#!/bin/sh -e
devfile="$1"
mountpoint="$2"
keyfile="$3"
size="${4:-4700372992}"   # default size is for a DVD+R

uid="${SUDO_UID:-0}"
gid="${SUDO_GID:-0}"
fs=ext2
bs=2048

if [ -z "$keyfile" ]; then
	echo >&2 "usage: `basename $0` devfile mountpoint keyfile [size (b)]"
	exit 1
fi
if [ "`id -u`" != 0 ]; then
	echo >&2 "you need to be root"
	exit 1
fi

if [ ! -d "$mountpoint" ]; then
	echo "creating mount point"
	mkdir -p "$mountpoint"
	chown $uid:$gid "$mountpoint"
	chmod go-rwx "$mountpoint"
fi

if [ -e "$devfile" ]; then
	echo >&2 "devfile already exists: $devfile"
	exit 1
fi

key=`gpg -q -d "$keyfile"`

echo "creating device file"
if [ -n "`which hole`" ]; then
	hole "$devfile" "$size"
else
	dd if=/dev/zero of="$devfile" bs=2048 count=$(($size/2048))
fi

chown $uid:$gid "$devfile"
chmod go-rwx "$devfile"

loopdev=`losetup -f`
echo "using $loopdev"

echo -n "randomizing device file"
if [ -z "$PRIVDEV_RANDOMIZE" ]; then
	echo " - disabled"
else
	echo
	head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 |
	 losetup -p 0 -e AES128 "$loopdev" "$devfile"
	dd if=/dev/zero of="$loopdev" bs=4k conv=notrunc 2>/dev/null || true
	losetup -d "$loopdev"
fi


#losetup -K "$keyfile" -e AES128 "$loopdev" "$devfile"
echo "$key" | losetup -p 0 -e AES128 "$loopdev" "$devfile"
echo "creating $fs filesystem"
mkfs -t "$fs" -b -2048 "$loopdev"
tune2fs -r 0 "$loopdev"

#mount -t "$fs" "$devfile" "$mountpoint" -o loop="$loopdev",encryption=AES128,gpgkey="$keyfile"
echo "mounting and fixing permissions"
mount -t "$fs" "$loopdev" "$mountpoint"
chown -R $uid:$gid "$mountpoint"
chmod -R go-rwx "$mountpoint"
umount "$loopdev"
losetup -d "$loopdev"

echo "finished successfully"