#!/bin/bash

build() {
    local mod

    add_module "dm-crypt"
    add_module "dm-integrity"
    if [[ $CRYPTO_MODULES ]]; then
        for mod in $CRYPTO_MODULES; do
            add_module "$mod"
        done
    else
        add_all_modules "/crypto/"
    fi
    add_checked_modules "/drivers/char/tpm/"

    add_udev_rule "10-dm.rules"
    add_udev_rule "13-dm-disk.rules"
    add_udev_rule "60-fido-id.rules"
    add_udev_rule "95-dm-notify.rules"
    add_udev_rule "/usr/lib/initcpio/udev/11-dm-initramfs.rules"

    add_systemd_unit "cryptsetup.target"
    add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator"
    add_binary "/usr/lib/systemd/systemd-cryptsetup"

    add_systemd_unit "systemd-ask-password-console.path"
    add_systemd_unit "systemd-ask-password-console.service"

    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
    add_binary "/usr/lib/libgcc_s.so.1"

    # add libraries dlopen()ed by systemd-cryptsetup
    for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do
        for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do
            if [[ -L "${FILE}" ]]; then
                add_symlink "${FILE}"
            else
                add_binary "${FILE}"
            fi
        done
    done

    # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
    add_binary "mkswap"

    [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab"
}

help() {
    cat <<HELPEOF
This hook allows for an encrypted root device with systemd initramfs.

See the manpage of systemd-cryptsetup-generator(8) for available kernel
command line options. Alternatively, if the file /etc/crypttab.initramfs
exists, it will be added to the initramfs as /etc/crypttab. See the
crypttab(5) manpage for more information on crypttab syntax.
HELPEOF
}

# vim: set ft=sh ts=4 sw=4 et: