#!/sbin/sh

# $Id: mdimage-startup.sh 493955 2012-01-31 04:15:37Z ib-builder $

# Copyright (c) 2009, Juniper Networks, Inc.
# All rights reserved.

# This script is the init process for the mdimage boot.
# It does the following:
#	1. Launch itself again with a proper terminal *MUST COME FIRST*
#	2. Mount CF and restore loader.conf so that we start normally next time
#	3. Check for /cf/etc/mdimage-operation and source this file
#	4. Unmount everything
#	5. Execute the operation specified in mdimage-operation
#	6. Reboot.


PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

# work-around a bios bug (reset funny vt100 terminal modes).
echo -e "\e[0m"

# This piece of code is borrowed from the install script.
# The settty part has to happen *FIRST* otherwise bad things happen -
# script dies, kernel panics!!

# tell expr to behave sanely 
# ie. use intmax_t for aritmetic rather than long
export EXPR_COMPAT=1

if [ "$$" = 1 ] ; then
    if [ "$FIRSTPASS" = "" ] ; then
        FIRSTPASS=no
        export FIRSTPASS
        exec settty /dev/console $0 "$@"
    fi
    /sbin/watchdog -off
fi

# Disable SIGINT and SIGQUIT so that this script cannot be killed
trap '' SIGINT SIGQUIT


# NOTE: Do not enable this code unless for debugging as it allows
# a single user shell to be started without any authentication.
#
# Allow single user shell to be started 
# case "$@" in
#    *-s*)
#        /sbin/sh
#        reboot 
#    ;;
# esac


# These are basically #defines
root_cf_mount="/a"
mdimage_operation_file="$root_cf_mount/cf/etc/mdimage-operation"
backup_loader_conf_file="$root_cf_mount/cf/boot/loader.normalboot.bak"
active_loader_conf_file="$root_cf_mount/cf/boot/loader.conf"
operation=''

INSECURE=

# First step is to look at what media we have.
# We are mainly interested in CF and/or disk.
for DEV in /dev/ad?s1a /dev/da?s1a /oops
do
    [ -c $DEV ] || continue
    # Run fsck before attempting to mount
    fsck -y $DEV > /dev/null 2>&1
    # Mount the CF so that we can access files in there
    mount $DEV $root_cf_mount

    # Check if the console (ttyd0) is marked 'off' or 'insecure'
    case `egrep '^ttyd0 .*(off|ins).*cure' $root_cf_mount/etc/ttys 2> /dev/null` in
    *off*|*insecure*) INSECURE=insecure;;
    esac

    # If the file exists then proceed with special ops
    if [ -f "$mdimage_operation_file" ]; then
        # Source the need zeroize file for operation related variables
        . "$mdimage_operation_file"
        rm -f $mdimage_operation_file > /dev/null 2>&1
        break
    else
        operation=''
        # this was not the one we were looking for
        umount $root_cf_mount
    fi
done
if [ ! -c ${DEV:-/no/boot/dev} ]; then
    # we did not find any dev - we're wasting our time

    # Enable the watchdog 
    /sbin/watchdog -on 

    # That's all folks ...

    echo "Rebooting..."
    reboot
fi

# Check if we are zeroizing, we can skip things if so.
case "$operation" in
zeroize)
    SKIP_ZEROIZE=:
    DO_ZEROIZE=
    ;;
*)
    SKIP_ZEROIZE=
    DO_ZEROIZE=:
    fsck -y ${DEV%a}e > /dev/null 2>&1
    ;;
esac
# Restore loader.conf so that we start normally next time
if [ -f "$backup_loader_conf_file" ]; then 
    mv "$backup_loader_conf_file" "$active_loader_conf_file"
else
    echo "WARNING: $backup_loader_conf_file was not found"
    rm -f "$active_loader_conf_file"
    echo 'kernel="kernel"'    >> "$active_loader_conf_file"
    echo 'autoboot_delay="3"' >> "$active_loader_conf_file"
fi

# Flag the successful boot condition. This ensures we reboot from
# the same media after repartition, without this BIOS will try to
# boot us from the next available boot device.
# On a normal boot init sets this, but in this case we are init!
sysctl machdep.bootsuccess=1 > /dev/null 2>&1

# Unmount CF - The operations can mount whatever they want later
umount $root_cf_mount


# Drive the operations
export DEV SKIP_ZEROIZE DO_ZEROIZE OPERATION=$operation 
case "$operation" in
repartition)
    /sbin/mdimage-prepare && /sbin/mdimage-repartition
    ;;

zeroize)
    /sbin/sh /sbin/rc.zeroize mdimage
    ;;

single-user)
    if [ "$INSECURE" ]; then
        echo "$operation: Permission denied"
    else
        echo "Type 'exit' to reboot"
        /sbin/sh
    fi
    ;;
    
*) # Unsupported
    echo "Not performing unsupported operation: $operation"
    ;;
esac

# Enable the watchdog 
/sbin/watchdog -on 

# That's all folks ...

echo "Rebooting..."
reboot

