#! /bin/sh

echo Starting Stork initscript: Stage 1

# check for root user
if [ $UID -ne "0" ]
then
   echo "You must run this program with root permissions..."
   exit 1
fi

# logging: mark when the stage1 initscript started running
date > /tmp/stork_initscript_stage1.log

# there is no mutex in this script; any mutex is placed in the stage2
# initscript. This script uses unique temporary filenames to handle the case
# where two instances could be executed at the same time.

# filename for the publickey we will use to verify the stage2 initscript
PUBKEY_FN=`mktemp -t stork-publickey.XXXXXXXXXX`

# filename for the extract stage2 initscript
STAGE2_FN=`mktemp -t stork-stage2-initscript.XXXXXXXXXX`

# URL for the stage2 initscript
STAGE2_URL="http://stork-repository.cs.arizona.edu/stork-install/initscript_stage2"

# filename and URL for the signature of the stage2 initscript
STAGE2_SIGNATURE_FN=$STAGE2_FN.signature
STAGE2_SIGNATURE_URL=$STAGE2_URL.signature

# create the public key file
echo "-----BEGIN PUBLIC KEY-----" > $PUBKEY_FN
echo "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALAfnXGY23wti1DrlMU2i4292LS6Pd1j" >> $PUBKEY_FN
echo "6JyL3wZjCs3TIn0bmKDX4kPUUGJ3cExU7FUtgm6FX8h5daNojni7wVECAwEAAQ==" >> $PUBKEY_FN
echo "-----END PUBLIC KEY-----" >> $PUBKEY_FN

DELAY=1
RETRY=1

while [ $RETRY -eq 1 ]; do
   # break out of loop by default
   RETRY=0

   # download the stage2 initscript
   wget $STAGE2_URL -O $STAGE2_FN
   if [ ! -f $STAGE2_FN -o $? -ne 0 ]
   then
      echo "Failed to download $STAGE2_URL"
      RETRY=1
   fi

   # download the signature
   if [ $RETRY -eq 0 ]; then
      wget $STAGE2_SIGNATURE_URL -O $STAGE2_SIGNATURE_FN
      if [ ! -f $STAGE2_SIGNATURE_FN -o $? -ne 0 ]
      then
         echo "Failed to download $STAGE2_SIGNATURE_URL"
         RETRY=1
      fi
   fi

   # make sure the signature is correct
   if [ $RETRY -eq 0 ]; then
      # verify the signature
      RESULT=`openssl dgst -signature $STAGE2_SIGNATURE_FN -verify $PUBKEY_FN $STAGE2_FN`
      echo "Signature Verification: $RESULT"
      if [ "$RESULT" != "Verified OK" ]; then
         echo "OpenSSL failed to verify $STAGE2_SIGNATURE_FN"
         RETRY=1
      fi
   fi

   # if something went wrong, then retry. This covers connection errors as
   # well as problems with the stork repository itself. If the repository is
   # offline, then the script will keep retrying until it comes online.
   if [ $RETRY -eq 1 ]; then
      echo "Delaying $DELAY seconds"

      sleep $DELAY

      # exponential backoff, up to 1 hour between retrievals
      DELAY=`expr $DELAY \* 2`
      if [ $DELAY -gt 3600 ]; then
          DELAY=3600
      fi
   fi

done

echo "running stage2 initscript"
sh $STAGE2_FN