#!/bin/sh

BOOTPARTSZ=512M
BOOTLABEL="antievilmaid"

if [ $# != 3 ] ; then
    echo
    echo "usage: $0 <target device> <target boot part #> <current boot dir>"
    echo "This will:"
    echo "0) Format your <target boot part>"
    echo "1) Install TrustedGRUB into <target device>'s MBR and <target boot partition>"
    echo "2) Copy your current boot images from <current boot dir> onto the <target boot partition>"
    echo "3) Copy some additional files needed for Anti Evil Maid onto <target boot partition>"
    echo
    echo "e.g. $0 /dev/sdc 1 /boot"
    echo
    echo "Note: <target boot part #> is counted from 1, which corresonds to /dev/sdX1, and so on."
    echo "Note: <target device> should typically be a removable device"
    echo "Note: You should ensure that <target boot part #> has bootable flag turned on (use e.g. fdisk)"
    echo
    exit 0
fi

ID=$(id -ur)
if [ $ID != 0 ] ; then
    echo "This script should be run as root."
    exit 1
fi

TARGET_DEV=$1
TARGET_BOOT_PARTNO=$2
CURRENT_BOOT_PART=$3

if ! [ -b $TARGET_DEV ] ; then
    echo Wrong target device: $TARGET_DEV
    exit 1
fi

if ! [ -d $CURRENT_BOOT_PART/grub2 ] ; then
    echo "$CURRENT_BOOT_PART doesn't seem to be a boot directory..."
    exit 1
fi

TARGET_PART=${TARGET_DEV}${TARGET_BOOT_PARTNO}
if ! [ -b $TARGET_PART ] ; then
    echo "Boot partition doesn't exist: $TARGET_PART!"
    exit 1
fi

devmm=`mountpoint --devno    "$TARGET_PART"`       || exit 1
dirmm=`mountpoint --fs-devno "$CURRENT_BOOT_PART"` || exit 1
if [ "$devmm" = "$dirmm" ]; then  # FIXME: fails on btrfs boot partitions
    alias external=false
    TYPE="the internal boot partition"
else
    alias external=true
    TYPE="an external device"
fi
echo "--> Looks like you're installing to $TYPE"

if external; then
    TMP_DIR=`mktemp -d /tmp/antievilmaid-XXXXXXX`

    echo "About to format device: $TARGET_PART..."
    echo "ALL DATA WILL BE ERASED on this partition!"
    echo -n "Type uppercase 'yes' in order to proceed... "

    read PROMPT
    if [ $PROMPT != "YES" ] ; then
        exit 1
    fi

    echo "--> Formatting as ext4..."
    mkfs.ext4 -q $TARGET_PART
fi

echo "--> Labeling as '$BOOTLABEL'..."
e2label $TARGET_PART $BOOTLABEL || exit 1  # FIXME: fails on btrfs boot partitions

if external; then
    echo "--> Mounting new boot partition..."
    MNT=$TMP_DIR/mnt
    mkdir $MNT
    mount $TARGET_PART $MNT || exit 1
else
    MNT=$CURRENT_BOOT_PART
fi


unmount_and_die () {
    if external; then
        umount $MNT && rm -fr $MNT || exit 1
        rm -fr $TMP_DIR
    fi
    exit 1
}

if external; then
    echo "--> Copying your boot images..."
    for f in $CURRENT_BOOT_PART/* ; do
        [ -d $f ] && continue
        echo "Copying $f"
        cp $f $MNT/ || unmount_and_die
    done
fi

echo "--> Rebuilding initramfs modules"
for initramfs in $MNT/initramfs-*.img ; do
    initramfs=`basename $initramfs`
    kernelver=`echo $initramfs | sed 's/initramfs-\(.*\).img/\1/'`
    echo "Generating initramfs $initramfs for kernel $kernelver"
    dracut --force $MNT/$initramfs $kernelver
done

if external; then
    echo "--> Copying grub themes..."
    mkdir -p $MNT/grub2/themes/
    for d in $CURRENT_BOOT_PART/grub2/themes/* ; do
        echo "Copying theme "`basename $d`
        cp -r $d $MNT/grub2/themes/
    done
fi

echo "--> Copying TPM files..."
mkdir $MNT/antievilmaid/
if ! [ -f /var/lib/tpm/system.data ] ; then
    echo "No /var/lib/tpm/system.data file found."
    echo "Seems like you havn't taken ownership of your TPM device..."
    echo "You can use tpm_takeownership to do this."
    unmount_and_die
fi
cp /var/lib/tpm/system.data $MNT/antievilmaid/ || unmount_and_die

if external; then
    echo "--> Installing GRUB2 on the target device..."
    grub2-install --boot-directory=$MNT $TARGET_DEV

    echo "--> Unmounting new boot partition..."
    umount $MNT && rm -fr $MNT || exit 1

    echo "--> Switching boot partition to antievilmaid..."
    umount $CURRENT_BOOT_PART
    mount $TARGET_PART $CURRENT_BOOT_PART
fi

echo "--> Disabling vanilla generation of tboot entries polluting the grub configuration"
chmod -x /etc/grub.d/20_linux_tboot
chmod -x /etc/grub.d/20_linux_xen_tboot

echo "--> Generating grub configuration..."
grub2-mkconfig -o $CURRENT_BOOT_PART/grub2/grub.cfg

if external; then
    echo "--> Reswitching boot partition..."
    umount $CURRENT_BOOT_PART
    mount $CURRENT_BOOT_PART

    #echo "(hd0) $TARGET_DEV" > $TMP_DIR/devices.map
    #/usr/lib/antievilmaid/trustedgrub/grub --device-map=$TMP_DIR/devices.map --batch <<EOF
    #root (hd0,$(($TARGET_BOOT_PARTNO-1)))
    #setup (hd0)
    #quit
    #EOF
    #
    rm -fr $TMP_DIR || exit 1
fi
