#!/bin/bash

get_fingerprint() {
  local keyfile="$1"
  dropbearkey -y -f "${keyfile}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
}

display_fingerprints() {
  local keyfile

  for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_dss_host_key" "/etc/dropbear/dropbear_ecdsa_host_key" ; do
      if [ -s "${keyfile}" ] ; then
	  echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")"
      fi
  done
}

copy_openssh_keys() {
  local osshrsa="/etc/ssh/ssh_host_rsa_key"
  local osshdsa="/etc/ssh/ssh_host_dsa_key"
  local osshecdsa="/etc/ssh/ssh_host_ecdsa_key"

  local dbpre="/etc/dropbear/dropbear_"

  local return_code=1

  if [ -s "$osshrsa" ]; then
      dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key
      return_code=0
  fi

  if [ -s "$osshdsa" ]; then
      dropbearconvert openssh dropbear $osshdsa ${dbpre}dss_host_key
      return_code=0
  fi

  if [ -s "$osshecdsa" ]; then
      dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key
      return_code=0
  fi

  return $return_code
}

generate_keys() {
  local keyfile keytype
  for keytype in rsa dss ecdsa ; do
      keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
      if [ ! -s "$keyfile" ]; then
	  echo "Generating ${keytype} host key for dropbear ..."
	  dropbearkey -t "${keytype}" -f "${keyfile}"
      fi
  done
}

build ()
{
  #
  # Begin real processing
  #

  # Are we even needed?
  if [ ! -r "/etc/dropbear/root_key" -o ! -s "/etc/dropbear/root_key" ]; then
    echo "There is no root key in /etc/dropbear/root_key existent; exit"
    return 0
  fi

  # if TMPDIR is set leave it alone otherwise set
  [ -z $TMPDIR ] && TMPDIR='/tmp/dropbear_initrd_encrypt'

  # check if TMPDIR exsists if not make it
  [ -d $TMPDIR ] || mkdir -p $TMPDIR

  umask 0022

  [ -d /etc/dropbear ] && mkdir -p /etc/dropbear

  copy_openssh_keys || generate_keys
  display_fingerprints

  add_checked_modules "/drivers/net/"
  add_binary "rm"
  add_binary "killall"
  add_binary "dropbear"

  cat /etc/dropbear/root_key > "${TMPDIR}"/authorized_keys

  add_dir "/.ssh"
  add_file "${TMPDIR}/authorized_keys" "/.ssh/authorized_keys"
  add_full_dir "/etc/dropbear"
  add_file "/lib/libnss_files.so.2"
  add_dir "/var/run"

  touch "${TMPDIR}"/lastlog
  add_dir "/var/log"
  add_file "${TMPDIR}/lastlog" "/var/log/lastlog"

  # cleanup
  rm "${TMPDIR}/authorized_keys"
  rm "${TMPDIR}/lastlog"

  add_runscript
  
}

help ()
{
    cat<<HELPEOF
This hook is meant to be used in conjunction with mkinitcpio-netconf and/or
mkinitcpio-ppp. It DOES NOT provide any default shell. It will only install
and start dropbear on early userspace. In the package mkinitcpio-shells you
will find hooks and shells for remote unlocking a luks root partition,
among others.
HELPEOF
}