#!/bin/sh

# lh_binary_encryption(1) - encrypts rootfs
# Copyright (C) 2006-2007 Daniel Baumann <daniel@debian.org>
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
# This is free software, and you are welcome to redistribute it
# under certain conditions; see COPYING for details.

set -e

# Source common functions
for FUNCTION in /usr/share/live-helper/functions/*.sh
do
	. ${FUNCTION}
done

# Set static variables
DESCRIPTION="encrypts rootfs"
HELP=""
USAGE="${PROGRAM} [--force]"

Arguments "${@}"

# Reading configuration files
Read_conffile config/common
Read_conffile config/image
Set_defaults

if [ -n "${LIVE_ENCRYPTION}" ]
then
	# Requiring stage file
	Require_stagefile .stage/bootstrap
	Require_stagefile .stage/binary_rootfs

	# Checking lock file
	Check_lockfile .lock

	# Creating lock file
	Create_lockfile .lock

	# Checking stage file
	Check_stagefile .stage/binary_encryption

	case "${LIVE_FILESYSTEM}" in
		ext2)
			ROOTFS="ext2"
			;;

		plain)
			echo "W: encryption not supported on plain filesystem."
			exit 0
			;;

		squashfs)
			ROOTFS="squashfs"
			;;
	esac

	if [ ! -f chroot/usr/bin/aespipe ]
	then
		PACKAGES="${PACKAGES} aespipe"
	fi

	if [ -n "${PACKAGES}" ]
	then
		# Installing packages
		case "${LH_APT}" in
			apt|apt-get)
				Chroot "apt-get install --yes ${PACKAGES}"
				;;

			aptitude)
				Chroot "aptitude install --assume-yes ${PACKAGES}"
				;;
		esac
	fi

	# Moving image
	mv binary/casper/filesystem.${LIVE_FILESYSTEM} chroot

	echo "Encrypting binary/casper/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."

cat >> chroot/encrypt << EOF
while true
do
	cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS} && break

	echo -n "Something went wrong... Retry? [YES/no] "

	read ANSWER

	if [ "no" = "${ANSWER}" ]
	then
		unset ANSWER
		break
	fi
done
EOF

	Chroot "sh encrypt"

	# Move image
	mv chroot/filesystem.${LIVE_FILESYSTEM} binary/casper
	rm -f chroot/encrypt

	# Removing packages
	if [ -n "${PACKAGES}" ]
	then
		case "${LH_APT}" in
			apt|apt-get)
				Chroot "apt-get remove --purge --yes ${PACKAGES}"
				;;
				aptitude)
				Chroot "aptitude purge --assume-yes ${PACKAGES}"
				;;
		esac
	fi

	# Creating stage file
	Create_stagefile .stage/binary_encryption
fi