#!/bin/sh

## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#set -x

true "grub-live $0: START"

set -e
set -o allexport

make_boot_entry='true'

## NOTE: Code duplication.
## Copied from: helper-scripts /usr/libexec/helper-scripts/package_installed_check.sh
pkg_installed() {
   local package_name dpkg_query_output
   local requested_action status error_state

   package_name="$1"
   ## Cannot use '&>' because it is a bashism.
   dpkg_query_output="$(dpkg-query --show --showformat='${Status}' "$package_name" 2>/dev/null)" || true
   ## dpkg_query_output Examples:
   ## install ok half-configured
   ## install ok installed

   requested_action=$(printf '%s' "$dpkg_query_output" | awk '{print $1}')
   status=$(printf '%s' "$dpkg_query_output" | awk '{print $2}')
   error_state=$(printf '%s' "$dpkg_query_output" | awk '{print $3}')

   if [ "$requested_action" = 'install' ]; then
      true "$0: INFO: $package_name is installed, ok."
      return 0
   fi

   true "$0: INFO: $package_name is not installed, ok."
   return 1
}

grub_distributor_appendix="LIVE Mode | USER Session | disposable use"
if [ -e '/etc/kicksecure_version' ]; then
   GRUB_DISTRIBUTOR="$grub_distributor_appendix"
elif pkg_installed 'whonix-ws-network-conf'; then
   GRUB_DISTRIBUTOR="$grub_distributor_appendix"
elif pkg_installed 'whonix-gw-network-conf'; then
   GRUB_DISTRIBUTOR="$grub_distributor_appendix"
else
   GRUB_DISTRIBUTOR="$grub_distributor_appendix"
fi
GRUB_DISABLE_RECOVERY="true"

if ! pkg_installed grub-live ; then
   echo "\
grub-live $0: ERROR: Package grub-live is not installed. File '$0' is probably a leftover. This means that no live mode boot menu entry will be added.
" >&2
   exit 0
fi

## NOTE: If changing kernel parameters, please also update at the same time:
##       /usr/lib/systemd/system/systemd-repart.service.d/30_grub-live.conf

if pkg_installed dracut ; then
   true "grub-live $0: INFO: dracut detected, ok."
   if ! test -x /usr/lib/dracut/modules.d/90overlay-root/overlay-mount.sh ; then
      echo "\
grub-live $0: ERROR: It has been detected that this system is using dracut but but file /usr/lib/dracut/modules.d/90overlay-root/overlay-mount.sh is not executable. This means that no live mode boot menu entry will be added.
" >&2
      exit 0
   fi

   ## https://www.kicksecure.com/wiki/Grub-live#Developer_Information

   ## using Debian forked upstream module 90overlay-root
   GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rootovl "

   ## using dracut upstream module 90overlayfs
   ## NOTE: overlayfs module needed
   ## Disabled on Debian trixie because it breaks live mode with BTRFS. See:
   ## https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121043
   #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.live.overlay.overlayfs=1 "

   ## Unnecessary! It's for systems where you have an immutable base filesystem and a persistent overlay,
   ## and you want to make the overlay read-only, putting another overlay on top of it.
   #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.live.overlay.readonly=1 "
else
   echo "\
grub-live $0: ERROR: dracut is not installed. Support for other initrd generators is not implemented. This means that no live mode boot menu entry will be added.
" >&2
   exit 0
fi

## https://forums.kicksecure.com/t/support-for-hibernation/1349/6
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nohibernate "

## LIVE Mode | USER Session (non-advanced)
if test -x /etc/grub.d/10_00_linux_dist ; then
   /etc/grub.d/10_00_linux_dist
elif test -x /etc/grub.d/10_linux ; then
   /etc/grub.d/10_linux
else
   echo "\
grub-live $0: ERROR: Neither file '/etc/grub.d/10_00_linux_dist' (package: 'dist-base-files') nor file '/etc/grub.d/10_linux' (package: 'grub-common') exists. This means that no live mode boot menu entry will be added.
" >&2
   exit 0
fi

## LIVE Mode | SYSMAINT Session (non-advanced)
persistence_type="LIVE"
session_detail="maintenance testing"
if test -x /etc/grub.d/10_10_linux_sysmaint ; then
   /etc/grub.d/10_10_linux_sysmaint
fi

true "grub-live $0: OK: END"
