#!/bin/bash

build() {
    local mod

    add_module 'dm-crypt'
    add_module 'dm-integrity'
    if [[ $CRYPTO_MODULES ]]; then
        for mod in $CRYPTO_MODULES; do
            add_module "$mod"
        done
    else
        add_all_modules '/crypto/'
    fi
    add_checked_modules '/drivers/char/tpm/'

    map add_udev_rule \
        '10-dm.rules' \
        '13-dm-disk.rules' \
        '60-fido-id.rules' \
        '95-dm-notify.rules' \
        '/usr/lib/initcpio/udev/11-dm-initramfs.rules'

    map add_systemd_unit 'cryptsetup.target' \
        'systemd-ask-password-console.path' \
        'systemd-ask-password-console.service'
    map add_binary \
        '/usr/lib/systemd/system-generators/systemd-cryptsetup-generator' \
        '/usr/lib/systemd/systemd-cryptsetup' \
        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so' \
        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so' \
        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so'

    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
    add_binary '/usr/lib/libgcc_s.so.1'

    # cryptsetup loads the legacy provider which is required for whirlpool
    add_binary '/usr/lib/ossl-modules/legacy.so'

    # add libraries dlopen()ed by systemd-cryptsetup
    for FILE in $(find /usr/lib/ -maxdepth 1 -name "libfido2.so*"); do
        if [[ -L "${FILE}" ]]; then
            add_symlink "${FILE}"
        else
            add_binary "${FILE}"
        fi
    done

    # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
    add_binary 'mkswap'

    [[ -f /etc/crypttab.initramfs ]] && add_file '/etc/crypttab.initramfs' '/etc/crypttab'
}

help() {
    cat <<HELPEOF
This hook allows for an encrypted root device with systemd initramfs.

See the manpage of systemd-cryptsetup-generator(8) for available kernel
command line options. Alternatively, if the file /etc/crypttab.initramfs
exists, it will be added to the initramfs as /etc/crypttab. See the
crypttab(5) manpage for more information on crypttab syntax.
HELPEOF
}

# vim: set ft=sh ts=4 sw=4 et: