#!/bin/bash

disk=""
device=""
device1=""
spart=""
cpart=""
bpart=""
epart=""
drivelist=""
disklist=""

rm -f /tmp/disk* 2> /dev/null
rm -f /tmp/drive* 2> /dev/null
rm -f /tmp/part* 2> /dev/null
rm -f /tmp/device 2> /dev/null
rm -f /tmp/cpar* 2> /dev/null
rm -f /tmp/syspar* 2> /dev/null

lang=$(echo $LANG | awk -F\_ '{print $1}')
case $lang in
	de)
	    export title1="Laufwerke"
	    export title2="TUXEDO Chroot Helfer"
	    export title3="Linux Installation Betreten"
	    export text1="Sorry, keine Platte ausgewählt, beende."
	    export text2="Gewählte Disk:"
	    export text3="Aufgeschlossen"
	    export text4="Betrete installiertes System"
	    export text5="Verlassen Sie das Chroot mittels 'exit' oder Ctrl+d"
	    export text6="Nicht verschlüsselt"
	    export text7="Wählen Sie die Festplatte, welche untersucht werden soll."
	    export text8="Es wurde eine <b>TUXEDO OS Installation</b> gefunden.<br>Mit einem Klick auf <font color=red><b>&nbsp;Ja&nbsp;<b></font> wechseln Sie in das installierte System als Root!<br><font color=red><b>Achtung,</b> alles was Sie nun machen, findet im installierten System statt und ist potentiell gefährlich!</font>"
	    export text9="Mehrere Linux Installationen gefunden\n\nWählen Sie eine Partition für chroot"
	    export text10="Sorry, keine Partition ausgewählt, beende."
	    export text11="Es wurde eine <b>Linux Installation</b> gefunden.<br>Mit einem Klick auf <font color=red><b>&nbsp;Ja&nbsp;</b></font> wechseln Sie in das installierte System als Root!<br><font color=red><b>Achtung,</b> alles was Sie nun machen, findet in dem installierten System statt und ist potentiell gefährlich!</font>"
	    export text12="Es wurde eine <b>LUKS1 verschlüsselte Installation</b> gefunden.<br><br>Mit einem Klick auf <font color=red><b>&nbsp;Ja&nbsp;</b></font> und der Eingabe ihres LUKS Passwortes im nächsten Dialog<br> wechseln Sie in das installierte System als Root!<br><br><font color=red><b>Achtung,</b> alles was sie nun machen, findet im installierten System statt und ist potentiell gefährlich!</font>"
	    export text13="Es wurde eine <b>LUKS2 verschlüsselte Installation</b> gefunden.<br><br>Mit einem Klick auf <font color=red><b>&nbsp;Ja&nbsp;</b></font> und der Eingabe ihres LUKS Passwortes im nächsten Dialog<br> wechseln Sie in das installierte System als Root!<br><br><font color=red><b>Achtung,</b> alles was sie nun machen, findet im installierten System statt und ist potentiell gefährlich!</font>"
	    export text14="Kein Linux System gefunden, beende."
	    export text15="Prüfe auf neue Version online."
	    export text16="Neue Version installiert, bitte starten sie das Script neu"
	    export text17="Kein Internet verfügbar. Um alle Möglichkeiten nutzen zu können, ist eine Internetverbindung empfehlenswert."
	    export text18="Rootrechte benötigt! Bitte führen sie dieses Script als Root aus."
    	    export text19="Prüfe, ob eine neuere Version verfügbar ist und installiere diese."
    	    export text20="Kein System gefunden, ebenuell eine Datenpartition."
    	    export text21="Falsches Passwort. Erneut versuchen?"
	    export textcr="LUKS verschlüsselte Partition gefunden<br><br>LUKS Verschlüsselungspasswort für die Partition eingeben"
	    ;;
	*)
	    export title1="Devices"
	    export title2="TUXEDO chroot helper"
	    export text1="Sorry, no disk choosen, exiting."
	    export text2="Choosen disc:"
	    export text3="Decrypted"
	    export text4="Enter installed system"
	    export text5="Exit the chroot using 'exit' or Ctrl+d"
	    export text6="Not crypted"
	    export text7="Select the hard disk to be examined."
	    export text8="A <b>TUXEDO OS installation</b> was found.<br><br>Click on <font color=red>&nbsp;Yes&nbsp;</font> to switch to the installed system as root!<br><br><Font color=red><b>Attention!</b> Everything you do now takes place in the installed system and is potentially dangerous.</font>"
	    export text9="Multiple linux installations found.\n\nChoose one partition for chroot"
	    export text10="Sorry, no partition choosen. Exiting."
	    export text11="A <b>LINUX installation</b> was found.<br><br><b>Click on <font color=red>&nbsp;Yes&nbsp;</font> to switch to the installed system as root!<br><br><font color=red><b>Attention!</b> Everything you do now takes place in the installed system and is potentially dangerous.</font>"
	    export text12="A <b>LUKS1 encrypted installation</b> was found.<br><br>Click on <font color=red>&nbsp;Yes&nbsp;</font> and type in your LUKS passphrase in the next dialog<br>to switch to the installed system as root!<br><br><font color=red><b>Attention!</b> Everything you do now takes place in the installed system and is potentially dangerous.</font>"
	    export text13="A <b>LUKS2 encrypted installation</b> was found.<br><br>Click on <font color=red>&nbsp;Yes&nbsp;</font> and type in your LUKS passphrase in the next dialog<br>to switch to the installed system as root!<br><br><font color=red><b>Attention!</b> Everything you do now takes place in the installed system and is potentially dangerous.</font>"
	    export text14="No linux system found, exiting."
	    export text15="Check for new version online."
	    export text16="New version installed, please restart that script to use the new version"
    	    export text17="No internet available. An internet connection is recommended to use all facilities."
    	    export text18="Root rights required! Please run this script as root."
    	    export text19="Check if a newer version is available and install it."
    	    export text20="No system found, maybe a data partition."
    	    export text21="Wrong password. Try again?"
	    export textcr="input LUKS passphrase"
	    ;;
esac

is_root() {
if [ "$EUID" -ne 0 ]
    then kdialog --error "$text18" 2>/dev/null
    exit 0
fi
}

inet_on() {
    wget -q --spider https://tuxedocomputers.com
    if [ $? -eq 0 ]; then
            export net="1"
    else
            export net=""
            kdialog --msgbox "$text17" 2>/dev/null
    fi
}

update_task() {
    apt-get update | zenity --progress --title="Update..." --text="$text19" --pulsate --no-cancel --auto-close
    now=$(apt-cache policy tuxedo-repair | sed -n '2p;3q' | awk '{print $2}')
    repo=$(apt-cache policy tuxedo-repair | sed -n '3p;4q' | awk '{print $2}')
    if [ "$repo" != "$now" ]; then
        export inst="yes"
        apt-get -y install tuxedo-repair | zenity --progress --title="Update..." --text="$text19" --pulsate --no-cancel --auto-close
    else
        export inst=""
    fi
}

is_tomte() {
    is_tomte=""
    if [ $(ls -d /mnt/$syspart/etc/tomte) ] || [ $(ls -d /mnt/$syspart/@/etc/tomte) ] || [ $(ls -d /mnt/etc/tomte) ] || [ $(ls -d /mnt/@/etc/tomte) ] || [ $(ls -d /mnt/$cpart/etc/tomte) ] || [ $(ls -d /mnt/$cpart/@/etc/tomte) ] || [ $(ls -d /mnt/$syspart/var/log/tomte) ] || [ $(ls -d /mnt/$syspart/@/var/log/tomte) ]
    then
        is_tomte="tomte"
    fi
}

is_txos() {
    is_txos=""
    if [ $(grep TUXEDOOS /mnt/$syspart/var/log/tuxedo-install.log 2>/dev/null | grep "read confg" | awk '{print $1}') ] || [ $(ls /mnt/$syspart/etc/tuxedo-os-version 2>/dev/null) ] || [ $(grep -m1 tuxedo /mnt/$syspart/etc/os-release 2>/dev/null) ] || [ $(grep TUXEDOOS /mnt/$syspart/@/var/log/tuxedo-install.log 2>/dev/null | grep "read confg" | awk '{print $1}') ] || [ $(ls /mnt/$syspart/@/etc/tuxedo-os-version 2>/dev/null) ] || [ $(grep -m1 tuxedo /mnt/$syspart/@/etc/os-release 2>/dev/null) ]
    then
        is_txos="txos"
    fi
}

find_crypt() {
    is_crypt=$(lsblk -fs | grep $part | grep -i luks | awk '{print $1}')
    if [ "$is_crypt" ]; then
        is_luks1=$(cryptsetup luksDump /dev/$part | grep Version | awk '{print $2}' | grep 1)
        is_luks2=$(cryptsetup luksDump /dev/$part | grep Version | awk '{print $2}' | grep 2)
    fi
}

find_disk(){
    rm -f /tmp/disk* 2> /dev/null
    rm -f /tmp/device* 2> /dev/null
    lsblk | awk '/disk/{ print $1 }' | sort >/tmp/disklist2
    for m in $(lsblk -lf -o Name,TYPE,FSTYPE | grep -E "ext|btrfs|xfs|LUKS" | awk '{ print $1 }' | egrep "sd|hd|vd" | cut -c1-3 | sort | uniq); do sed -i "/\<$m\>/d" /tmp/disklist2; done
    for n in $(lsblk -lf -o Name,TYPE,FSTYPE | grep -E "ext|btrfs|xfs|LUKS" | awk '{ print $1 }' | grep nvme | cut -c1-7 | sort | uniq); do sed -i "/\<$n\>/d" /tmp/disklist2; done
    for e in $(lsblk -lf -o Name,TYPE,SUBSYSTEMS | grep usb | awk '/disk/{ print $1 }'| sort | uniq); do sed -i "/\<$e\>/d" /tmp/disklist2; done
    blacklist=$(cat /tmp/disklist2)
    for x in $(lsblk -dnl -o NAME,RM | grep -E -v " 1|loop" | awk '{print $1}'); do lsblk -lfo NAME,FSTYPE | grep $x > /tmp/disk_$x.txt; done
    for liste in /tmp/disk_*; do cat $liste >> /tmp/disklist.txt; done
    if [ $blacklist ]; then
        for i in $(lsblk -dn -o NAME,TYPE,SUBSYSTEMS | grep -E -iv "loop|rom|usb|$blacklist" | awk '{print$1}'); do
        z=$(lsblk -dn -o NAME,Size | grep $i | awk '{print $2}')
        echo -e  $i'\t'\'$i'\t'$z'\t'$(cat /sys/block/$i/device/model | sed 's/*_//')\' | sed "s/\ '/\'/g"
        done 1> /tmp/device1 2> /dev/null
    else
        for i in $(lsblk -dn -o NAME,TYPE,SUBSYSTEMS | grep -E -iv "loop|rom|usb" | awk '{print$1}'); do
            z=$(lsblk -dn -o NAME,Size | grep $i | awk '{print $2}')
            echo -e  $i'\t'\'$i'\t'$z'\t'$(cat /sys/block/$i/device/model | sed 's/*_//')\' | sed "s/\ '/\'/g"
		done 1> /tmp/device1 2> /dev/null
    fi
    cat /tmp/device1 | sort 1> /tmp/device 2> /dev/null
    if [ "$(cat /tmp/device | wc -l)" -ge 2 ]; then
        disk=$(dialog_disk.pl)
    else
        disk=$(cat /tmp/device | awk '{print $1}')
    fi
    if [ -z "$disk" ]; then
        kdialog --sorry "<p><h3>$text1</h3></p>" 2> /dev/null
        exit
    fi
    echo $text2 $disk
}

partlist() {
    blkid -c /dev/null | grep -iE "ext|btrf|xfs|luks" | grep -E -iv "ntfs|gap|ventoy|reserved|fat" | awk '{print $1}' | grep $disk | awk -F\: '{print $1}' | awk -F\/ '{print $3}' | sort > /tmp/partlist1
    for x in $(cat /tmp/partlist1); do
	mkdir -p /mnt/$x && mount /dev/$x /mnt/$x 2>/dev/null
    done
    is_boot=$(ls -d /mnt/*/grub 2>/dev/null | awk -F\/ '{print $3}' || ls -d /mnt/*/@/grub 2>/dev/null | awk -F\/ '{print $3}')
    if [ "$is_boot" ]; then
	for p in $(cat /tmp/partlist1 | grep -v $is_boot); do
		x=$(lsblk -lf -o NAME,FSTYPE,SIZE | grep $p | sed s/crypto_// | awk '{print $1}')
		z=$(lsblk -lf -o NAME,FSTYPE,SIZE | grep $p | sed s/crypto_// | awk '{print $2}')
		y=$(lsblk -lf -o NAME,FSTYPE,SIZE | grep $p | sed s/crypto_// | awk '{print $3}')
		echo -e  $p' '\'$p'\t     '$z'\t'$y\'
	done 1> /tmp/partlist 2> /dev/null
	umount -R /mnt/* 2>/dev/null
    else
	for p in $(cat /tmp/partlist1); do
		x=$(lsblk -lf -o NAME,FSTYPE,SIZE | grep $p | sed s/crypto_// | awk '{print $1}')
		z=$(lsblk -lf -o NAME,FSTYPE,SIZE | grep $p | sed s/crypto_// | awk '{print $2}')
		y=$(lsblk -lf -o NAME,FSTYPE,SIZE | grep $p | sed s/crypto_// | awk '{print $3}')
		echo -e  $p' '\'$p'\t     '$z'\t'$y\'
	done 1> /tmp/partlist 2> /dev/null
	umount -R /mnt/* 2>/dev/null
    fi
    if [ "$(cat /tmp/partlist | wc -l)" -ge 2 ]; then
	part=$(dialog_part.pl)
	if [ -z "$part" ]; then
	    kdialog --sorry "<p><h3>$text10</h3></p>" 2> /dev/null
	    exit 1
	fi
    else
	part=$(cat /tmp/partlist | awk '{print $1}')
    fi
    echo "gewählte Partition" $part
}

find_part() {
        mkdir /mnt/$part 2>/dev/null
        mount /dev/$part /mnt/$part
        syspart=$part
        if [ $(ls -ld /mnt/$syspart/@ 2>/dev/null | awk '{print $2}') ]; then
            umount /mnt/$syspart 2>/dev/null
            mount /dev/$part /mnt/$syspart -o suvvol=@
            svol=1
        else
            svol=0
        fi
        if [ ! $(ls -f /mnt/$syspart/etc/fstab 2>/dev/null) ]; then
            kdialog --sorry "$text20" 2>/dev/null
            umount /mnt/$syspart 2>/dev/null
            mount /dev/$part /mnt/$syspart -o suvvol=@
            exit 0
        else
            is_txos 2>/dev/null
            is_tomte 2>/dev/null
        fi
        umount -R /mnt/* 2>/dev/null
        umount -R /mnt 2> /dev/null
}

find_crpart2() {
        cpart=$part
        ERC=1
        until [ $ERC -ne 1 ]
            do
			CPASS=$(kdialog --password "<p><font size=4>&emsp;$textcr</font></p>" 2> /dev/null)
            ret=$?
            if [ "$ret" = 0 ] && [ "$CPASS" ]; then
				printf '%s\n' ${CPASS} | cryptsetup -q luksOpen /dev/$cpart cryptdev_$cpart
                ret1=$?
            else
                ret1=255
            fi
            if [ "$ret" = 0 ] && [ "$ret1" -ge 1 ] && [ ! "$CPASS" ]; then
                clear
                sleep 1
                ERC=1
            else
                if [ "$ret" = 0 ] && [ "$ret1" -ge 1 ]; then
                    kdialog --sorry "$text21" 2>/dev/null
                    ERC=1
                else
                    set +H
                    ERC=0
                    break;
                fi
            fi
        done
        case $ret in
            0)
                echo ""
                ;;
            1)
                exit 1
                ;;
            255)
                exit 1
                ;;
        esac
        for z in $( vgscan | awk -F\" '{ print $2 }'); do vgchange -ay $z >/dev/null; done 2>/dev/null
        spart=$(blkid -c /dev/null | grep mapper | grep -E "ext|btrfs|xfs" | awk '{print $1}' | awk -F\: '{print $1}')
        syspart=$cpart
        mkdir -p /mnt/$syspart
        mount $spart /mnt/$syspart
        if [ $(ls -ld /mnt/$syspart/@ 2>/dev/null | awk '{print $2}') ]; then
            svol=1
            cdev=$(awk '/luks/{print $1}' /mnt/$syspart/@/etc/crypttab)
        else
            svol=0
            cdev=$(awk '/luks/{print $1}' /mnt/$syspart/etc/crypttab)
        fi
        is_txos 2>/dev/null
        is_tomte 2>/dev/null
        umount -R /mnt/* 2>/dev/null
        umount -R /mnt 2>/dev/null
        for z in $( vgscan | awk -F\" '{ print $2 }'); do vgchange -a n $z >/dev/null; done >/dev/null
        for c in $( dmsetup info -c | awk '/LUKS/{ print $1 }'); do cryptsetup luksClose $c >/dev/null ; done >/dev/null
        printf '%s\n' ${CPASS} | cryptsetup luksOpen -q /dev/$cpart  $cdev
        for z in $( vgscan | awk -F\" '{ print $2 }'); do vgchange -ay $z >/dev/null ; done >/dev/null
        syspart=$(blkid | grep mapper | grep -E "ext|btrf|xfs" | awk '{print $1}' | awk -F\: '{print $1}')
}

find_crpart1() {
        cpart=$part
        syspart=luks\-$(lsblk -fl | grep $part | awk '/LUKS/{print $4}')
        pwdata=$(tempfile 2>/dev/null)
        # trap it
        trap "rm -f $pwata" 0 1 2 5 15

        # get password
        ERC=1
        until [ $ERC -ne 1 ]
            do
	    trap "rm -f $pwata" 0 1 2 5 15
            dialog --title "LUKS 1 password" --clear --insecure --passwordbox "$textcr" 10 40 2> $pwdata
            ret=$?
            if [ "$ret" = 0 ] && [ "$(cat $pwdata)" ]; then
                printf '%s\n' $(cat $pwdata) | cryptsetup luksOpen -q /dev/$cpart $syspart 2>/dev/null
                ret1=$?
            else
                ret1=255
            fi
            if [ "$ret" = 0 ] && [ "$ret1" -ge 1 ] && [ ! "$(cat $pwdata)" ]; then
                dialog --msgbox "alles Leer" 8 30
                #clear
                sleep 1
                ERC=1
            else
                if [ "$ret" = 0 ] && [ "$ret1" -ge 1 ]; then
                    dialog --msgbox "$text14" 8 30
                    ERC=1
                else
                    set +H
                    ERC=0
                    break;
                fi
            fi
        done
        case $ret in
            0)
                ;;
            1)
                #dialog --msgbox "Cancel Pressed" 8 30
                echo "Cancel pressed."
                exit 1
                ;;
            255)
                exit 1
                ;;
        esac
        mount /dev/mapper/$syspart /mnt/$syspart
        if [ $(ls -ld /mnt/@ 2>/dev/null | awk '{print $2}') ]; then
            svol=1
            umount -R /mnt 2> /dev/null
            mount -o subvol=@ /dev/mapper/$real_cr /mnt/$syspart
        else
            svol=0
        fi
        is_tomte 2>/dev/null
        is_txos 2>/dev/null
        umount -R /mnt/* 2> /dev/null
        umount -R /mnt 2> /dev/null
}

do_work() {
    if [ "$is_luks2" ]; then
        if [ "$svol" = 1 ]; then
            mount -o subvol=@ $syspart /mnt
        else
            mount $syspart /mnt
        fi
    fi
    if [ "$is_luks1" ]; then
        if [ "$svol" = 1 ]; then
            mount -o subvol=@ /dev/mapper/$syspart /mnt
        else
            mount /dev/mapper/$syspart /mnt
        fi
    fi
    if [ ! "$is_crypt" ]; then
        if [ "$svol" = 1 ]; then
            mount -o subvol=@ /dev/$syspart /mnt
        else
            mount /dev/$syspart /mnt
        fi
    fi
    for i in /dev /dev/pts /proc /sys /sys/firmware/efi/efivars /run; do  mount -B $i /mnt$i; done
    mv /mnt/etc/resolv.conf /mnt/etc/resolv.conf.bak 2>/dev/null
    cp /etc/resolv.conf /mnt/etc/
    hostname chroot
    chroot /mnt /bin/sh -c "mount -a || true && /bin/bash"
    hostname $(cat /etc/hostname)
    rm /mnt/etc/resolv.conf
    mv /mnt/etc/resolv.conf.bak /mnt/etc/resolv.conf 2>/dev/null
    umount -R /mnt 2> /dev/null
    umount -R /mnt/* 2> /dev/null
}

is_root
inet_on
if [ "$net" ]; then
    update_task
fi
if [ "$inst" ]; then
    kdialog --sorry "$text16" 2>/dev/null
    exit
fi
find_disk
partlist
find_crypt
if [ "$is_luks2" ]; then
	find_crpart2
fi
if [ $is_luks1 ]; then
	find_crpart1
fi
if [ ! $is_crypt ]; then
	find_part
fi
if [ "$is_txos" ]; then
    kdialog --warningyesno "$text8" 2>/dev/null
    ret=$?
else
    kdialog --warningyesno "$text11" 2>/dev/null
    ret=$?
fi
if [ "$ret" = 0 ]; then
    do_work
else
    for z in $( vgscan | awk -F\" '{ print $2 }'); do vgchange -a n $z >/dev/null; done
    for c in $( dmsetup info -c | awk '/LUKS/{ print $1 }'); do cryptsetup luksClose $c >/dev/null; done
    umount -R /mnt/* 2>/dev/null
    umount -R /mnt 2>/dev/null
    exit 0
fi
for z in $( vgscan | awk -F\" '{ print $2 }'); do vgchange -a n $z >/dev/null; done
for c in $( dmsetup info -c | awk '/LUKS/{ print $1 }'); do cryptsetup luksClose $c >/dev/null; done
umount -R /mnt/* 2>/dev/null
umount -R /mnt 2>/dev/null
exit 0
