TMPDIR="$AUTOPKGTEST_TMP"

# wrappers
luks1Format() {
    cryptsetup luksFormat --batch-mode --type=luks1 \
        --pbkdf-force-iterations=1000 \
        "$@"
}
luks2Format() {
    cryptsetup luksFormat --batch-mode --type=luks2 \
        --pbkdf=argon2id --pbkdf-force-iterations=4 --pbkdf-memory=32 \
        "$@"
}
diff() { command diff --color=auto --text "$@"; }

# create disk image
CRYPT_IMG="$TMPDIR/disk.img"
CRYPT_DEV=""
install -m0600 /dev/null "$TMPDIR/keyfile"
disk_setup() {
    local lo
    for lo in $(losetup -j "$CRYPT_IMG" | cut -sd: -f1); do
        losetup -d "$lo"
    done
    dd if="/dev/zero" of="$CRYPT_IMG" bs=1M count=64
    CRYPT_DEV="$(losetup --find --show -- "$CRYPT_IMG")"
}

# custom initramfs-tools configuration (to speed things up -- we use
# COMPRESS=zstd since it's reasonably fast and COMPRESS=none is not
# supported)
mkdir "$TMPDIR/initramfs-tools"
mkdir "$TMPDIR/initramfs-tools/conf.d" \
      "$TMPDIR/initramfs-tools/scripts" \
      "$TMPDIR/initramfs-tools/hooks"
cat >"$TMPDIR/initramfs-tools/initramfs.conf" <<-EOF
	COMPRESS=zstd
	MODULES=list
	RESUME=none
	UMASK=0077
EOF

INITRD_IMG="$TMPDIR/initrd.img"
UNMKINITRAMFS_DESTDIR="$TMPDIR/initrd"
unset INITRD_DIR
cleanup_initrd_dir() {
    local d
    if [ -n "${INITRD_DIR+x}" ] && [ -d "$INITRD_DIR" ]; then
        for d in dev proc sys; do
            mountpoint -q "$INITRD_DIR/$d" && umount "$INITRD_DIR/$d" || true
        done
        rm -rf --one-file-system -- "$INITRD_DIR"
    fi
    rm -rf --one-file-system -- "$UNMKINITRAMFS_DESTDIR"
    unset INITRD_DIR
}
trap cleanup_initrd_dir EXIT INT TERM

mkinitramfs() {
    local d p
    command mkinitramfs -d "$TMPDIR/initramfs-tools" -o "$INITRD_IMG"
    # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance
    cleanup_initrd_dir
    command unmkinitramfs "$INITRD_IMG" "$UNMKINITRAMFS_DESTDIR"
    if [ -f "$UNMKINITRAMFS_DESTDIR/sbin/cryptsetup" ]; then
        INITRD_DIR="$UNMKINITRAMFS_DESTDIR"
    else
        for p in "$UNMKINITRAMFS_DESTDIR"/*/sbin/cryptsetup; do
            if [ -f "$p" ] && [ -d "${p%"/sbin/cryptsetup"}/usr" ]; then
                INITRD_DIR="${p%"/sbin/cryptsetup"}"
            fi
        done
    fi
    for d in dev proc sys; do
        mkdir -p "$INITRD_DIR/$d"
        mount --bind "/$d" "$INITRD_DIR/$d"
    done
}
check_initrd_crypttab() {
    local rv=0 err="${1+": $1"}"
    diff --label=a/cryptroot/crypttab --label=b/cryptroot/crypttab \
        --unified --ignore-space-change \
        -- - "$INITRD_DIR/cryptroot/crypttab" || rv=$?
    if [ $rv -ne 0 ]; then
        printf "ERROR$err in file %s line %d\\n" "${BASH_SOURCE[0]}" ${BASH_LINENO[0]} >&2
        exit 1
    fi
}

# vim: set filetype=sh :