#!/bin/bash

#set -o errexit
#set -o nounset
#set -o pipefail
#set -o xtrace

## param for rpm run
if [ $# -gt 0 ] && [ $1 == "--rpm-run" ] ; then
  zkk_exit_err=0
else
  zkk_exit_err=1
fi
zkk_exit_ok=0

zkk_crypt_conf=/etc/zkk-crypt/zkk-crypt.conf

. /etc/zkk-crypt/zkk-crypt.conf

## mkdir
if ! [[ -d ${zkk_encdir} ]] ; then
  mkdir -p ${zkk_encdir}
  chmod 0700 ${zkk_encdir}
fi

## mkdir
if ! [[ -d ${zkk_keysdir} ]] ; then
  mkdir -p ${zkk_keysdir}
  chmod 0700 ${zkk_keysdir}
fi

## fstab
if ! grep "^ramfs[[:space:]]\+${zkk_keysdir}[[:space:]]" /etc/fstab >/dev/null ; then
  echo "ramfs  ${zkk_keysdir}  ramfs  mode=0700,nodev,nosuid,noexec,nodiratime,size=1024k  0 0" >> /etc/fstab
fi

if ! /bin/mountpoint -q  ${zkk_keysdir} ; then
  mount ${zkk_keysdir}
fi

### BETTER we do not do this here
# if /bin/mountpoint -q  ${zkk_keysdir} ; then
#  [[ -f ${zkk_keysdir}/${zkk_lukskey} ]] || \
#  dd if=/dev/urandom of=${zkk_keysdir}/${zkk_lukskey} bs=1 count=512
# fi

if ! [[ -f ${zkk_encdir}/${zkk_lukskey}.enc ]] ; then
  echo "Check if ${zkk_keysdir}/${zkk_lukskey} is the right key!"
  echo "store the encrypted luks-key in ${zkk_encdir}/${zkk_lukskey}.enc"
  exit ${zkk_exit_err}
fi

exit ${zkk_exit_ok}

