rcS-root

#!/bin/sh

mount -t proc proc /proc
mount -t sysfs sysfs /sys
sleep 1
mount -t devtmpfs devtmpfs /dev
mount -t tmpfs tmpfs /tmp
hostname kobo
ifconfig lo up
echo 3 > /sys/class/graphics/fb0/rotate

echo "Checking filesystems ..."
echo
/usr/bin/fsck.ext4 -y /dev/mmcblk0p1
/usr/bin/fsck.ext4 -y /dev/mmcblk0p2
/usr/bin/fsck.ext4 -y /dev/mmcblk0p3
/usr/bin/fsck.ext4 -y /dev/mmcblk0p4
echo

UID_FLAG_RAW=`dd if=/dev/mmcblk0 bs=256 skip=3 count=1 status=none`
UID_FLAG=${UID_FLAG_RAW:0:1}
if [ "$UID_FLAG" != "1" ]; then
	/opt/bin/uidgen write-mmc
	echo "1" | dd of=/dev/mmcblk0 bs=256 seek=3
else
	:
fi

# Upgrading kernel if needed
mount -t ext4 /dev/mmcblk0p1 /mnt
KERNEL_FLASH=`cat /mnt/flags/KERNEL_FLASH` 2>/dev/null
WILL_UPDATE=`cat /mnt/flags/WILL_UPDATE` 2>/dev/null
DIAGS_BOOT=`cat /mnt/flags/DIAGS_BOOT` 2>/dev/null
STARTX=`cat /mnt/flags/X11_START` 2>/dev/null
MOUNT_RW=`cat /mnt/flags/RW_ROOTFS` 2>/dev/null
INITRD_DEBUG=`cat /mnt/flags/INITRD_DEBUG` 2>/dev/null

## DEBUG ##
if [ "$INITRD_DEBUG" == "true" ]; then
	mkdir -p /dev/pts
	mount -t devpts devpts /dev/pts
	busybox telnetd
fi

if [ "$KERNEL_FLASH" == "true" ]; then
	cp /mnt/boot/uImage /
	sync
	echo "Flashing new kernel..."
	dd if=/uImage of=/dev/mmcblk0 bs=512 seek=2048
	sync
	echo "false" > /mnt/flags/KERNEL_FLASH
	rm /mnt/boot/uImage
	echo "Done, rebooting..."
	reboot
else
	umount /mnt
	evtest /dev/input/event0 > /tmp/input-log &
	EVTEST_PID=$!

	read -t 5 -n 1 -s -r -p "(initrd) Hit any key to stop auto-boot ... " KEY
	echo

	if [ "$KEY" == "" ]; then
		INPUT_LOG=`cat /tmp/input-log | grep value`
		export INPUT_LOG

		# Device should have been wiped and restored to a factory state
		# Checking if there is still a "noroot" flag in the unpartitioned space
		export ROOT_FLAG=`dd if=/dev/mmcblk0 bs=512 skip=79872 count=1 status=none | head -c6`
		if [ "$ROOT_FLAG" == "rooted" ]; then
			echo "Security policy not enforced; root access permitted."
		else
			/etc/init.d/overlay-mount ro
			mount -t ext4 /dev/mmcblk0p1 /mnt/boot

			echo "WARNING: User violated security policy!"
			echo "Flashing a new kernel that does not allow root access..."
			mkdir -p /recoveryfs
			mount -t ext4 /dev/mmcblk0p2 /recoveryfs
			dd if=/recoveryfs/opt/recovery/restore/uImage-std of=/dev/mmcblk0 bs=512 seek=2048
			sync
			# We set the ALERT flag to show a GUI warning about what happened
                        echo "true" > /mnt/boot/flags/ALERT
			sync
			echo "Done, rebooting..."
			reboot
			exit 0
		fi

		if [ "$INPUT_LOG" == "" ]; then
			if [ "$DIAGS_BOOT" != "true" ]; then
				# If the security policy was violated, we would not be there anymore, so from now on we are booting as usual.
				# Splash
				if [ "$WILL_UPDATE" != "true" ]; then
					/etc/init.d/inkbox-splash &
				else
					:
				fi

				# Root filesystem
				if [ "$MOUNT_RW" == "true" ]; then
					/etc/init.d/overlay-mount rw
				else
					/etc/init.d/overlay-mount ro
				fi
				mount -t ext4 /dev/mmcblk0p1 /mnt/boot

				# Bind-mount a valid passwd file to allow login
				cp /opt/passwd-root /tmp/passwd
				mount --bind /tmp/passwd /mnt/etc/passwd

				## User storage
				mount -t ext4 /dev/mmcblk0p4 /mnt/opt/storage
				# Config
				mkdir -p /mnt/opt/storage/config
				mkdir -p /mnt/opt/config
				mount --bind /mnt/opt/storage/config /mnt/opt/config
				# Update bundle
				mkdir -p /mnt/opt/storage/update
				mkdir -p /mnt/opt/update
				mount --bind /mnt/opt/storage/update /mnt/opt/update
				# X11/KoBox
				mkdir -p /mnt/opt/storage/X11/rootfs/work
				mkdir -p /mnt/opt/storage/X11/rootfs/write
				mkdir -p /mnt/opt/X11/rootfs
				mount --bind /mnt/opt/storage/X11/rootfs /mnt/opt/X11/rootfs
				# InkBox GUI's rootfs
				mkdir -p /mnt/opt/storage/gui_rootfs
				mkdir -p /mnt/opt/gui_rootfs
				mount --bind /mnt/opt/storage/gui_rootfs /mnt/opt/gui_rootfs

				mkdir -p /mnt/opt/root
				mkdir -p /mnt/opt/key
				mkdir -p /mnt/selinux
				mkdir -p /mnt/modules
				losetup /dev/loop7 /opt/root.sqsh
				mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
				losetup /dev/loop6 /opt/key.sqsh
				mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
				losetup /dev/loop5 /opt/modules.sqsh
				mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec

				mount --rbind /proc /mnt/proc
				mount --rbind /sys /mnt/sys
				mount --rbind /dev /mnt/dev
				mount -t tmpfs tmpfs /mnt/tmp
				mount -t tmpfs tmpfs /mnt/var/log
				mount -t tmpfs tmpfs /mnt/opt/developer
				mount -t selinuxfs selinuxfs /mnt/selinux 2>/dev/null

				# Developer key
				/etc/init.d/developer-key
				OVERRIDE_SIGNATURE_VERIFICATION=`cat /mnt/opt/developer/key/valid-key 2>/dev/null`

				# InkBox GUI's rootfs
				busybox chroot /mnt "/usr/bin/openssl" "dgst" "-sha256" "-verify" "/opt/key/public.pem" "-signature" "/opt/storage/gui_rootfs.isa.dgst" "/opt/storage/gui_rootfs.isa" &>/dev/null
				if [ $? != 0 ]; then
					if [ "$OVERRIDE_SIGNATURE_VERIFICATION" != "true" ]; then
						echo "FATAL: InkBox GUI root filesystem's signature is invalid!"
						echo "Aborting boot and powering off ..."
						busybox poweroff
					else
						:
					fi
				else
					busybox chroot /mnt "/bin/squashfuse" "/opt/storage/gui_rootfs.isa" "/opt/gui_rootfs/read"
					busybox chroot /mnt "/bin/fuse-overlayfs" "-o" "lowerdir=/opt/gui_rootfs/read,upperdir=/opt/gui_rootfs/write,workdir=/opt/gui_rootfs/work" "/kobo"

					echo true > /mnt/kobo/inkbox/remount
					echo false > /mnt/boot/flags/X11_STARTED

					# Starting an X server
					if [ "$STARTX" == "true" ]; then
						/etc/init.d/startx
					fi

					chroot /mnt /sbin/openrc "sysinit"
					chroot /mnt /sbin/openrc "boot"
					chroot /mnt /sbin/openrc "default"
					/etc/init.d/initrd-fifo
					exit 0
				fi
			else
				echo "DIAGS_BOOT is set to 'true', booting into diagnostics..."
				mkdir -p /alpine
				/etc/init.d/overlay-mount recovery
				mount -t ext4 /dev/mmcblk0p1 /mnt/boot

				losetup /dev/loop7 /opt/root.sqsh
				mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
				losetup /dev/loop6 /opt/key.sqsh
				mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
				losetup /dev/loop5 /opt/modules.sqsh
				mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec

				mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
				mount --rbind /proc /mnt/proc
				mount --rbind /proc /alpine/proc
				mount --rbind /sys /mnt/sys
				mount --rbind /sys /alpine/sys
				mount --rbind /dev /mnt/dev
				mount --rbind /dev /alpine/dev
				mount -t tmpfs tmpfs /mnt/tmp
				mount -t tmpfs tmpfs /alpine/tmp
				mount -t tmpfs tmpfs /alpine/run
				chroot /alpine /sbin/openrc "sysinit" &>/dev/null
				chroot /mnt /opt/bin/diagnostics_splash
				sleep 2
				chroot /mnt /opt/recovery/launch.sh &
				exit 0
			fi
		else
			echo "Input event caught, booting into recovery partition..."
			mkdir -p /alpine
			/etc/init.d/overlay-mount recovery
			mount -t ext4 /dev/mmcblk0p1 /mnt/boot

			losetup /dev/loop7 /opt/root.sqsh
			mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
			losetup /dev/loop6 /opt/key.sqsh
			mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
			losetup /dev/loop5 /opt/modules.sqsh
			mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec

			mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
			mount --rbind /proc /mnt/proc
			mount --rbind /proc /alpine/proc
			mount --rbind /sys /mnt/sys
			mount --rbind /sys /alpine/sys
			mount --rbind /dev /mnt/dev
			mount --rbind /dev /alpine/dev
			mount -t tmpfs tmpfs /mnt/tmp
			mount -t tmpfs tmpfs /alpine/tmp
			mount -t tmpfs tmpfs /alpine/run
			chroot /alpine /sbin/openrc "sysinit" &>/dev/null
			chroot /mnt /opt/bin/diagnostics_splash
			sleep 2
			chroot /mnt /opt/recovery/launch.sh &
			exit 0
		fi
	else
		rm /usr/sbin/chroot
		echo -e "#!/bin/sh\n\n/sbin/getty -L ttymxc0 115200 vt100" > /usr/sbin/chroot
		chmod +x /usr/sbin/chroot
		exit 0
	fi
fi

kill -9 $EVTEST_PID