#!/bin/sh

# -- defaults
# install_dev=/dev/sdb
arch=`uname -m`
suse_version=12.3
o_name=suse-$suse_version
cmd=install

initrd_modules="
	via-rhine
	r8169
	e1000
	e1000e
	myri10ge
	forcedeth
	8139too
	sata_nv
        nfs
        nfs_acl
        auth_rpcgss
        nfsv3
        nfsv4
        fscache
        lockd
        sunrpc

	sis
	edd
	sisfb
	evdev
	shpchp
	sis_agp
	hwmon
	aufs
	ahci
	libahci
	usbhid
	hid
	uhci_hcd
	ohci_hcd
	ehci_hcd
	usbcore
	hid-generic
"

kernel_flavour=-default

case $suse_version in
11.4)
	payload_pkgs="
		java-1_6_0-sun.i586
		java-1_6_0-sun-plugin.i586

		grep
		mkinitrd
		insserv
		cpio
		sysconfig
		device-mapper
		sysvinit
		lsof
		dhcpcd
		kbd

		unscd
		portmap
		xorg-x11-Xnest
		xorg-x11-fonts-scalable
		xntp
		xorg-x11-Xvfb
		xorg-x11-fonts-100dpi
		xorg-x11-fonts-75dpi
		xorg-x11-libxcb
		xorg-x11-sdk
		xorg-x11-server-glx
		xorg-x11-fonts-cyrillic
		xorg-x11-fonts-syriac
		xorg-x11-man

		jux-run
		jux-client-run
		feedfsd-run
		feedfs-local-run
		feedfs-net-run
		netscan-run
		snmp-manager-run
		ftp-server-run
		bprof-run
	"

	#kernel_version=3.7.8~jng11
	#rpm_kernel_version=3.7.8~jng11-1
	kernel_version=3.2.0
	rpm_kernel_version=3.2.0-1
	kernel_flavour=
	;;
12.2)
	payload_pkgs="
		unscd
	"
	kernel_version=3.7.8-jng11-default
	rpm_kernel_version=3.7.8~jng11-1
	;;
12.3)
	base_pkgs="
		module-init-tools
	"

	payload_pkgs="
		nscd
		usbutils
	"

	kernel_version=3.7.10-jng12-default
	rpm_kernel_version=3.7.10~jng12-1
	;;
esac

umask 0022

unused_pkgs="
	sysvinit-systemd
	kernel
	kernel-syms-$rpm_kernel_version
	kernel-source-$rpm_kernel_version
	aufs-kmp
"

base_pkgs="
	$base_pkgs
	coreutils
	sysvinit
"

update_pkgs="
	$update_pkgs
	zypper
"
# -- pciutils
# used by jux, should be done by grepping /proc-files
special_pkgs="
	$special_pkgs
	aufs
	aufs-kmp-default
	kernel$kernel_flavour-$rpm_kernel_version
	rpm
"


# -- sysvinit
# systemd-sysvinit boots, but doesn't work cleanly as of now

payload_pkgs="

	$payload_pkgs
	kernel
	memtest86+
	grub
	syslinux
	splashy
	mailx
	ppp

	sensors

	db-utils

	pam_ldap
	pam_apparmor
	gnome-keyring-pam

	proftpd
	proftpd-ldap
	bind
	dhcp-server
	rsyslog
	openldap2
	courier-authlib-ldap
	xinetd
	apache2
	apache2-mod_php5
	nfs-kernel-server
	tftp

	nss_ldap

	fuse
	mdadm
	smartmontools
	insserv
	suspend

	nfs-client
	openldap2-client
	samba-client
	sudo
	glibc-locale
	openvpn

	xorg-x11
	xorg-x11-driver-video
	xorg-x11-libs
	xorg-x11-server
	xorg-x11-Xvnc
	unclutter

	xterm

	man
	findutils-locate
	vim

	iputils strace

	wget lukemftp
	openssh
	parted

	tar zip unzip
	rsync

	gcc-c++ libtool autoconf automake make
	cvs
	patch

	pciutils

	ytools-run
"

#	fetchmsttfonts
# -- functions
usage()
{
	echo "

	usage: $myname -h
	       $myname [options] [install|mount|unmount|mkinitrd|fs]

	options:
		-d target-device
		-n target-name
		-p file with root password
		-a architecture
		-c copy-source-dir
		-u user (for source-code-management login)
"
	[ "$1" ] && exit $1
}

get_opts()
{
	set -- `getopt 'hd:n:a:p:c:u:' $*`
	while [ "$1" != -- ] ; do
		case "$1" in
			-h)
				usage 0
				;;
			-d)
				install_dev=$2
				shift
				;;
			-n)
				o_name=$2
				shift
				;;
			-a)
				arch=$2
				shift
				;;
			-p)
				root_password_file=$2
				shift
				;;
			-c)
				copy_source_dir=$2
				shift
				;;
			-u)
				scm_user=$2
				shift
				;;
			*)
				usage 1
				;;
		esac
		shift
	done
	shift

	[ "$1" ] && cmd="$1"
}

log()
{
	echo $@ >&2
}

run()
{
	local exit_on_error=0

	while [[ "$1" =~ ^- ]]; do
		case $1 in
		-e)
			exit_on_error=1
		esac
		shift
	done
	log =========== running $@
	$@
	local r=$?
	if [ "$exit_on_error" = 1 -a $r != 0 ]; then
		die "exiting after error during command \"$@\""
	fi
	return $r
}

die()
{
	log "$@"
	exit 1
}

_cat()
{
	cat | sed 's/^[ 	]*|//'
}

check_var_set()
{
	local var val
	local r=0
	for var in $@; do
		eval val=\$$var
		[ "$val" ] || {
			log "$var is not set"
			r=1
		}
	done
	return $r
}

_run_chroot()
{
	local cmd
	set +x
	while read cmd; do
		cmd=`echo $cmd | sed 's/[	 ]*#.*//'`
		[ "$cmd" ] || continue
		echo == running LANG=POSIX chroot $root $cmd
		LANG=POSIX chroot $root $cmd || {
			die "failed to run >$cmd<"
		}
	done
	set -x
}

run_chroot()
{
	echo == running LANG=POSIX chroot $root "$@"
	LANG=POSIX chroot $root "$@" || {
		die "failed to run >$@<, exiting"
	}
}

run_parted()
{
	while read cmd; do
		run parted --script $install_dev $cmd
	done
}

create_partition_table()
{
	assert_not_mounted

	_cat << EOT | run_parted
	|mklabel gpt
	|mkpart primary 1M 2M
	|name 1 grub
	|set 1 bios_grub
	|mkpart primary 2M 10G
	|name 2 boot
	|mkpart primary 10G 40G
	|name 3 swap
	|mkpart primary 40G 100%
	|name 4 root
EOT

	grub_boot_partition_num=0
	grub_slash_boot_partition_num=1
}

create_file_systems()
{
	run mkfs -t ext4 $install_dev_boot
	run mkswap $install_dev_swap
	run mkfs -t ext4 $install_dev_root
}

canonicalize()
{
	readlink -f $1 2>/dev/null
}

check_mount()
{
	local canonicalized=`canonicalize $root/$1`
	[ ! "$canonicalized" ] && return 1
	grep -q " $canonicalized " /proc/mounts || return 1
	return 0
}

assert_not_mounted()
{
	if grep $install_dev /proc/mounts; then
		echo "$install_dev is mounted, exiting"
		exit 1
	fi
}

setup_bind_mounts()
{
	local fs
	for fs in /dev /sys /proc; do
		check_mount $fs || {
			run -e mkdir -p -m 755 $root$fs
			run -e mount -o bind $fs $root$fs
		}
	done
}

mount_devices()
{
	check_mount / || {
		run -e install -d -m 755 $root
		run -e mount $install_dev_root $root
	}

	check_mount /boot || {
		run -e mkdir -p -m 755 $root/boot
		run -e mount $install_dev_boot $root/boot
	}
}

unmount_devices()
{
	local devices="/proc /sys /dev /boot /"
	[ "$1" ] && devices="$@"
	local d
	for d in $devices; do
		check_mount $d && run umount $root$d
	done
}

zypper_repos_base()
{
	_cat << EOT | grep -v "	#"
	|distro-oss     ftp://ftp/pub/mirror/suse/distribution/$suse_version/repo/oss
EOT
}

zypper_repos_update()
{
	_cat << EOT | grep -v "^ *#"
	|distro-non-oss ftp://ftp/pub/mirror/suse/distribution/$suse_version/repo/non-oss
	|update         ftp://ftp/pub/mirror/suse/update/$suse_version
EOT
}

zypper_repos_payload()
{
	_cat << EOT | grep -v "^ *#"
	|#ftp.jannet.de  ftp://dspdev:123qweasd@ftp.jannet.de/pub/packages/linux/suse/$suse_version/inst-source
        |ftp.jannet.de  ftp://dspdev:123qweasd@ftp/pub/mirror/jannet/ftp/pub/packages/linux/suse/$suse_version/inst-source
	|ftp.priv.lcl   ftp://dspdev:123qweasd@ftp/pub/local/packages/suse/$suse_version
EOT
}

zypper_repos_special()
{
	_cat << EOT | grep -v "^ *#"
	|jengelh        ftp://ftp/pub/mirror/gwdg/pub/linux/misc/suser-jengelh/openSUSE_$suse_version
EOT
}

zypper_repos()  
{
	local repo
	for repo in $@; do
		zypper_repos_$repo
	done
}

setup_zypper_repos()
{
	zypper_repos $@ | while read name uri; do
		chroot $root zypper $zypper_global_opts ar $uri $name
	done
}

host_zypper()
{
	local repos="$1"
	shift
	local distros=`zypper_repos $repos | awk '{print "--plus-repo " $2 }'`
	zypper $zypper_global_opts --root $root $distros $@
}

init_root_password_file()
{
	[ "$root_password_file" ] ||
		root_password_file=$HOME/.$myname/root-pass

	[ ! -f $root_password_file ] && {
		local dir=`dirname $root_password_file`
		mkdir -m 0755 $dir
		dd  if=/dev/random of=/dev/stdout bs=1 count=4 2>/dev/null | 
			hexdump | sed '/^0000000/ !d; s/0000000 //; s/ //g' > $root_password_file
		chmod 600 $root_password_file
	}
}

make_etc_fstab()
{
	_cat<<EOT
	|proc                 /proc                proc       defaults              0 0
	|sysfs                /sys                 sysfs      noauto                0 0
	|debugfs              /sys/kernel/debug    debugfs    noauto                0 0
	|usbfs                /proc/bus/usb        usbfs      noauto                0 0
	|devpts               /dev/pts             devpts     mode=0620,gid=5       0 0
	|/usr/share/syslinux  /srv/nfs/boot/pxe/bin auto      bind                  0 0
EOT
	#|/dev/sda2            /boot                auto       defaults              0 0
}

make_etc_sysctl_conf()
{
	_cat<<EOT
	|# Disable response to broadcasts.
	|# You don't want yourself becoming a Smurf amplifier.
	|net.ipv4.icmp_echo_ignore_broadcasts = 1
	|# enable route verification on all interfaces
	|net.ipv4.conf.all.rp_filter = 1
	|# disable IPv6 completely
	|# net.ipv6.conf.all.disable_ipv6 = 1
	|# enable IPv6 forwarding
	|#net.ipv6.conf.all.forwarding = 1
	|# increase the number of possible inotify(7) watches
	|fs.inotify.max_user_watches = 65536
	|# avoid deleting secondary IPs on deleting the primary IP
	|net.ipv4.conf.default.promote_secondaries = 1
	|net.ipv4.conf.all.promote_secondaries = 1
	|
	|# by jan
	|kernel.core_pattern = /var/cores/core.%h.%e.%p
	|net.ipv4.ip_forward = 1
	|net.ipv4.tcp_tw_recycle = 1
	|net.ipv4.tcp_tw_reuse = 1
	|dev.rtc.max-user-freq = 4096
EOT
}

make_etc_fstab_local_boot()
{
	_cat<<EOT
	|$run_dev_swap        swap                 swap       defaults              0 0
	|$run_dev_root        /                    ext4       acl,user_xattr        1 1
	|$run_dev_boot        /boot                ext4       acl,user_xattr        1 2
EOT
}

make_etc_hosts()
{
	_cat<<EOT
	|127.0.0.1       localhost
	|
	|# special IPv6 addresses
	|::1             localhost ipv6-localhost ipv6-loopback
	|
	|fe00::0         ipv6-localnet
	|
	|ff00::0         ipv6-mcastprefix
	|ff02::1         ipv6-allnodes
	|ff02::2         ipv6-allrouters
	|ff02::3         ipv6-allhosts
	|127.0.0.1       ldap.lcl
	|127.0.0.1       ftp.priv.lcl
EOT
}

make_etc_resolv_conf()
{
	cat /etc/resolv.conf
}

make_etc_ldap_conf()
{
	cat /etc/ldap.conf.netboot | sed '
		s/__DHCPSIADDR__/127.0.0.1/
	'
}

make_etc_openldap_ldap_conf()
{
	_cat << EOT
	TLS_CACERT /etc/certs/root-ca-1.pem
	TLS_REQCERT allow
EOT
}

make_netboot_etc_hosts()
{
	[ -f /etc/hosts.netboot ] && cat /etc/hosts.netboot
	_cat<<EOT
EOT
}

make_netboot_etc_ldap_conf()
{
	cat /etc/ldap.conf | sed '
		s/^host .*/host __DHCPSIADDR__/
		s%^uri .*%uri ldap://__DHCPSIADDR__%
	'
}

make_netboot_etc_openldap_ldap_conf()
{
	cat /etc/openldap/ldap.conf | sed '
		s/^HOST .*/HOST __DHCPSIADDR__/
		s%^URI .*%URI ldap://__DHCPSIADDR__%
	'
}

make_netboot_etc_fstab()
{
	make_etc_fstab
	_cat<<EOT
	|
	|# netboot client
	|bootsrv:/var/cores   /var/cores           nfs        rw,rsize=8192,wsize=8192,async   0 0
EOT
}

make_sysconfig_bootloader()
{
	_cat << EOT
	|# automatically created by $myname on $date"
	|
	|LOADER_TYPE="grub"
	|DEFAULT_APPEND="resume=$run_dev_swap splash=silent quiet showopts"
	|DEFAULT_VGA=""
	|FAILSAFE_APPEND="showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe"
	|FAILSAFE_VGA=""
	|XEN_KERNEL_APPEND="resume=$run_dev_swap splash=silent quiet showopts"
	|XEN_APPEND=""
	|XEN_VGA=""
	|CYCLE_DETECTION="no"
	|CYCLE_NEXT_ENTRY="1"
	|LOADER_LOCATION=""
EOT
}

make_boot_menu()
{
	check_var_set kernel_version || \
		die "failed to detect kernel version for creating boot menu"

	local disk=hd$run_grub_dev_num

	_cat << EOT
	|default 0
	|timeout 8
	|##YaST - generic_mbr
	|gfxmenu ($disk,$grub_slash_boot_partition_num)/message
	|
	|title Default
	|    root ($disk,$grub_slash_boot_partition_num)
	|    kernel /vmlinuz root=$run_dev_root resume=$run_dev_swap splash=silent quiet showopts
	|    initrd /initrd-local
	|
	|title Failsafe
	|    root ($disk,$grub_slash_boot_partition_num)
	|    kernel /vmlinuz root=$run_dev_root showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe
	|    initrd /initrd-local
	|
	|title Default $kernel_version
	|    root ($disk,$grub_slash_boot_partition_num)
	|    kernel /vmlinuz-$kernel_version root=$run_dev_root resume=$run_dev_swap splash=silent quiet showopts
	|    initrd /initrd-local-$kernel_version
	|
	|title Failsafe $kernel_version
	|    root ($disk,$grub_slash_boot_partition_num)
	|    kernel /vmlinuz-$kernel_version root=$run_dev_root showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe
	|    initrd /initrd-local-$kernel_version
EOT

}

make_etc_issue()
{
	_cat << EOT
	|Welcome to the Jux Playout System - Kernel \r (\l).
EOT
}

make_etc_issue_net()
{
	_cat << EOT
	|Welcome to the Jux Playout System - Kernel %r (%t).
EOT
}

make_etc_jcs_jcs_conf()
{
	_cat << EOT
	|jcs_dir=\$HOME/local/src/cvs.stable/conf/jannet.de/minimalix/suse-$suse_version
	|jcs_owner=root
	|jcs_group=root
	|jcs_log_dir=\$jcs_dir/log
	|jcs_file_extension=inf
	|use_checksum=false
	|update_checksum_command="/home/tripwire/bin/fs_checksum.sh update"
	|jcs_http_path=http://www.jannet.de
EOT
}

make_home_ssh_conf()
{
	_cat << EOT
	|StrictHostKeyChecking=no
EOT
}

setup_boot_loader_local()
{
	check_var_set grub_boot_partition_num grub_slash_boot_partition_num || \
		die "not setting up boot loader, exiting"

	local drivename=hd$install_grub_dev_num
	local boot="($drivename,$grub_boot_partition_num)"
	local slash_boot="($drivename,$grub_slash_boot_partition_num)"
	local map=/tmp/$myname-grub-device.map

	echo "($drivename) $install_dev" > $map
	#dd if=$root/boot/grub/stage1 of=$install_dev count=512 count=1
	_cat << EOT | sed 's/#.*//' | run grub --batch --device-map=$map
	|root $slash_boot
	|setup ($drivename)
	|#setup --stage2=/boot/grub/stage2 --force-lba $boot $slash_boot
	|quit
EOT

	make_sysconfig_bootloader > $root/etc/sysconfig/bootloader
	make_boot_menu > $root/boot/grub/menu.lst

	run_chroot /sbin/mkinitrd \
		-B \
		-k /boot/vmlinuz-$kernel_version \
		-i /boot/initrd-local-$kernel_version \
		-M /boot/System.map-$kernel_version \
		-m "$initrd_modules" \
		-d $install_dev_root

	(cd $root/boot; ln -sf initrd-local-$kernel_version initrd-local)
}

setup_boot_loader_net()
{
	run_chroot /sbin/mkinitrd \
		-B \
		-k /boot/vmlinuz-$kernel_version \
		-i /boot/initrd-netboot-$kernel_version \
		-M /boot/System.map-$kernel_version \
		-m "$initrd_modules" \
		-d jan://blub/dings

		# -s "853x480" is illegal in newer mkinitrd (as of SuSE 11.4)

	(cd $root/boot; ln -sf initrd-netboot-$kernel_version initrd-netboot)
	(cd $root/boot; ln -sf memtest.bin memtest)
}

undo_rpmnew()
{
	set +x
	local n o
	# reset config files to rpm versions
	find $root -name '*.rpmnew' | while read n; do
		o=`echo $n | sed 's/\.rpmnew//'`
		log renaming $n to $o
		mv $n $o
	done
	set -x
}

setup_root_directory()
{
	if [ -w "$install_dev" ]; then

		if [ ! "$non_interactive" ]; then

			local answer
			echo -n "Continuing will delete ALL data on $install_dev. Are you sure [y|n]? "
			read answer
			if [ "$answer" != y ]; then
				exit 1
			fi
		fi

		create_partition_table
		create_file_systems
		mount_devices
	else
		
		if [ ! "$non_interactive" ]; then

			if [ -e $root ]; then

				local answer
				echo -n "Continuing will delete ALL data below $root. Are you sure [y|n]? "
				read answer
				if [ "$answer" != y ]; then
					exit 1
				fi
			fi
		fi
		
		if [ ! "$root" ]; then
			echo "cowardly not removing empty root directory"
			exit 1
		fi

		if [[ "$root" =~ home ]]; then
			echo "cowardly not removing directory matching \"home\""
			exit 1
		fi

		set +e
		unmount_devices /proc /sys /dev
		grep -q $root /proc/mounts && {
			echo "====== there are filesystems mounted below $root: >"
			grep $root /proc/mounts
			echo "====== unmount them manually"
			exit 1
		}

		run rm -rf $root
		run install -d -m 755 $root
	fi
}

insserv_all()
{
	local services="
		boot.juxearly
		boot.bprof
		sshd
		ldap
		jux
	"
	services="
		sshd
		ldap
	"

	case $suse_version in
	11.4)	
		run_chroot /sbin/insserv -de $services;;
	*)
		local s
		for s in $services; do
			run_chroot systemctl enable $s.service
		done
	esac
}

set_sysconf_value()
{
	local file="$1"
	local key="$2"
	local value="`echo $3 | sed 's%/%\\\\/%g'`"
	sed "s/^ *$key *=.*/$key=\"$value\"/" $root/$file > $root/$file.tmp
	mv $root/$file.tmp $root/$file
}

cmd_install()
{
	if true; then
	local c

	set -e

 	[ -r "$root_password_file" ] || {
 		die "root password file doesn't exist, do echo -n my-secret > $root_password_file"
 	}

	setup_root_directory
	setup_bind_mounts

	mkdir -p -m 755 $root/etc
	for c in \
		/etc/certs \
		/etc/opt/bprof/bprof.secret \
	; do
		install -d -m 755 `dirname $root$c`
		cp -rp $c $root$c || die "failed to copy $c to $root $c"
	done

	install -d -m 755 $root/etc/dhcpd.conf.d
	mkdir -p -m 755 $root/etc/openldap
	make_netboot_etc_ldap_conf > $root/etc/ldap.conf.netboot
	make_netboot_etc_openldap_ldap_conf > $root/etc/openldap/ldap.conf.netboot
	make_netboot_etc_hosts > $root/etc/hosts.netboot
	make_netboot_etc_fstab > $root/etc/fstab.netboot

	make_etc_openldap_ldap_conf > $root/etc/openldap/ldap.conf
	chmod 644 $root/etc/openldap/ldap.conf

	make_etc_ldap_conf > $root/etc/ldap.conf
	make_etc_hosts > $root/etc/hosts
	make_etc_resolv_conf > $root/etc/resolv.conf
	make_etc_fstab > $root/etc/fstab
	make_etc_sysctl_conf > $root/etc/sysctl.conf
	make_etc_issue > $root/etc/issue
	make_etc_issue_net > $root/etc/issue.net

	host_zypper "base" install --auto-agree-with-licenses $base_pkgs
	host_zypper "base update" install --auto-agree-with-licenses $update_pkgs

	#undo_rpmnew
	run setup_zypper_repos base update payload

	echo "=== refreshing >"
	chroot $root zypper $zypper_global_opts refresh
	echo "=== refreshing <"

	echo "=== installing payload packages >"
	chroot $root zypper $zypper_global_opts install --auto-agree-with-licenses $payload_pkgs
	echo "=== installing payload packages <"

	fi # test
	run setup_zypper_repos special
	run chroot $root zypper $zypper_global_opts install --auto-agree-with-licenses $special_pkgs

	# chroot $root zypper $zypper_global_opts -t srcpackage --download-only $payload_pkgs
	#kernel_version=`readlink -f $root/boot/vmlinuz 2>/dev/null | xargs basename | sed 's/vmlinuz-//'`

	make_etc_jcs_jcs_conf > $root/etc/jcs/jcs.conf

	mkdir -p -m 700 $root/root/.ssh
	make_home_ssh_conf > $root/root/.ssh/config
	chmod 600 $root/root/.ssh/config

	[ "$copy_source_dir" ] && {
		echo "=== copying over dir $copy_source_dir"
		cp -rLp $copy_source_dir/* $root/
		chroot $root /sbin/mkinitrd_setup     # TODO: remove this
		touch $root/opt/ytools/bin/jcs        # TODO: remove this
		chroot $root /opt/ytools/bin/jcs init # TODO: remove this
	}

	echo "=== running jcs setup"
	export CVSROOT=:ext:$scm_user@cvs.jannet.de:/home/jannet/arc/cvs
	if [ "$SSH_AUTH_SOCK" ]; then
		mkdir -m 700 -p `dirname $root/$SSH_AUTH_SOCK`
		ln $SSH_AUTH_SOCK $root/$SSH_AUTH_SOCK
	fi
	chroot $root jcs setup

	# seed the ldap database
	# FIXME: this does not work off a netboot distro
	slapcat | chroot $root /usr/sbin/slapadd -qw

	[ "$install_dev" ] && setup_boot_loader_local
	setup_boot_loader_net
	(cd $root/boot; ln -sf vmlinuz-$kernel_version vmlinuz)

	insserv_all

	echo "=== using root password file $root_password_file"
	echo -n root: | cat - $root_password_file | chroot $root /usr/sbin/chpasswd

	case $suse_version in
	11.4)
		chroot $root /sbin/SuSEconfig
		;;
	*)
		;;
	esac
	chroot $root /opt/jux/bin/jux-init-namespace.sh
	chroot $root /sbin/ldconfig
	install -m 755 -d $root/srv/nfs/boot/pxe/bin
	install -m 755 -d $root/srv/nfs/var
	install -m 777 -d $root/srv/nfs/var/cores
	install -m 777 -d $root/var/cores

	chroot $root /usr/sbin/pam-config -c
	chroot $root /usr/sbin/pam-config -a --ldap

	rm -f $root/$SSH_AUTH_SOCK

	unmount_devices
	[ -w "$install_dev" ] || {
		install -d -m 755 $root/../rw
		/etc/init.d/nfsserver status >/dev/null 2>&1 && {
			/etc/init.d/nfsserver restart
		}
	}
}

# -- here we go

myname=`basename $0`
zypper_global_opts="--non-interactive --gpg-auto-import-keys --no-gpg-checks"
date=`date`

get_opts "$@"

init_root_password_file

case $arch in
i386|i586|i686)
	case `uname -m` in
	i386|i586|i686);;
	x86_64)
		l32=linux32;;
	esac
	;;
x86_64|"")
	;;
*)
	die "invalid architecture $arch specified";;
esac

if [ `whoami` != root -o "$l32" ]; then
	[ ! "$scm_user" ] && scm_user=`whoami`
	exe=$0
	[ ${exe:0:1} = / ] || {
		exe=`/bin/pwd`/$exe
		exe=`readlink -f $exe`
	}

	# preferring "ssh -l root localhost" over "sudo" to keep ssh-agent environment
	#sudo -i $exe $@ -p $root_password_file
	ssh -l root localhost $l32 $exe $@ -p $root_password_file -u $scm_user

	exit $?
fi

[ ! "$scm_user" ] && scm_user=`whoami`

name=$o_name-$arch
root=/srv/nfs/boot/distros/$name/ro

# -- set up variables denoting devices

if [ "$install_dev" ]; then

	install_dev_boot=$install_dev""2
	install_dev_swap=$install_dev""3
	install_dev_root=$install_dev""4

	case $install_dev in
	/dev/sda) install_grub_dev_num=0;;
	/dev/sdb) install_grub_dev_num=1;;
	/dev/sdc) install_grub_dev_num=2;;
	/dev/sdd) install_grub_dev_num=3;;
	/dev/sde) install_grub_dev_num=4;;
	*)
		log "device \"$install_dev\" doesn't map into a known grub device number, edit $myname to add support"
		exit 1;;
	esac

	run_dev=/dev/sda
	run_dev_boot=$run_dev""2
	run_dev_swap=$run_dev""3
	run_dev_root=$run_dev""4

	run_grub_dev_num=0

	## test >
	#grub_boot_partition_num=0
	#grub_slash_boot_partition_num=1
	#mount_devices
	## test <
fi

case $cmd in
install)
	cmd_install
	exit $?
	;;
fs)
	setup_root_directory
	setup_bind_mounts
	;;
mount)
	[ "$install_dev" ] && mount_devices
	setup_bind_mounts
	exit $?
	;;
unmount)
	unmount_devices
	exit $?
	;;
mkinitrd)
	grub_boot_partition_num=0
	grub_slash_boot_partition_num=1
	[ "$install_dev" ] && {
		mount_devices
		setup_boot_loader_local
	}
	setup_boot_loader_net
	exit $?
	;;
*)
	log "unknown command \"$cmd\""
	usage 1
	;;
esac
exit 0