#!/bin/sh

# Prereqs:
#  * packages:
#    * block-mount
#    * cryptsetup
#  * move /sbin/block to /sbin/block.bin
#  * install decrypt script to /sbin/decrypt.sh with execute permission
#
# This script should be placed at /upper/sbin/block of the UBIFS overlay,
# or /sbin/block if already on the overlayfs and be set with execute
# permission.
# It is expected that the extroot is on a device that the kernel names as
# sd* or mmcblk*, otherwise modify appropriately.

# Set to 1 to enable debug logs
export DEBUG=

SDIR=${0%/*}
BLOCK="${SDIR}/block.bin"
LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-.}
LD_LIBRARY_PATH="${SDIR}/../usr/lib:${LD_LIBRARY_PATH}"
PATH=$PATH:${SDIR}:${SDIR}/../usr/sbin:${SDIR}/../usr/bin

block() {
  ( exec -a ${0} ${BLOCK} "$@" )
}

if [ "$PREINIT" != "1" ]; then
  exec block "$@"
fi

get_jiffies() {
  head -n3 /proc/timer_list | tail -n1 | cut -d' ' -f 3
}

if [ -z "$BLOCK_LOG" ] && [ -n "$DEBUG" ]; then
  TIME=$(get_jiffies)
  export BLOCK_LOG="/tmp/block.$(printf '%016d' ${TIME:-9999999999}).log"
  exec 2>"$BLOCK_LOG"
  set -x
fi

if [ ! -x "$BLOCK" ]; then
  echo "Error: ${BLOCK} is not an executable" >&2
  return 1
fi

if [ "$1" = "extroot" ] && [ -e ${SDIR}/../.use_crypt_extroot ]; then
  # We are being called to setup the extroot, so make sure crypto block
  # devices are all setup.

  # Hotplug runs too late, create device nodes for /dev/sd*, if there are any
  for SYSDEVPATH in /sys/class/block/sd*; do
    [ ! -f "$SYSDEVPATH"/dev ] && continue
    [ -e "/dev/${SYSDEVPATH##*/}" ] && continue
    MAJMIN=$(cat "$SYSDEVPATH"/dev | tr ':' ' ')
    mknod /dev/${SYSDEVPATH##*/} b $MAJMIN
  done

  # Load modules needed for cryptsetup
  KVER=$(uname -r)
  insmod ${SDIR}/../lib/modules/${KVER}/af_alg.ko
  insmod ${SDIR}/../lib/modules/${KVER}/algif_rng.ko
  insmod ${SDIR}/../lib/modules/${KVER}/algif_hash.ko
  insmod ${SDIR}/../lib/modules/${KVER}/algif_skcipher.ko

  # FIXME: Why does block info only show ubi devices?
#  block info | cut -d: -f1 |
  # Do this hack instead, only check scsi and mmc devices
  find /dev -type b | grep -E "/(sd|mmcblk).*" |
  while read DEVPATH; do
    cryptsetup --disable-locks isLuks $DEVPATH || continue
    export ACTION=add DEVNAME="${DEVPATH##*/}" 
    # Assume this script is located in $OVERLAY/sbin when called
    ALTROOT="${SDIR}/.." "$SDIR"/decrypt.sh || "$SDIR"/decrypt.sh
  done
fi

block "$@"