#!/bin/bash
# dib-lint: disable=dibdebugtrace
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

set -eu
set -o pipefail

# Reads an encrypted root password from the kernel command line and set
# it to the root user

if [[ $(</proc/cmdline) =~ rootpwd=\"?([^\"]+)\" ]] || \
    [[ $(</proc/cmdline) =~ rootpwd=([^\" ]+)( |$) ]]
then
    pwdhash="${BASH_REMATCH[1]}"
    if ! [[ $pwdhash =~ ^\$ ]]; then
        pwdhash=$(base64 -d <<<"$pwdhash")
    fi
    echo "root:$pwdhash" | chpasswd -e
fi

# Reads a sshkey from the kernel command line and appends it to the root
# user authorized_keys
SSHDIR=/root/.ssh
if [[ $(</proc/cmdline) =~ sshkey=\"?([^\"]+)\" ]]; then
    mkdir -p $SSHDIR
    chmod 700 $SSHDIR
    echo "${BASH_REMATCH[1]}" > $SSHDIR/authorized_keys
    chmod 600 $SSHDIR/authorized_keys
fi
