#!/bin/bash

# The install script for the initcpio hook.

build() {
    # Adapted from install/encrypt for the default encrypt hook.
    add_module 'dm-crypt'
    add_module 'dm-integrity'
    if [[ $CRYPTO_MODULES ]]; then
        for mod in $CRYPTO_MODULES; do
            add_module "$mod"
        done
    else
        add_all_modules '/crypto/'
    fi

    add_binary 'cryptsetup'

    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
    add_binary '/usr/lib/libgcc_s.so.1'

    # TODO: also add_file the keyfile? Too risky?
    if [[ -f '/etc/crypttab.remote.toml' ]]; then
        add_file '/etc/crypttab.remote.toml'
    fi
    add_file '/usr/lib/initcpio/hooks/encrypt-remote-hook-main' '/hooks/encrypt-remote-hook-main' 755
    add_runscript
}

help() {
    cat <<'EOF'
This hook composes a decryption key from one or more sources, and uses it to
decrypt an encrypted root device. Configure this hook by modifying the
/etc/crypttab.remote.toml, not with the cryptdevice/cryptkey kernel command line
parameters. See /usr/share/doc/encrypt-remote-hook/README.md for more
information.
EOF
}

# vim: set ft=sh ts=4 sw=4 et: