#!/bin/sh
#
# managing our work at the cryptobox
#
# usual workflow:
#   dfsbuild	- create the image directory with dfsbuild
#   config	- apply cryptobox specific changes to the image directory
#   harden	- remove unnecessary packages and disable developer features
#   iso		- create the iso image
#   burn	- burns the image on a cd-rw
#
# final action:
#   release	- the same as "dfsbuild config harden iso"
#
#
# problems of this script:
#  - has to run as root
#  - 'harden' is strangely integrated
#
# you may run this script with multiple arguments, e.g.:
#   cb-build.sh dfsbuild config iso
#
# the action "release" does what it says :)
#  (all developer's features like sshd, writable templates and
#   the test-suite are deactivated, some packages get removed)
#

set -ue

# get the path of a configuration file - local configuration files
# supersede default files
# parameter: base name of the configuration file
function get_config_file()
{
	[ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0
	[ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0
	echo "configuration file ($1) not found!" >&2
	exit 1
}


# the base directory of your local development files
ROOT_DIR=$(dirname "$0")

# the template (default) configuration directory
DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"

# your local configuration directory (existing files supersede the defaults)
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"

# local configuration directory - contains scripts to be executed after
# 'configure'
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"

# template directory for cryptobox specific configuration
TEMPLATE_DIR="cbox-tree.d"

# dfsbuild config
DFS_CONFIG=$(get_config_file dfs-cbox.conf)

# the chroot-wrapper within the cryptobox
CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"


############# include local configuration ##############

if [ -e "$(get_config_file cbox-dev.conf)" ]
	then	source "$(get_config_file cbox-dev.conf)"
	else	echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
		exit 1
  fi

# image directory created by dfsbuild
# the BUILD_DIR is defined in the local cbox-dev.conf
IMAGE_DIR="$BUILD_DIR/image"


####################### functions ######################

function run_dfsbuild()
{
	[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
	dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR" 
	
	# remove iso image of dfsbuild - it is not necessary
	[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
}


function create_iso()
{
	echo "Creating the iso ..."
	mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"
}


function configure_cb()
{
	if [ ! -e "$IMAGE_DIR" ]; then 
		echo -e "Directory \"$IMAGE_DIR\" not found!"
		echo -e "Did you run \"$0 dfsbuild\"?" 
		exit
	fi

	echo "Copying files to the box ..."
		[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
		cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
		rm -rf `find "$TMP_DIR" -type d -name ".svn"`
		cp -dr "$TMP_DIR/." "$IMAGE_DIR"
		rm -rf "$TMP_DIR"
	
	echo "Configuring the cryptobox ..."
		# "harden" removes /etc/issue ...
		if [ -e "$IMAGE_DIR/etc/issue" ]
		  then	sed -i "s/^Version:.*/Revision: $(fetch_revision)/" "$IMAGE_DIR/etc/issue"
		  else	echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
		 fi
		fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
		chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
	
	# source local configure scripts
	[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
	  find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
	     do	echo "Sourcing custom configure script $(basename $file):"
		# execute it in its own environment (to be safe)
		# 'source' implicitly imports all current settings
		# indent these lines to improve the output
		( source "$file" ) 2>&1 | sed 's/^/\t/'
	   done
}


function fetch_revision()
{
	svn -R info 2>&1 | grep ^Revision| cut -f2 -d " " | sort | tail -1 \
		|| echo "unknown release"
}


function blanknburn_cdrw()
{
	cdrecord -v dev=$CDWRITER blank=fast
	cdrecord -v dev=$CDWRITER $IMAGE_FILE
}
################ do it! ######################

[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"

# initialize local directories (easier for users)
for a in $LOCALCONF_DIR $CUSTOM_CONFIGURE_DIR
	do	[ ! -e "$a" ] && mkdir "$a" && chown --reference=. "$a"
  done

# check for uid=0 (necessary for all operations)
[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1

while [ $# -gt 0 ]
   do	case "$1" in
	    dfsbuild )
		run_dfsbuild
		;;
	    config )
		configure_cb normal
		;;
	    iso )
		create_iso
		;;
	    harden )
		chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
	    	;;
	    burn )
		blanknburn_cdrw
		;;
	    release )
	    	$0 dfsbuild config harden iso
		;;
	    help|--help )
		echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | burn | help )"
		echo "  (you may specify more than one action)"
		echo
	    	;;
	    * )
		echo -e "unknown action: $1"
		echo
		$0 help
		exit 1
		;;
	  esac
	  shift
  done