#!/bin/bash

# called by dracut
check() {
	local fs

	# Fix tmpfiledir
	#XXX: fix installation of /usr/lib/tmpfileS.d/{dracut-tmpfiles,systemd}.conf
	#XXX: should be removed when bug 18642 (mageia) or 1343230 (fedora) will be fixed in /usr/bin/dracut +1262-1282
	[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /usr/lib/tmpfiles.d ] && tmpfilesdir=/usr/lib/tmpfiles.d
	[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /etc/tmpfiles.d ] && tmpfilesdir=/etc/tmpfiles.d
	[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /lib/tmpfiles.d ] && tmpfilesdir=/lib/tmpfiles.d

	# if cryptsetup is not installed, then we cannot support encrypted devices.
	require_binaries cryptsetup || return 1

	# if hostonly or mount_needs include if required by other module
	# if one of fs types is crypto_LUKS include it
	[[ $hostonly ]] || [[ $mount_needs ]] && {
		for fs in "${host_fs_types[@]}"; do
			[[ $fs = "crypto_LUKS" ]] && return 0
		done
		return 255
	}

	return 0
}

# called by dracut
depends() {
	# depend on crypt for /etc/crypttab
	# depend on systemd-networkd for rd.neednet=1
	# depend on dracut-systemd for appending to $tmpfilesdir/dracut-tmpfiles.conf
	echo crypt systemd-networkd dracut-systemd
	return 0
}

# called by dracut
cmdline() {
	local fs
	for fs in "${host_fs_types[@]}"; do
		if [[ "$fs" == "crypto_LUKS" ]]; then
			#XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration)
			printf "%s" " rd.neednet=1"
			break
		fi
	done
}

# called by dracut
install() {
	local _ihttpdconf=$(cmdline)
	local fs
	#XXX: rd.neednet=1 is mandatory to have active network in initrd
	[[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"

	# Install cert dirs
	inst_dir \
		/etc/pki/tls/certs \
		/etc/pki/tls/private \
		/etc/systemd/network \
		$systemdsystemunitdir/ihttpd.service.wants \
		/var/www/html

	# Install all files
	#XXX: force cryptsetup install until systemd-cryptsetup implement a method that don't rely on password ending with \0
	inst_multiple \
		/etc/hosts \
		/etc/localtime \
		/etc/mime.types \
		/etc/nsswitch.conf \
		/etc/pki/tls/certs/ihttpd.pem \
		/etc/pki/tls/private/ihttpd.pem \
		/etc/systemd/resolved.conf \
		$systemdsystemunitdir/systemd-networkd.service \
		$systemdsystemunitdir/systemd-resolved.service \
		$systemdsystemunitdir/systemd-tmpfiles-setup.service \
		$systemdutildir/systemd-resolved \
		$tmpfilesdir/ihttpd.conf \
		'/sbin/cryptsetup' \
		'/usr/bin/false' \
		'/usr/bin/reboot' \
		'/usr/sbin/ihttpd'

	# Install favicon
	inst_simple -o /var/www/html/favicon.ico

	# Include all ihttpd deps
	inst_libdir_file \
		"ld-linux-*.so.*" \
		"libapr-1.so.*" \
		"libaprutil-1.so.*" \
		"libcrypto.so.*" \
		"libcrypt.so.*" \
		"libc.so.*" \
		"libdb-*.so" \
		"libdl.so.*" \
		"libexpat.so.*" \
		"libnsl.so.*" \
		"libpcre.so.*" \
		"libpthread.so.*" \
		"libresolv.so.*" \
		"librt.so.*" \
		"libuuid.so.*" \
		"libz.so.*" \
		"libnss_files.so.*" \
		"libnss_dns.so.*" \
		"libnss_myhostname.so.*" \
		{"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*" 

	# Install ihttpd.conf index.bin reboot.bin ihttpd.service
	for nc in /etc/ihttpd.conf /var/www/html/index.bin /var/www/html/reboot.bin $systemdsystemunitdir/ihttpd.service; do
		inst_simple /usr/lib/ihttpd/${nc##*/} $nc
	done

	# Force load of ihttpd.service
	ln -fs ../ihttpd.service $initdir$systemdsystemunitdir/sysinit.target.wants/

	# Copy systemd-networkd config
	for nc in `ls /etc/systemd/network/`; do
		inst_simple /etc/systemd/network/$nc
	done

	# Install resolv.conf as symlink
	ln -fs '/run/systemd/resolve/resolv.conf' $initdir/etc/resolv.conf

	# Install in ihttpd.service.wants
	ln -fs \
		../systemd-resolved.service \
		../systemd-networkd.service \
		../systemd-tmpfiles-setup.service \
		$initdir$systemdsystemunitdir/ihttpd.service.wants/

	# Cleanup resolved.conf
	perl -pne 'undef $_ if /^(?:#.*|Domains=|FallbackDNS=|DNS=(?:127.0.0.1|::1)$|$)/;/^DNS=/ && $_ =~ s/(?:127.0.0.1|::1)[ \t]*//g' \
		-i "$initdir/etc/systemd/resolved.conf"

	# Cleanup nsswitch.conf
	perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
		-i "$initdir/etc/nsswitch.conf"

	# Require systemd-resolve user and group for our ihttpd process
	`egrep -q '^systemd-resolve:' $initdir/etc/group` || egrep '^systemd-resolve:' /etc/group >> "$initdir/etc/group"
	`egrep -q '^systemd-resolve:' $initdir/etc/passwd` || egrep '^systemd-resolve:' /etc/passwd >> "$initdir/etc/passwd"
	#XXX: bug: fix /usr/lib/tmpfiles.d/{systemd,dracut-tmpfiles}.conf missing user and group
	`egrep -q '^utmp:' $initdir/etc/group` || egrep '^utmp:' /etc/group >> "$initdir/etc/group"
	# Require root user and group for our ihttpd process
	`egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
	`egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"

	# For debug only
	if false; then
		# Install ihttpd log
		ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/

		# Install sshd dirs
		inst_dir \
			/etc/pam.d \
			/etc/profile.d \
			/etc/security \
			/etc/ssh \
			/etc/sysconfig \
			$systemdsystemunitdir/basic.target.wants \
			$systemdsystemunitdir/emergency.target.wants \
			$systemdsystemunitdir/rescue.target.wants \
			$systemdsystemunitdir/sysinit.target.wants \
			/usr/lib64/security \
			/usr/share/terminfo/x \
			/var/empty

		# Install sshd files
		inst_multiple \
			/etc/bashrc \
			/etc/environment \
			/etc/gshadow \
			/etc/pam.d/sshd \
			/etc/pam.d/system-auth \
			/etc/profile.d/*.sh \
			/etc/security/limits.conf \
			/etc/security/pam_env.conf \
			/etc/shadow \
			/etc/ssh/denyusers \
			/etc/ssh/moduli \
			/etc/ssh/ssh_config \
			/etc/ssh/sshd_config \
			/etc/ssh/ssh_host_* \
			/root/.bash_profile \
			/root/.bashrc \
			/usr/bin/cat \
			/usr/bin/id \
			'/usr/bin/kill' \
			/usr/bin/ps \
			/usr/lib64/security/pam_cracklib.so \
			/usr/lib64/security/pam_deny.so \
			/usr/lib64/security/pam_env.so \
			/usr/lib64/security/pam_keyinit.so \
			/usr/lib64/security/pam_limits.so \
			/usr/lib64/security/pam_listfile.so \
			/usr/lib64/security/pam_nologin.so \
			/usr/lib64/security/pam_succeed_if.so \
			/usr/lib64/security/pam_systemd.so \
			/usr/lib64/security/pam_tcb.so \
			/usr/sbin/sshd \
			/usr/share/terminfo/x/*

		# Disable pam
		#perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
		perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"

		# Install debug sshd service
		inst_simple /usr/lib/ihttpd/debug-sshd.service $initdir$systemdsystemunitdir/debug-sshd.service

		# Install in sysinit.target.wants
		ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/

		# Install sshd user and group
		`grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
		`grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
	fi
}