#!/bin/sh

if [[ -z $key ]]; then
	/bin/echo "Usage: sudo key=<update_key> -E update.sh"
	exit 1
fi

password=`/bin/cat /etc/update_key | /usr/bin/sha512sum | /usr/bin/cut -d' ' -f 1`
auth=`/bin/echo -n $key | /usr/bin/sha512sum | /usr/bin/cut -d' ' -f 1`                                                             

if [[ "$auth" != "$password" ]]; then
        /bin/echo "Wrong password"
        exit 1
fi

pubkey="/pub.pem"
file="/tmp/update.tar.cc"
sig="/tmp/sig"
/bin/echo "### ccOS Update Script ###"
/bin/echo "[+] Starting"
/bin/echo "[+] Extracting Signature"
skip=$(expr $(stat -c '%s' $file) - 256)
if [[ -L $file ]]
then
	exit 0
fi 
/bin/dd if=/tmp/update.tar.cc of=$sig bs=1 count=256 skip=$skip
/usr/bin/truncate -s $skip $file
/bin/echo "[+] Checking Signature"
check=`/usr/bin/openssl dgst -sha256 -verify $pubkey -signature $sig $file`
if [ "$check" == "Verified OK" ]
then
        /bin/echo "[+] Signature is valid!"
        /bin/echo "[+] Upgrading..."
        /bin/tar -xvf $file -C /
        /bin/rm $sig
        /bin/echo "[+] Done"
else
        /bin/echo "[-] Signature error, exiting..."
        /bin/rm $sig
fi