#!/bin/sh

set -e

KEY_TYPES="ed25519 ecdsa rsa"

get_fingerprint() {
    kf="$1"
    dropbearkey -y -f "${kf}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
}

display_fingerprints() {
    for kt in $KEY_TYPES; do
        kf="/etc/dropbear/dropbear_${kt}_host_key"
        if [ -s "${kf}" ]; then
            echo "$(basename "${kf}") : $(get_fingerprint "${kf}")"
        fi
    done
}

copy_openssh_keys() {
    return_code=1

    for kt in $KEY_TYPES; do
        osshkey="/etc/ssh/ssh_host_${kt}_key"
        if [ -s "$osshkey" ]; then
            dropbearconvert \
                openssh dropbear \
                "$osshkey" \
                "/etc/dropbear/dropbear_${kt}_host_key"
            return_code=0
        fi
    done

    return $return_code
}

generate_keys() {
    for kt in $KEY_TYPES; do
        kf="/etc/dropbear/dropbear_${kt}_host_key"
        if [ ! -s "$kf" ]; then
            echo "Generating ${kt} host key for dropbear ..."
            dropbearkey -t "${kt}" -f "${kf}"
        fi
    done
}

build() {
    #
    # Begin real processing
    #

    # Are we even needed?
    if [ ! -r "/etc/dropbear/root_key" ] || [ ! -s "/etc/dropbear/root_key" ]; then
        echo "There is no root key in /etc/dropbear/root_key existent; exit"
        return 0
    fi

    # if TMPDIR is set leave it alone otherwise set
    [ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt'

    # check if TMPDIR exsists if not make it
    [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"

    umask 0022

    [ -d /etc/dropbear ] && mkdir -p /etc/dropbear

    copy_openssh_keys || generate_keys
    display_fingerprints

    add_checked_modules "/drivers/net/"
    add_binary "rm"
    add_binary "killall"
    add_binary "dropbear"

    add_dir "/root/.ssh"
    cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys

    add_full_dir "/etc/dropbear"
    add_file "/lib/libnss_files.so.2"
    add_dir "/var/run"
    add_dir "/var/log"
    touch "${BUILDROOT}"/var/log/lastlog

    add_runscript
}

help() {
    cat <<HELPEOF
This hook is meant to be used in conjunction with mkinitcpio-netconf and/or
mkinitcpio-ppp. It DOES NOT provide any default shell. It will only install
and start dropbear on early userspace. In the package mkinitcpio-utils you
will find hooks and shells for remote unlocking a luks root partition,
among others.
HELPEOF
}