loopdev

    # shellcheck disable=SC2154
    # defined via initcpio's parse_cmdline()
    if [ "${copytoram}" = "y" ]; then
        msg -n ":: Copying rootfs image to RAM..."

        # in case we have pv use it to display copy progress feedback otherwise
        # fallback to using plain cp
        if command -v pv >/dev/null 2>&1; then
            echo ""
            (pv "${img}" -o "/run/archiso/copytoram/${img_fullname}")
            local rc=$?
        else
            (cp -- "${img}" "/run/archiso/copytoram/${img_fullname}")
            local rc=$?
        fi

        if [ "$rc" != 0 ]; then
            echo "ERROR: while copy '${img}' to '/run/archiso/copytoram/${img_fullname}'"
            launch_interactive_shell
        fi

        img="/run/archiso/copytoram/${img_fullname}"
        msg "done."
    fi
    img_loopdev="$(losetup --find --show --read-only -- "${img}")"
    _mnt_dev "${img_loopdev}" "${mnt}" "-r" "defaults"
}

# args: device, mountpoint, flags, opts
_mnt_dev() {
    local dev="${1}"
    local mnt="${2}"
    local flg="${3}"
    local opts="${4}"
    local resolved_dev rootdelay

    msg ":: Mounting '${dev}' to '${mnt}'"

    rootdelay="$(getarg rootdelay 30)"
    while ! resolved_dev="$(resolve_device "${dev}")"; do
        echo "ERROR: '${dev}' device did not show up after ${rootdelay:-30} seconds..."
        echo "   Falling back to interactive prompt"
        echo "   You can try to fix the problem manually, log out when you are finished"
        launch_interactive_shell
    done

    # If the tag is supported by mount, pass it as is. Otherwise, use the resolved device path.
    case "${dev}" in
        'UUID='* | 'LABEL='* | 'PARTUUID='* | 'PARTLABEL='*) : ;;
        *) dev="${resolved_dev}" ;;
    esac
    if mount --mkdir -o "${opts}" "${flg}" "${dev}" "${mnt}"; then
        msg ":: Device '${dev}' mounted successfully."
    else
        echo "ERROR; Failed to mount '${dev}'"
        echo "   Falling back to interactive prompt"
        echo "   You can try to fix the problem manually, log out when you are finished"
        launch_interactive_shell
    fi
}

_search_for_archisodevice() {
    local search_dev rootdelay

    rootdelay="$(getarg rootdelay 4)"
    # First try searching for a UUID matching $archisosearchuuid
    if [ -n "$archisosearchuuid" ] && archisodevice="$(resolve_device "UUID=${archisosearchuuid}")"; then
        return 0
    fi

    install -dm755 /archisosearch
    # Search for $archisosearchfilename in all available block devices. First in removable devices and then in
    # non-removable devices.
    for search_dev in $(lsblk -no PATH -Q 'RM == 1 && ( TYPE == "part" || TYPE == "rom" )') \
        $(lsblk -no PATH -Q 'RM == 0 && ( TYPE == "part" || TYPE == "rom" )'); do
        if [ ! -b "$search_dev" ]; then
            continue
        fi
        msg ":: Searching for '${archisosearchfilename}' in '${search_dev}'"
        umount /archisosearch 2>/dev/null
        if mount -r "$search_dev" /archisosearch 2>/dev/null; then
            if [ -e "/archisosearch${archisosearchfilename}" ]; then
                archisodevice="$search_dev"
                break
            fi
        fi
    done
    umount /archisosearch 2>/dev/null
    rmdir /archisosearch

    if [ -b "$archisodevice" ]; then
        return 0
    else
        if [ -n "$archisosearchuuid" ]; then
            msg "ERROR: Device '${archisosearchuuid}' not found"
        else
            msg "ERROR: No device containing the file '${archisosearchfilename}' found"
        fi
        launch_interactive_shell
    fi
}

_verify_checksum() {
    local _status
    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
    sha512sum -c airootfs.sha512 >/tmp/checksum.log 2>&1
    _status=$?
    cd -- "${OLDPWD}" || exit 1
    return "${_status}"
}

_verify_signature() {
    local _status
    local sigfile="${1}"
    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
    gpg --homedir /gpg --status-fd 1 --verify "${sigfile}" 2>/dev/null | grep -E '^\[GNUPG:\] GOODSIG'
    _status=$?
    cd -- "${OLDPWD}" || exit 1
    return "${_status}"
}

_verify_cms_signature() {
    # Note: There is an "issue" with openssl.
    # Which requires emailProtection in extended key usage on the code signing certificate.
    # See: https://github.com/openssl/openssl/issues/17134
    local _status
    local cms_sigfile="${1}"
    local bootfile="${2}"
    local certfile="/codesign.crt"
    local cafile="/codesign_CA.crt"

    # Use the signer certificate as the CA certificate to allow validating with self-signed certificates.
    if [ ! -e "$cafile" ]; then
        cafile="$certfile"
    fi

    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
    # "-purpose any" can be removed once the issue mentioned above is fixed.
    openssl cms \
        -verify \
        -binary \
        -noattr \
        -nointern \
        -purpose any \
        -in "${cms_sigfile}" \
        -content "${bootfile}" \
        -inform DER \
        -out /dev/null \
        -certfile "$certfile" \
        -CAfile "$cafile"
    _status=$?
    cd -- "${OLDPWD}" || exit 1
    return "${_status}"
}

run_hook() {
    arch="$(getarg 'arch' "$(uname -m)")"
    copytoram="$(getarg 'copytoram' 'auto')"
    copytoram_size="$(getarg 'copytoram_size' '75%')"
    archisobasedir="$(getarg 'archisobasedir' 'arch')"
    dm_snap_prefix="$(getarg 'dm_snap_prefix' 'arch')"
    archisolabel="$(getarg 'archisolabel')"
    if [ -n "$archisolabel" ]; then
        archisodevice="$(getarg 'archisodevice' "/dev/disk/by-label/${archisolabel}")"
    else
        archisodevice="$(getarg 'archisodevice')"
    fi
    cow_spacesize="$(getarg 'cow_spacesize' '256M')"
    archisosearchuuid="$(getarg 'archisosearchuuid')"
    if [ -n "$archisosearchuuid" ]; then
        archisosearchfilename="$(getarg 'archisosearchfilename' "/boot/${archisosearchuuid}.uuid")"
    else
        archisosearchfilename="$(getarg 'archisosearchfilename')"
    fi

    cow_label="$(getarg 'cow_label')"
    cow_device="$(getarg 'cow_device')"
    if [ -n "${cow_label}" ]; then
        cow_device="$(getarg 'cow_device' "/dev/disk/by-label/${cow_label}")"
        cow_persistent="$(getarg 'cow_persistent' 'P')"
    elif [ -n "${cow_device}" ]; then
        cow_persistent="$(getarg 'cow_persistent' 'P')"
    else
        cow_persistent="$(getarg 'cow_persistent' 'N')"
    fi

    cow_flags="$(getarg 'cow_flags' 'defaults')"
    cow_directory="$(getarg 'cow_directory' "persistent_${archisolabel}/${arch}")"
    cow_chunksize="$(getarg 'cow_chunksize' '8')"

    # set mount handler for archiso
    export mount_handler="archiso_mount_handler"
}

# This function is called normally from init script, but it can be called
# as chain from other mount handlers.
# args: /path/to/newroot
archiso_mount_handler() {
    local newroot="${1}"
    local sigfile cms_sigfile fs_img fs_img_size iso_blockdev

    if [ -n "$archisosearchfilename" ]; then
        _search_for_archisodevice
    fi

    if ! mountpoint -q "/run/archiso/bootmnt"; then
        _mnt_dev "${archisodevice}" "/run/archiso/bootmnt" "-r" "defaults"
    fi

    # We need this block at the top for early failure
    # but also to be able to give the fs_img to CMS verification.
    # (sha512sum files contain the image, CMS files does not)
    if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs" ]; then
        fs_img="/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs"
    elif [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.erofs" ]; then
        fs_img="/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.erofs"
    else
        echo "ERROR: no root file system image found"
        launch_interactive_shell
    fi

    if [ "$(getarg 'checksum')" = "y" ]; then
        if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]; then
            msg ":: Self-test requested, please wait..."
            if _verify_checksum; then
                msg "Checksum is OK, continue booting."
            else
                echo "ERROR: one or more files are corrupted"
                echo "see /tmp/checksum.log for details"
                launch_interactive_shell
            fi
        else
            echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.sha512 not found"
            launch_interactive_shell
        fi
    fi

    if [ "$(getarg 'verify')" = "y" ]; then
        if ! command -v gpg >/dev/null 2>&1; then
            echo 'ERROR: verify=y option specified but the gpg binary is not available in initramfs'
            launch_interactive_shell
        fi

        if [ -f "${fs_img}.sig" ]; then
            sigfile="${fs_img##*/}.sig"

            msg ":: Signature verification requested, please wait..."
            if _verify_signature "${sigfile}"; then
                msg "Signature is OK, continue booting."
            else
                echo "ERROR: one or more files are corrupted"
                launch_interactive_shell
            fi
        else
            echo "ERROR: verify=y option specified but GPG signature not found in ${archisobasedir}/${arch}/"
            launch_interactive_shell
        fi
    fi

    if [ "$(getarg 'cms_verify')" = "y" ]; then
        if [ -f "${fs_img}.cms.sig" ]; then
            cms_sigfile="${fs_img##*/}.cms.sig"

            msg ":: Signature verification requested, please wait..."
            if _verify_cms_signature "${cms_sigfile}" "${fs_img}"; then
                msg "Signature is OK, continue booting."
            else
                echo "ERROR: one or more files are corrupted"
                launch_interactive_shell
            fi
        else
            echo "ERROR: cms_verify=y option specified but CMS signature not found in ${archisobasedir}/${arch}/"
            launch_interactive_shell
        fi
    fi

    # Enable copytoram if the following conditions apply:
    # * the root file system image is not on an optical disc drive,
    # * the root file system image size is less than 4 GiB,
    # * the estimated available memory is more than the root file system image size + 2 GiB.
    if [ "${copytoram}" = "auto" ]; then
        iso_blockdev="$(realpath "$(resolve_device "$archisodevice")")"
        if [ "$iso_blockdev" = "${iso_blockdev##/dev/sr}" ]; then
            fs_img_size="$(du -bsk "$fs_img" | cut -f 1)"
            if [ "$fs_img_size" -lt 4194304 ] && [ "$(awk '$1 == "MemAvailable:" { print $2 }' /proc/meminfo)" -gt $((fs_img_size + 2097152)) ]; then
                copytoram="y"
            fi
        fi
    fi
    if [ "${copytoram}" = "y" ]; then
        msg ":: Mounting /run/archiso/copytoram (tmpfs) filesystem, size=${copytoram_size}"
        mount --mkdir -t tmpfs -o "size=${copytoram_size}",mode=0755 copytoram /run/archiso/copytoram
    fi

    if [ -n "${cow_device}" ]; then
        # Mount cow_device read-only at first and remount it read-write right after. This prevents errors when the
        # device is already mounted read-only somewhere else (e.g. if cow_device and archisodevice are the same).
        _mnt_dev "${cow_device}" "/run/archiso/cowspace" "-r" "${cow_flags}"
        mount -o remount,rw "/run/archiso/cowspace"
    else
        msg ":: Mounting /run/archiso/cowspace (tmpfs) filesystem, size=${cow_spacesize}..."
        mount --mkdir -t tmpfs -o "size=${cow_spacesize}",mode=0755 cowspace /run/archiso/cowspace
    fi
    mkdir -p "/run/archiso/cowspace/${cow_directory}"
    chmod 0700 "/run/archiso/cowspace/${cow_directory}"

    _mnt_fs "${fs_img}" "/run/archiso/airootfs"
    if [ -f "/run/archiso/airootfs/airootfs.img" ]; then
        _mnt_dmsnapshot "/run/archiso/airootfs/airootfs.img" "${newroot}" "/"
    else
        _mnt_overlayfs "/run/archiso/airootfs" "${newroot}" "/"
    fi

    if [ "${copytoram}" = "y" ]; then
        umount -d /run/archiso/bootmnt
        rmdir /run/archiso/bootmnt
    fi
}

# vim: set ft=sh:
