#!/usr/bin/sh
set -eu
. /usr/local/share/scripts/reliant-common.sh
export RELIANT_INITRAMFS=$RELIANT_TRUE

# Upon encountering issues, prompt the user for the next course of action
reliant_prompt_user() {
    while true; do
	REPLY=$(plymouth ask-question --prompt="System might be compromised. Proceed? [Y(es)/N(o)/S(kip)]")
	case $REPLY in
	    [Yy]*)
		# User confirmed the system is safe to boot
		plymouth display-message --text="Proceeding under user responsibility."
		sleep 1
		plymouth hide-message --text="Proceeding under user responsibility."
		return 0 ;;
	    
	    [Nn]*)
		# User denied that the system is safe to boot
                plymouth display-message --text="Aborted. Emergency shutdown in 15 seconds."
                sleep 15
                reliant_emergency_shutdown ;;

	    [Ss]*)
		# User prompted to boot in unsafe mode
		plymouth display-message --text="Skipped. Booting in unsafe mode."
		sleep 1
		plymouth hide-message --text="Skipped. Booting in unsafe mode."
		exit 0 ;;
	    
            *)
                plymouth display-message --text="Invalid response."
                sleep 1
                plymouth hide-message --text="Invalid response."
		;;
	esac
    done
}

# Ensures the canary files have been wiped by previous shutdown
reliant_security_initramfs_check_canaries() {
    # /rootfs.canary
    if [ -f /rootfs.canary ]; then
        reliant_error "reliant_initramfs_check_canaries: /rootfs.canary exists!"
        return $RELIANT_SECURITY_FAIL
    fi
    
    # /run/run.canary
    if [ -f /run/run.canary ]; then
	reliant_error "reliant_initramfs_check_canaries: /run/run.canary exists!"
        return $RELIANT_SECURITY_FAIL
    fi
    
    # /tmp/tmp.canary
    if [ -f /tmp/tmp.canary ]; then
	reliant_error "reliant_initramfs_check_canaries: /tmp/tmp.canary exists!"
        return $RELIANT_SECURITY_FAIL
    fi
    
    # /sysroot/sysroot.canary
    if [ -f /sysroot/sysroot.canary ]; then
	reliant_error "reliant_initramfs_check_canaries: /sysroot/sysroot.canary exists!" 
        return $RELIANT_SECURITY_FAIL
    fi
    
    # Only after previous ones have been confirmed absent, create the new canaries
    echo "initramfs" > /rootfs.canary
    echo "initramfs" > /run/run.canary
    echo "initramfs" > /tmp/tmp.canary
    echo "initramfs" > /sysroot/sysroot.canary
    return 0
}

# Verifies that the initramfs cannot leak information via non-volatile media, logs or network
reliant_security_check_initramfs() {
    # Run the common checks first
    status_common=$RELIANT_OK
    reliant-security /sysroot                 || status_common=$?
    # No need to report, already done
    
    # Check canaries
    status_canaries=$RELIANT_OK
    reliant_security_initramfs_check_canaries || status_canaries=$?
    echo "[CANARIES]:    $(reliant_err2str $status_canaries)"
    
    # Calculate and return the verdict
    echo -n "[VERDICT]:     "
    if [ $status_common -eq $RELIANT_OK ] && [ $status_canaries -eq $RELIANT_OK ]; then
	echo "SAFE TO BOOT"
	return $RELIANT_OK
    else
	echo "POTENTIALLY COMPROMISED"
	return $RELIANT_SECURITY_FAIL
    fi
}

# Main function
main() {
    # Run the security check
    reliant_security_check_initramfs || {
	plymouth display-message --text="Reliant failed to verify security of the early boot environment."
	sleep 1
	reliant_prompt_user
	# If we reach here, this means that the user has answered with Y(es),
	# otherwise the script would have exited - so we can proceed as planned.
    }
    export RELIANT_SECURE=$RELIANT_TRUE

    # Open and mount the Shufflecake device
    reliant-mount "$RELIANT_SECURE_DEVICE"

    # Run the surgeon script to fix qubes.xml
    surgeon-suture

    # Seal all volumes
    for path in '/run/shufflecake/'*; do
	name="${path##*/}"
	reliant-seal "$name" &>/dev/null
    done
}

main