#!/bin/sh

rotate_screen() {
	if [ "${DEVICE}" == "n705" ] || [ "${DEVICE}" == "n905b" ] || [ "${DEVICE}" == "n905c" ] || [ "${DEVICE}" == "n613" ] || [ "${DEVICE}" == "n236" ] || [ "${DEVICE}" == "n437" ] || [ "${DEVICE}" == "n306" ]; then
		FB_UR=3
	elif [ "${DEVICE}" == "n873" ]; then
		FB_UR=0
	else
		FB_UR=3
	fi

	echo ${FB_UR} > /sys/class/graphics/fb0/rotate
}

set_progress() {
	echo "${1}" > /run/progress_bar_fifo 2>/dev/null
}

progress_sleep() {
	sleep 0.5
}

mount_alpine_udev() {
	mkdir -p /alpine
	mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
	mount --rbind /proc /mnt/proc
	mount --rbind /proc /alpine/proc
	mount --rbind /sys /mnt/sys
	mount --rbind /sys /alpine/sys
	mount --rbind /dev /mnt/dev
	mount --rbind /dev /alpine/dev
	mount -t tmpfs tmpfs -o nosuid /mnt/tmp
	mount -t tmpfs tmpfs -o nosuid /alpine/tmp
	mount -t tmpfs tmpfs -o nosuid /alpine/run
}

export TERM="linux"

mount -t proc proc /proc
mount -t sysfs sysfs /sys
sleep 1
mount -t devtmpfs devtmpfs /dev
mount -t tmpfs tmpfs -o size=16M /tmp
hostname inkbox
ifconfig lo up

# Direct Firmware Loader (DFL) mode
DFL_KEY_RAW=`timeout 3s evtest /dev/input/event0` 2>/dev/null
DFL_KEY=`echo "$DFL_KEY_RAW" | awk '/Testing .../{p=1}p'`
if echo "$DFL_KEY" | grep -q "KEY_POWER" && echo "$DFL_KEY" | grep -q "KEY_HOME" || echo "$DFL_KEY" | grep -q "KEY_KATAKANA"; then
	echo "Entering DFL mode ..."
	DEVICE=`cat /opt/device`
	mkdir -p /modules
	mount /opt/modules.sqsh /modules
	if [ "$DEVICE" != "n873" ]; then
		insmod /modules/arcotg_udc.ko
	fi
	insmod /modules/g_mass_storage.ko file=/dev/mmcblk0 removable=y stall=0
	/etc/init.d/inkbox-splash dfl
	while true; do
		echo "This device is in DFL mode. Please reset it to resume normal operation."
		sleep 30
	done
fi

KERNEL_VERSION=`uname -a`
KERNEL_BUILD_ID=`cat /opt/build_id`
KERNEL_GIT_COMMIT=`cat /opt/commit`
DEVICE=`cat /opt/device`

main() {
	echo "$KERNEL_VERSION"
	echo "InkBox OS, kernel build $KERNEL_BUILD_ID, commit $KERNEL_GIT_COMMIT"
	echo "Copyright (C) 2021-2022 Nicolas Mailloux <nicolecrivain@gmail.com>"
	echo

	echo "Checking filesystems ..."
	echo
	/usr/bin/fsck.ext4 -y /dev/mmcblk0p1
	if [ "$DEVICE" == "n705" ] || [ "$DEVICE" == "n905b" ] || [ "$DEVICE" == "n905c" ] || [ "$DEVICE" == "n613" ] || [ "$DEVICE" == "n236" ] || [ "$DEVICE" == "n437" ] || [ "$DEVICE" == "n306" ]; then
		/usr/bin/fsck.ext4 -y /dev/mmcblk0p2
	elif [ "$DEVICE" == "n873" ]; then
		/usr/bin/fsck.ext4 -y /dev/mmcblk0p5
	else
		/usr/bin/fsck.ext4 -y /dev/mmcblk0p2
	fi
	if [ "$DEVICE" == "n705" ] || [ "$DEVICE" == "n905b" ] || [ "$DEVICE" == "n905c" ] || [ "$DEVICE" == "n613" ] || [ "$DEVICE" == "n236" ] || [ "$DEVICE" == "n437" ] || [ "$DEVICE" == "n306" ]; then
		/usr/bin/fsck.ext4 -y /dev/mmcblk0p3
	elif [ "$DEVICE" == "n873" ]; then
		/usr/bin/fsck.fat -y /dev/mmcblk0p3
	else
		/usr/bin/fsck.ext4 -y /dev/mmcblk0p3
	fi
	/usr/bin/fsck.ext4 -y /dev/mmcblk0p4
	echo

	UID_FLAG_RAW=`dd if=/dev/mmcblk0 bs=256 skip=3 count=1 status=none`
	UID_FLAG=${UID_FLAG_RAW:0:1}
	if [ "$UID_FLAG" != "1" ]; then
		/opt/bin/uidgen write-mmc
		echo "1" | dd of=/dev/mmcblk0 bs=256 seek=3
	else
		:
	fi

	# Upgrading kernel if needed
	mount -t ext4 /dev/mmcblk0p1 /mnt
	KERNEL_FLASH=`cat /mnt/flags/KERNEL_FLASH` 2>/dev/null
	WILL_UPDATE=`cat /mnt/flags/WILL_UPDATE` 2>/dev/null
	DIAGS_BOOT=`cat /mnt/flags/DIAGS_BOOT` 2>/dev/null
	STARTX=`cat /mnt/flags/X11_START` 2>/dev/null
	MOUNT_RW=`cat /mnt/flags/RW_ROOTFS` 2>/dev/null
	INITRD_DEBUG=`cat /mnt/flags/INITRD_DEBUG` 2>/dev/null
	DONT_BOOT=`cat /mnt/flags/DONT_BOOT` 2>/dev/null
	ENCRYPT_LOCK=`cat /mnt/flags/ENCRYPT_LOCK` 2>/dev/null
	LOGIN_SHELL=`cat /mnt/flags/LOGIN_SHELL` 2>/dev/null

	if [ "$DONT_BOOT" == "true" ]; then
		echo "Device is locked down and will not boot."
		/etc/init.d/inkbox-splash alert_splash 1
		busybox poweroff
		exit 1
	fi

	if [ ! -z "$ENCRYPT_LOCK" ]; then
		CURRENT_EPOCH=`date +%s`
		if [ "$CURRENT_EPOCH" -lt "$ENCRYPT_LOCK" ]; then
			/etc/init.d/inkbox-splash alert_splash 7
			busybox poweroff
			exit 1
		else
			rm -f /mnt/flags/ENCRYPT_LOCK
			sync
		fi
	fi

	## DEBUG ##
	if [ "$INITRD_DEBUG" == "true" ]; then
		mkdir -p /dev/pts
		mount -t devpts devpts /dev/pts
		busybox telnetd
	fi

	if [ "$KERNEL_FLASH" == "true" ]; then
		cp /mnt/boot/uImage /
		sync
		echo "Flashing new kernel..."
		dd if=/uImage of=/dev/mmcblk0 bs=512 seek=81920
		sync
		echo "false" > /mnt/flags/KERNEL_FLASH
		rm /mnt/boot/uImage
		echo "Done, rebooting..."
		reboot
	else
		umount /mnt
		evtest /dev/input/event0 > /tmp/input-log &
		EVTEST_PID=$!

		read -t 5 -n 1 -s -r -p "(initrd) Hit any key to stop auto-boot ... " KEY
		echo

		if [ "$KEY" == "" ]; then
			INPUT_LOG=`cat /tmp/input-log | grep value`
			export INPUT_LOG

			# Device should have been wiped and restored to a factory state
			# Checking if there is still a "noroot" flag in the unpartitioned space
			export ROOT_FLAG=`dd if=/dev/mmcblk0 bs=512 skip=79872 count=1 status=none | head -c6`
			if [ "$ROOT_FLAG" == "rooted" ]; then
				echo "Security policy not enforced; root access permitted."
			else
				/etc/init.d/overlay-mount recovery
				mount -t ext4 /dev/mmcblk0p1 /mnt/boot

				echo "WARNING: User violated security policy!"
				echo "Flashing a new kernel that does not allow root access..."
				dd if=/mnt/opt/recovery/restore/uImage-std of=/dev/mmcblk0 bs=512 seek=81920
				sync
				# We set the ALERT flag to show a GUI warning about what happened
				echo "true" > /mnt/boot/flags/ALERT
				sync
				umount -l -f /mnt/boot
				echo "Done, rebooting..."
				reboot
				exit 0
			fi

			if [ "$INPUT_LOG" == "" ]; then
				if [ "$DIAGS_BOOT" != "true" ]; then
					# If the security policy was violated, we would not be there anymore, so from now on we are booting as usual.
					# Splash
					if [ "${DISPLAY_DEBUG}" != "true" ]; then
						if [ "$WILL_UPDATE" != "true" ]; then
							/etc/init.d/inkbox-splash
							/etc/init.d/inkbox-splash progress_bar_init &
							sleep 2
							set_progress 0
							progress_sleep
							set_progress 5
							progress_sleep
						else
							/etc/init.d/inkbox-splash update_splash &
							UPDATE_SPLASH_PID=$!
							export UPDATE_SPLASH_PID
						fi
					fi

					# Wi-Fi connection
					if [ "$DEVICE" == "n905b" ] || [ "$DEVICE" == "n873" ] || [ "$DEVICE" == "n236" ] || [ "$DEVICE" == "n437" ]; then
						EXPRESS_VERIFICATION=1 /etc/init.d/overlay-mount recovery
						if [ $? == 0 ]; then
							mount_alpine_udev
							chroot /alpine /sbin/openrc "sysinit" &>/dev/null
							if [ $? == 0 ]; then
								timeout 15s /sbin/setup-wifi
							fi
							killall udevd
							umount -l -f /alpine
							umount -l -f /mnt
							umount -l -f /overlaymount-rootfs
							umount -l -f /recoveryfs-part
							losetup -d /dev/loop1
						fi
					fi

					# Root filesystem
					if [ "$MOUNT_RW" == "true" ]; then
						/etc/init.d/overlay-mount rw
						OVERLAYMOUNT_EXITCODE=$?
						if [ $OVERLAYMOUNT_EXITCODE != 0 ]; then
							exit $OVERLAYMOUNT_EXITCODE
						fi
					else
						/etc/init.d/overlay-mount ro
						OVERLAYMOUNT_EXITCODE=$?
						if [ $OVERLAYMOUNT_EXITCODE != 0 ]; then
							exit $OVERLAYMOUNT_EXITCODE
						fi
					fi
					set_progress 15
					progress_sleep

					mount -t ext4 /dev/mmcblk0p1 /mnt/boot

					# Bind-mount a valid passwd file to allow login
					if [ "$LOGIN_SHELL" == "bash" ]; then
						sed -i '1s/.*/root:x:0:0:root:\/root:\/bin\/bash/' /opt/passwd_root
						sed -i '30s/.*/user:x:1000:1000:Linux User,,,:\/:\/bin\/bash/' /opt/passwd_root
					elif [ "$LOGIN_SHELL" == "zsh" ]; then
						sed -i '1s/.*/root:x:0:0:root:\/root:\/usr\/local\/bin\/zsh/' /opt/passwd_root
						sed -i '30s/.*/user:x:1000:1000:Linux User,,,:\/:\/usr\/local\/bin\/zsh/' /opt/passwd_root
					elif [ "$LOGIN_SHELL" == "fish" ]; then
						sed -i '1s/.*/root:x:0:0:root:\/root:\/usr\/bin\/fish/' /opt/passwd_root
						sed -i '30s/.*/user:x:1000:1000:Linux User,,,:\/:\/usr\/bin\/fish/' /opt/passwd_root
					else
						if [ ! -z "$LOGIN_SHELL" ] && [ "$LOGIN_SHELL" != "ash" ]; then
							echo "WARNING: '$LOGIN_SHELL' is not a valid login shell. Falling back to default."
						fi
					fi

					cp /opt/passwd_root /tmp/passwd
					mount --bind /tmp/passwd /mnt/etc/passwd
					mount -t tmpfs tmpfs -o size=8M /mnt/root

					## User storage
					mount -t ext4 /dev/mmcblk0p4 /mnt/opt/storage
					# Config
					mkdir -p /mnt/opt/storage/config
					mkdir -p /mnt/opt/config
					mount --bind /mnt/opt/storage/config /mnt/opt/config
					# Update bundle
					mkdir -p /mnt/opt/storage/update
					mkdir -p /mnt/opt/update
					mount --bind /mnt/opt/storage/update /mnt/opt/update
					# X11/KoBox
					mkdir -p /mnt/opt/storage/X11/rootfs/work
					mkdir -p /mnt/opt/storage/X11/rootfs/write
					mkdir -p /mnt/opt/X11/rootfs
					mount --bind /mnt/opt/storage/X11/rootfs /mnt/opt/X11/rootfs
					set_progress 30
					progress_sleep
					# InkBox GUI's rootfs
					mkdir -p /mnt/opt/storage/gui_rootfs
					mkdir -p /mnt/opt/gui_rootfs
					mount --bind /mnt/opt/storage/gui_rootfs /mnt/opt/gui_rootfs
					# SSHd
					[ ! -e /mnt/opt/storage/ssh ] && mkdir -p /mnt/opt/storage/ssh
					[ ! -e /mnt/opt/storage/ssh/sshd_config ] && touch /mnt/opt/storage/ssh/sshd_config
					mount --bind /mnt/opt/storage/ssh /mnt/etc/ssh
					echo "PermitRootLogin yes" > /tmp/sshd_config
					mount --bind /tmp/sshd_config /mnt/etc/ssh/sshd_config
					set_progress 40
					progress_sleep

					mkdir -p /mnt/opt/root
					mkdir -p /mnt/opt/key
					mkdir -p /mnt/selinux
					mkdir -p /mnt/modules
					losetup /dev/loop7 /opt/root.sqsh
					mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
					losetup /dev/loop6 /opt/key.sqsh
					mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
					losetup /dev/loop5 /opt/modules.sqsh
					mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec

					mount --rbind /proc /mnt/proc
					mount --rbind /sys /mnt/sys
					mount --rbind /dev /mnt/dev
					mount -t tmpfs tmpfs -o size=16M /mnt/tmp
					mount -t tmpfs tmpfs -o size=8M /mnt/var/log
					mount -t tmpfs tmpfs -o size=128K /mnt/opt/developer
					set_progress 45
					progress_sleep

					# Wi-Fi & Internet
					if [ -e "/opt/firmware.sqsh" ]; then
						losetup /dev/loop4 /opt/firmware.sqsh
						mount /dev/loop4 /mnt/lib/firmware
					fi

					if [ -e "/etc/resolv.conf" ]; then
						cp /etc/resolv.conf /tmp/resolv.conf
					else
						touch /tmp/resolv.conf
					fi
					mount --bind /tmp/resolv.conf /mnt/etc/resolv.conf
					
					mount -t tmpfs tmpfs -o nosuid,noexec,nodev,size=512K /mnt/var/db/dhcpcd
					touch /mnt/var/db/dhcpcd/duid
					touch /mnt/opt/storage/dhcpcd_duid
					mount --bind /mnt/opt/storage/dhcpcd_duid /mnt/var/db/dhcpcd/duid
									
					mount -t selinuxfs selinuxfs /mnt/selinux 2>/dev/null

					# Developer key
					/etc/init.d/developer-key
					OVERRIDE_SIGNATURE_VERIFICATION=`cat /mnt/opt/developer/key/valid-key 2>/dev/null`
					if [ "$OVERRIDE_SIGNATURE_VERIFICATION" == "true" ] && [ "$WILL_UPDATE" != "true" ]; then
						/etc/init.d/inkbox-splash developer_splash &
					fi

					# InkBox GUI's rootfs
					busybox chroot /mnt "/usr/bin/openssl" "dgst" "-sha256" "-verify" "/opt/key/public.pem" "-signature" "/opt/storage/gui_rootfs.isa.dgst" "/opt/storage/gui_rootfs.isa" &>/dev/null
					if [ $? != 0 ] && [ "$OVERRIDE_SIGNATURE_VERIFICATION" != "true" ]; then
						echo "FATAL: InkBox GUI root filesystem's signature is invalid!"
						echo "Aborting boot and powering off ..."
						killall -q inkbox-splash
						/etc/init.d/inkbox-splash alert_splash 2
						busybox poweroff
						exit 1
					else
						busybox chroot /mnt "/bin/squashfuse" "/opt/storage/gui_rootfs.isa" "/opt/gui_rootfs/read"
						busybox chroot /mnt "/bin/fuse-overlayfs" "-o" "lowerdir=/opt/gui_rootfs/read,upperdir=/opt/gui_rootfs/write,workdir=/opt/gui_rootfs/work" "/kobo"

						echo true > /mnt/kobo/inkbox/remount
						echo false > /mnt/boot/flags/X11_STARTED
						set_progress 50
						progress_sleep

						# Starting an X server
						if [ "$STARTX" == "true" ]; then
							/etc/init.d/startx
						fi
						set_progress 90
						progress_sleep

						chroot /mnt /sbin/openrc "sysinit"
						set_progress 100
						sleep 1
						echo "stop" > /run/progress_bar_fifo
						/etc/init.d/initrd-fifo
						chroot /mnt /sbin/openrc "boot"
						chroot /mnt /sbin/openrc "default"
						exit 0
					fi
				else
					echo "DIAGS_BOOT is set to 'true', booting into diagnostics..."
					rotate_screen
					mkdir -p /alpine
					/etc/init.d/overlay-mount recovery
					OVERLAYMOUNT_EXITCODE=$?
					if [ $OVERLAYMOUNT_EXITCODE != 0 ]; then
						exit $OVERLAYMOUNT_EXITCODE
					fi
					mount -t ext4 /dev/mmcblk0p1 /mnt/boot

					losetup /dev/loop7 /opt/root.sqsh
					mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
					losetup /dev/loop6 /opt/key.sqsh
					mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
					losetup /dev/loop5 /opt/modules.sqsh
					mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec

					mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
					mount --rbind /proc /mnt/proc
					mount --rbind /proc /alpine/proc
					mount --rbind /sys /mnt/sys
					mount --rbind /sys /alpine/sys
					mount --rbind /dev /mnt/dev
					mount --rbind /dev /alpine/dev
					mount -t tmpfs tmpfs /mnt/tmp
					mount -t tmpfs tmpfs /alpine/tmp
					mount -t tmpfs tmpfs /alpine/run
					chroot /alpine /sbin/openrc "sysinit" &>/dev/null
					chroot /mnt /opt/bin/diagnostics_splash
					sleep 2
					chroot /mnt /opt/recovery/launch.sh &
					exit 0
				fi
			else
				echo "Input event caught, booting into recovery partition..."
				rotate_screen
				mkdir -p /alpine
				/etc/init.d/overlay-mount recovery
				OVERLAYMOUNT_EXITCODE=$?
				if [ $OVERLAYMOUNT_EXITCODE != 0 ]; then
					exit $OVERLAYMOUNT_EXITCODE
				fi
				mount -t ext4 /dev/mmcblk0p1 /mnt/boot

				losetup /dev/loop7 /opt/root.sqsh
				mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
				losetup /dev/loop6 /opt/key.sqsh
				mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
				losetup /dev/loop5 /opt/modules.sqsh
				mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec

				mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
				mount --rbind /proc /mnt/proc
				mount --rbind /proc /alpine/proc
				mount --rbind /sys /mnt/sys
				mount --rbind /sys /alpine/sys
				mount --rbind /dev /mnt/dev
				mount --rbind /dev /alpine/dev
				mount -t tmpfs tmpfs /mnt/tmp
				mount -t tmpfs tmpfs /alpine/tmp
				mount -t tmpfs tmpfs /alpine/run
				chroot /alpine /sbin/openrc "sysinit" &>/dev/null
				chroot /mnt /opt/bin/diagnostics_splash
				sleep 2
				chroot /mnt /opt/recovery/launch.sh &
				exit 0
			fi
		else
			rm /usr/sbin/chroot
			if [ "${DEVICE}" == "emu" ]; then
				echo -e "#!/bin/sh\n\n/sbin/getty -L ttyAMA0 115200 vt100" > /usr/sbin/chroot
			elif [ "${DEVICE}" == "bpi" ]; then
				echo -e "#!/bin/sh\n\n/sbin/getty -L ttyS0 115200 vt100" > /usr/sbin/chroot
			else
				echo -e "#!/bin/sh\n\n/sbin/getty -L ttymxc0 115200 vt100" > /usr/sbin/chroot
			fi
			chmod +x /usr/sbin/chroot
			exit 0
		fi
	fi

	kill -9 $EVTEST_PID
}

mount -t ext4 /dev/mmcblk0p1 /mnt
mkdir -p /mnt/flags
DISPLAY_DEBUG=$(cat /mnt/flags/DISPLAY_DEBUG 2>/dev/null)
umount /mnt
if [ "${DISPLAY_DEBUG}" == "true" ]; then
	mkfifo /tmp/serial-fifo
	/etc/init.d/inkbox-splash display_debug &
	sleep 5
	main &>/tmp/serial-fifo
else
	main
fi