#!/bin/zsh
base64 -d > postinstall<<EOF
bW91bnQgLXQgcHJvYyAvcHJvYyAvcHJvYwptb3VudCAtdCBkZXZ0bXBmcyAvZGV2IC9kZXYKbW91
bnQgLXQgc3lzZnMgL3N5cyAvc3lzCm1vdW50IC9kZXYvZGlzay9ieS1sYWJlbC9FRkkgL2Jvb3Qv
RUZJCndoaWxlIHRydWU7ZG8KaWYgcGFjbWFuIC0tbm9jb25maXJtIC0tbmVlZGVkIC1TeXUgbGli
cGFtLWdvb2dsZS1hdXRoZW50aWNhdG9yIHFyZW5jb2RlO3RoZW4KYnJlYWsKZWxzZQpjb250aW51
ZQpmaQpkb25lCmNhdCA+PiAvdW5hdHRlbmQ8PEVPRgpleHBvcnQgYWNjZXNzaWJpbGl0eT0xCmV4
cG9ydCBob3N0PW90cHRlc3QKZXhwb3J0IG5hbWU9Ik9UUCBVc2VyIgpleHBvcnQgdXNlcj1vdHAK
ZXhwb3J0IHBhc3M9b3RwCkVPRgpybSAvdmFyL2xpYi9hbHNhL2Fzb3VuZC5zdGF0ZQplY2hvfHNv
dXJjZSB+Ly56c2hyYy5sb2NhbApzeXN0ZW1jdGwgZGlzYWJsZSBhdmFoaS1kYWVtb24gc3dhcCB3
aWZpaW5pdCBudHBkCm1rZGlyIC1wIC9ldGMvc3lzdGVtZC9zeXN0ZW0vZ2V0dHlAdHR5MS5zZXJ2
aWNlLmQKZWNobyBcW1NlcnZpY2VcXSA+IC9ldGMvc3lzdGVtZC9zeXN0ZW0vZ2V0dHlAdHR5MS5z
ZXJ2aWNlLmQvZmlyc3Rib290LmNvbmYKZWNobyBFeGVjU3RhcnQ9LS9zYmluL2FnZXR0eSAtYSBy
b290IC0tbm9jbGVhciAtLW5vaG9zdG5hbWUgLS1ub25ld2xpbmUgJUkgXFxcJFRFUk0gPj4gL2V0
Yy9zeXN0ZW1kL3N5c3RlbS9nZXR0eUB0dHkxLnNlcnZpY2UuZC9maXJzdGJvb3QuY29uZgpjcCAv
bGliL3N5c3RlbWQvc3lzdGVtL2dldHR5QC5zZXJ2aWNlIC9saWIvc3lzdGVtZC9zeXN0ZW0vZ2V0
dHlALnNlcnZpY2Uuc3lzCnNlZCAtaSAvRXhlY1N0YXJ0L2QgL2xpYi9zeXN0ZW1kL3N5c3RlbS9n
ZXR0eUAuc2VydmljZQpjYXQgPiB+Ly56c2hyYy5sb2NhbDw8RU9GCmV4cG9ydCB1c2VyPW90cApn
b29nbGUtYXV0aGVudGljYXRvciAtZSAwIC10IC1kIC1mIC1zIC92YXIvYXV0aC9cJHVzZXIuZ29v
Z2xlLWF1dGhlbnRpY2F0b3IgLVcgLXIgMSAtUiA2MCAtUSBVVEY4IC1DIC1xCmVjaG8gb3RwYXV0
aDovL3RvdHAvXCR1c2VyQFxgaG9zdG5hbWVcYFw/c2VjcmV0PVxgY2F0IC92YXIvYXV0aC9cJHVz
ZXIuZ29vZ2xlLWF1dGhlbnRpY2F0b3J8aGVhZCAtbiAxXGBcJmlzc3Vlcj1cYGhvc3RuYW1lXGB8
cXJlbmNvZGUgLXQgVVRGOCAtbyAtCmNob3duIFwkdXNlcjpcJHVzZXIgL3Zhci9hdXRoL1wkdXNl
ci5nb29nbGUtYXV0aGVudGljYXRvcgpjaG1vZCA2MDAgL3Zhci9hdXRoL1wkdXNlci5nb29nbGUt
YXV0aGVudGljYXRvcgplY2hvIE9UUCBTZXR1cAplY2hvIG90cGF1dGg6Ly90b3RwL1wkdXNlckBc
YGhvc3RuYW1lXGBcP3NlY3JldD1cYGNhdCAvdmFyL2F1dGgvXCR1c2VyLmdvb2dsZS1hdXRoZW50
aWNhdG9yfGhlYWQgLW4gMVxgXCZpc3N1ZXI9XGBob3N0bmFtZVxgfHFyZW5jb2RlIC10IFVURjgg
LW8gLQplY2hvIFdoZW4gc2V0dGluZyB1cCB5b3VyIE9UUCBnZW5lcmF0b3IsIHlvdXIgc2VjcmV0
IGlzOgpjYXQgL3Zhci9hdXRoL1wkdXNlci5nb29nbGUtYXV0aGVudGljYXRvcnxoZWFkIC1uIDEK
ZWNobyBwcmVzcyBlbnRlciB0byBsb2dpbiB1c2luZyB0d28gZmFjdG9yIGF1dGhlbnRpY2F0aW9u
LiBUaGUgdXNlciBhbmQgcGFzc3dvcmQgZm9yIHRoaXMgc3lzdGVtIGFyZSBvdHAKcmVhZCB2YXIK
cm0gfi8uenNocmMubG9jYWwKcm0gLXJmIC9ldGMvc3lzdGVtZC9zeXN0ZW0vZ2V0dHlAdHR5MS5z
ZXJ2aWNlLmQKbXYgL2xpYi9zeXN0ZW1kL3N5c3RlbS9nZXR0eUAuc2VydmljZS5zeXMgL2xpYi9z
eXN0ZW1kL3N5c3RlbS9nZXR0eUAuc2VydmljZQpzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZApjbGVh
cgpsb2dvdXQKRU9GCnNlZCAtaSAic3wjYXV0aCByZXF1aXJlZCBwYW1fZ29vZ2xlX2F1dGhlbnRp
Y2F0b3Iuc28gc2VjcmV0PVwvdmFyXC9hdXRoXC9cJHtVU0VSfS5nb29nbGUtYXV0aGVudGljYXRv
cnxhdXRoIHJlcXVpcmVkIHBhbV9nb29nbGVfYXV0aGVudGljYXRvci5zbyBzZWNyZXQ9XC92YXJc
L2F1dGhcL1wke1VTRVJ9Lmdvb2dsZS1hdXRoZW50aWNhdG9yfGciIC9ldGMvcGFtLmQvc3lzdGVt
LWF1dGgKc2VkIC1pIC9wbGF5L2QgL2Jvb3QvZ3J1Yi9ncnViLmNmZwpzZWQgLWkgL3BsYXkvZCAv
dXNyL2Jpbi9ib290Y3J5cHQKYm9vdGNyeXB0CmVjaG8gbGludXggL2Jvb3Qvdm1saW51ei1saW51
eCByb290PS9kZXYvZGlzay9ieS1sYWJlbC9yb290IHJ3IHF1aWV0IGxvZ2xldmVsPTAgc3lzdGVt
ZC5zaG93X3N0YXR1cz0wID4gL2Jvb3QvZ3J1Yi9ncnViLmNmZwplY2hvIGluaXRyZCAvYm9vdC9p
bml0cmFtZnMtbGludXguaW1nID4+IC9ib290L2dydWIvZ3J1Yi5jZmcKZWNobyBib290ID4+IC9i
b290L2dydWIvZ3J1Yi5jZmcK
EOF
export name=$1
if [ -z $name ];then
export name=sec_otp
fi
export cores=$2
if [ -z $cores ];then
export cores=1
fi
export ram=$3
if [ -z $ram ];then
export ram=1024
fi
export size=$4
if [ -z $size ];then
export size=16G
fi
export iso=$5
if [ -z $iso ];then
export iso=$PWD/jenux.iso
fi
export unattend=$6
if [ -z $unattend ];then
export unattend="/unattends/android/stable-vda-erase"
fi
export postscript=postinstall
if [ -e $iso ];then
echo using iso file: $iso
else
echo no or nonexistant jenux iso supplied for $name installation, downloading and verifying
export date=`lynx -listonly -nonumbers --dump https://nashcentral.duckdns.org/projects.html|grep Jenux|grep -w iso|head -n 1|sed "s|https:\/\/nashcentral.duckdns.org\/projects\/||g;s|Jenux-||g;s|-dual.iso||g"`
export filename=Jenux-$date"-dual.iso"
export url=https://nashcentral.duckdns.org/projects/$filename
while true;do
if curl -C - -LO $url;curl -C - -LO $url".sha512";sha512sum -c $filename".sha512";then
mv $filename $iso
mv $filename".sha512" $iso".sha512"
break
else
continue
fi
done
fi
if which vm;then
sleep .01
else
echo downloading vm script
if [ -e ~/bin ];then
sleep .01
else
mkdir ~/bin
fi
curl -Lo ~/bin/vm https://nashcentral.duckdns.org/projects/vm
if grep -qw export\ keyid ~/bin/vm;then
sed -i "s|export keyid=DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF|export nowin=1|g" ~/bin/vm
fi
chmod 700 ~/bin/vm
export PATH=~/bin:$PATH
fi
if noweb=1 nowin=1 nostartupsnap=1 noshutdownsnap=1 vm init $name $cores $ram $size $PWD/$iso localhost 1024 $name;then
sleep .01
else
exit
fi
vm shutdown $name
export loopdev=`udisksctl loop-setup -f $iso|cut -f 5 -d \  |cut -f 1 -d .`
export mnt=`udisksctl mount -b $loopdev"p3"|cut -f 4 -d \  `
if [ -e $mnt/vm-disks$unattend".vmdk"  ];then
qemu-img convert -f vmdk -O raw $mnt/vm-disks$unattend".vmdk" $name/unattend.img
else
qemu-img create -f raw $name/unattend.img 4M
sgdisk -o -n 1:0:-0s:8300 -U 4A656E6E694F53526F636B7321444A4E $name/unattend.img 
fi
if [ -e $unattend ];then
cp $unattend $name/autoinstall
else
cp $mnt/$unattend $name/autoinstall
fi
sed -i "s|export completeaction=\"reboot\"|export completeaction=\"poweroff\"|g" $name/autoinstall
umount $mnt
udisksctl loop-delete -b $loopdev
export start=`sfdisk -l --bytes $name/unattend.img -o start,end|tail -n 1|awk '{print $1}'`
export startsect=$(($start*512))
export end=`sfdisk -l --bytes $name/unattend.img -o start,end|tail -n 1|awk '{print $2}'`
export endsect=$(($end*512))
mkfs.ext4 -b 1K -E offset=$startsect,root_owner=`id -u`:`id -g` -L autoinstall $name/unattend.img $((($endsect-$startsect)/1024))
export loopdev=`udisksctl loop-setup -f $name/unattend.img|cut -f 5 -d \  |cut -f 1 -d .`
export mnt=`udisksctl mount -b $loopdev"p1"|cut -f 4 -d \  `
cat > $mnt/rootpasswd<<EOF
lowram=1
nochecksum=1
kernelopts=console=ttyS0,115200
unattenddev=/dev/disk/by-label/autoinstall
unattend=/autoinstall
EOF
if [ -z $postscript ];then
sleep .01
else
if [ -e $postscript ];then
cp $postscript $mnt/postinstall
chmod 755 $mnt/postinstall
cat >> $mnt/rootpasswd<<EOF
postscriptdev=/dev/disk/by-label/autoinstall
postscript=/postinstall
EOF
fi
fi
mv $name/autoinstall $mnt
umount $mnt
udisksctl loop-delete -b $loopdev
sed -i "/tpm-tis/d;/qxl/d;/usb-redir/d;/usbredir/d;/virtserialport/d;/virtio-serial/d;/usb-ccid/d;/ccid-card/d;/virtio-balloon/d;/virtio-rng/d;/acpitable/d;/chardev spice/d;/monitor/d;/smbios/d;/-pidfile/d;/-daemonize/d;/-object/d;/-spice/d;s|-audiodev driver=spice,id=audio \\\|-audiodev driver=pa,id=audio \\\|g;s|-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \\\|-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \\\\\n--nographic|g;s|hda-duplex,audiodev=audio|virtio-blk,drive=unattend|g;s|-global driver=cfi.pflash01,property=secure,value=on|-drive file=unattend.img,format=raw,id=unattend,if=none|g" $name/$name.vars
vm start $name
cd $name
mv $name".qcow2" $name".orig.qcow2"
qemu-img create -b $name".orig.qcow2" -F qcow2 -f qcow2 $name".qcow2"
cd ..
sed -i "s|virtio-blk,drive=unattend|hda-duplex,audiodev=audio|g;/unattend/d;/iso=/d;/ide-cd/d;/installer/d;s|ide-hd|virtio-blk|g;s|-nographic|-display gtk,gl=on\&|g" $name/$name.vars
cp /usr/share/ovmf/x64/OVMF_VARS.fd $name/$name.nvram