#!/bin/bash

# called by dracut
check() {
	local fs

	# Fix tmpfiledir
	#XXX: fix installation of /usr/lib/tmpfileS.d/{dracut-tmpfiles,systemd}.conf
	#XXX: should be removed when bug 18642 (mageia) or 1343230 (fedora) will be fixed in /usr/bin/dracut +1262-1282
	[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /usr/lib/tmpfiles.d ] && tmpfilesdir=/usr/lib/tmpfiles.d
	[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /etc/tmpfiles.d ] && tmpfilesdir=/etc/tmpfiles.d
	[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /lib/tmpfiles.d ] && tmpfilesdir=/lib/tmpfiles.d

	# if cryptsetup is not installed, then we cannot support encrypted devices.
	require_binaries cryptsetup || return 1

	# if hostonly or mount_needs include if required by other module
	# if one of fs types is crypto_LUKS include it
	[[ $hostonly ]] || [[ $mount_needs ]] && {
		for fs in "${host_fs_types[@]}"; do
			[[ $fs = "crypto_LUKS" ]] && return 0
		done
		return 255
	}

	return 0
}

# called by dracut
depends() {
	# depend on crypt for /etc/crypttab
	# depend on systemd-networkd for ip=dhcp and rd.neednet=1
	# depend on dracut-systemd for appending to $tmpfilesdir/dracut-tmpfiles.conf
	echo crypt systemd-networkd dracut-systemd
	return 0
}

# called by dracut
cmdline() {
	local fs
	for fs in "${host_fs_types[@]}"; do
		if [[ "$fs" == "crypto_LUKS" ]]; then
			printf "%s" " ip=dhcp rd.neednet=1"
			break
		fi
	done
}

# called by dracut
install() {
	local _ihttpdconf=$(cmdline)
	local fs
	[[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"

	# Install cert dirs
	inst_dir /etc/pki/tls/certs
	inst_dir /etc/pki/tls/private
	inst_dir /etc/systemd/network
	inst_dir /var/www/html
	inst_dir $systemdsystemunitdir/ihttpd.service.wants

	# Install favicon
	inst_simple -o /var/www/html/favicon.ico

	# Install network
	for nc in `ls /etc/systemd/network/`; do
		inst_simple /etc/systemd/network/$nc
	done

	# Install index.bin
	inst_simple /usr/lib/ihttpd/index.bin /var/www/html/index.bin

	# Install reboot.bin
	inst_simple /usr/lib/ihttpd/reboot.bin /var/www/html/reboot.bin

	# Install all files
	inst_multiple \
		/etc/hosts \
		/etc/mime.types \
		/etc/localtime \
		/etc/nsswitch.conf \
		/etc/ihttpd.conf \
		/etc/pki/tls/certs/ihttpd.pem \
		/etc/pki/tls/private/ihttpd.pem \
		$tmpfilesdir/ihttpd.conf \
		$systemdsystemunitdir/ihttpd.path \
		$systemdsystemunitdir/ihttpd.service \
		$systemdsystemunitdir/systemd-networkd.service \
		$systemdsystemunitdir/systemd-tmpfiles-setup.service \
		'/usr/bin/false' \
		'/usr/bin/reboot' \
		/usr/sbin/ihttpd

	# Install sshd dirs
	inst_dir \
		/etc/pam.d \
		/etc/profile.d \
		/etc/security \
		/etc/ssh \
		/etc/sysconfig \
		$systemdsystemunitdir/basic.target.wants \
		$systemdsystemunitdir/emergency.target.wants \
		$systemdsystemunitdir/rescue.target.wants \
		$systemdsystemunitdir/sysinit.target.wants \
		/usr/lib64/security \
		/usr/share/terminfo/x \
		/var/empty

	# Install sshd files
	inst_multiple \
		/etc/bashrc \
		/etc/environment \
		/etc/gshadow \
		/etc/pam.d/sshd \
		/etc/pam.d/system-auth \
		/etc/profile.d/*.sh \
		/etc/security/limits.conf \
		/etc/security/pam_env.conf \
		/etc/shadow \
		/etc/ssh/denyusers \
		/etc/ssh/moduli \
		/etc/ssh/ssh_config \
		/etc/ssh/sshd_config \
		/etc/ssh/ssh_host_* \
		/root/.bash_profile \
		/root/.bashrc \
		/usr/bin/cat \
		/usr/bin/id \
		'/usr/bin/kill' \
		/usr/bin/ps \
		/usr/lib64/security/pam_cracklib.so \
		/usr/lib64/security/pam_deny.so \
		/usr/lib64/security/pam_env.so \
		/usr/lib64/security/pam_keyinit.so \
		/usr/lib64/security/pam_limits.so \
		/usr/lib64/security/pam_listfile.so \
		/usr/lib64/security/pam_nologin.so \
		/usr/lib64/security/pam_succeed_if.so \
		/usr/lib64/security/pam_systemd.so \
		/usr/lib64/security/pam_tcb.so \
		/usr/sbin/sshd \
		/usr/share/terminfo/x/*

	# Disable pam
	#perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
	perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"

	# Sshd shell service
	#XXX: KillMode=none is required to avoid sshd process getting killed in control group after parent fork
	cat << EOF > $initdir$systemdsystemunitdir/debug-sshd.service
# Based on /usr/lib/systemd/system/debug-shell.service
[Unit]
Description=Early sshd shell FOR DEBUGGING ONLY
DefaultDependencies=no
AllowIsolate=no
IgnoreOnIsolate=yes

[Service]
Type=simple
KillMode=none
ExecStart=@/usr/sbin/sshd /usr/sbin/sshd -e

[Install]
WantedBy=sysinit.target
EOF

	# Install in sysinit.target.wants
	ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/

	# Install sshd user and group
	`grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
	`grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"

	# Install ihttpd.path
	ln -fs ../ihttpd.path $initdir$systemdsystemunitdir/sysinit.target.wants/

	# Install resolv.conf as resolved service
	#TODO: change this to have a content or depend on systemd-resolved
	if [ -L /etc/resolv.conf ]; then

		# Install systemd-resolved
		if [ `readlink /etc/resolv.conf` = '/run/systemd/resolve/resolv.conf' ]; then

			# Install resolv.conf as symlink
			ln -fs '/run/systemd/resolve/resolv.conf' $initdir/etc/resolv.conf

			# Install systemd-resolved
			inst_multiple \
				$systemdsystemunitdir/systemd-resolved.service \
				$systemdutildir/systemd-resolved \
				/etc/systemd/resolved.conf

			# Require systemd-resolve user and group for our ihttpd process
			`egrep -q '^systemd-resolve:' $initdir/etc/group` || egrep '^systemd-resolve:' /etc/group >> "$initdir/etc/group"
			`egrep -q '^systemd-resolve:' $initdir/etc/passwd` || egrep '^systemd-resolve:' /etc/passwd >> "$initdir/etc/passwd"

			# Install in ihttpd.service.wants
			ln -fs ../systemd-resolved.service $initdir$systemdsystemunitdir/ihttpd.service.wants/

			# Cleanup resolved.conf
			perl -pne 'undef $_ if /^(?:#.*|Domains=|FallbackDNS=|DNS=(?:127.0.0.1|::1)$|$)/;/^DNS=/ && $_ =~ s/(?:127.0.0.1|::1)[ \t]*//g' \
				-i "$initdir/etc/systemd/resolved.conf"

			# Cleanup systemd-resolved.service
			perl -pne 'undef $_ if /^(?:#|(?:Wants|After)=org\.freedesktop\.resolve1\.busname)/' \
				-i "$initdir$systemdsystemunitdir/systemd-resolved.service"

		# Try install the target file
		else
			inst_simple /etc/resolv.conf
		fi

	# Install resolv.conf as file
	elif [ -e /etc/resolv.conf ]; then

		# Install resolv.conf as file
		inst_simple /etc/resolv.conf

		# Cleanup resolv.conf
		#XXX: strip search, localhost and ipv6
		perl -pne 'undef $_ if /^(?:#.*|search\s+|nameserver\s+127.0.0.1|nameserver\s+[^:\s]+:[^\s]+|$)/' \
			-i "$initdir/etc/resolv.conf"

	# Touch resolv.conf file
	else
		# We did what we could
		touch "$initdir/etc/resolv.conf"
	fi

	# Install ihttpd log
	ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/

	# Install in ihttpd.service.wants
	ln -fs ../systemd-networkd.service $initdir$systemdsystemunitdir/ihttpd.service.wants/
	ln -fs ../systemd-tmpfiles-setup.service $initdir$systemdsystemunitdir/ihttpd.service.wants/

	# Include all ihttpd deps
	inst_libdir_file \
		"ld-linux-*.so.*" \
		"libapr-1.so.*" \
		"libaprutil-1.so.*" \
		"libcrypto.so.*" \
		"libcrypt.so.*" \
		"libc.so.*" \
		"libdb-*.so" \
		"libdl.so.*" \
		"libexpat.so.*" \
		"libnsl.so.*" \
		"libpcre.so.*" \
		"libpthread.so.*" \
		"libresolv.so.*" \
		"librt.so.*" \
		"libuuid.so.*" \
		"libz.so.*" \
		"libnss_files.so.*" \
		"libnss_dns.so.*" \
		"libnss_myhostname.so.*" \
		{"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*" 

	# Cleanup nsswitch.conf
	if [ -f "$initdir/etc/nsswitch.conf" ]; then
		perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
			-i "$initdir/etc/nsswitch.conf"
	fi

	# Cleanup systemd-networkd.service
	if [ -f "$initdir$systemdsystemunitdir/systemd-networkd.service" ]; then
		perl -pne 'undef $_ if /^(?:#|(?:Wants|After)=org\.freedesktop\.network1\.busname)/;s/^After=(systemd-udevd.service )dbus.service network-pre.target systemd-sysusers.service /After=\1/' \
			-i "$initdir$systemdsystemunitdir/systemd-networkd.service"
	fi

	# Cleanup systemd-tmpfiles-setup.service
	if [ -f "$initdir$systemdsystemunitdir/systemd-tmpfiles-setup.service" ]; then
		perl -pne 'undef $_ if /^#/;s/After=(.*) systemd-sysusers.service/After=\1/' \
			-i "$initdir$systemdsystemunitdir/systemd-tmpfiles-setup.service"
	fi

	#XXX: bug: fix /usr/lib/tmpfiles.d/{systemd,dracut-tmpfiles}.conf missing user and group
	`egrep -q '^utmp:' $initdir/etc/group` || egrep '^utmp:' /etc/group >> "$initdir/etc/group"
	# Require root user and group for our ihttpd process
	`egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
	`egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"
}