hook

#!/bin/sh

set -e

PREREQ="cryptroot"

prereqs()
{
    echo "$PREREQ"
}

case $1 in
    prereqs)
    prereqs
    exit 0
    ;;
esac

. /usr/share/initramfs-tools/hook-functions
. /etc/ykluks.cfg

copy_exec /usr/bin/ykchalresp
copy_exec /usr/bin/ykinfo
copy_exec /usr/bin/sha256sum
copy_exec /usr/bin/fido2-token
copy_exec /usr/bin/fido2-assert

cp /usr/share/yubikey-luks/ykluks-keyscript "${DESTDIR}/sbin/ykluks-keyscript"
cp /usr/share/yubikey-luks/fido2-utils.sh "${DESTDIR}/usr/share/yubikey-luks/fido2-utils.sh"
cp /etc/ykluks.cfg "${DESTDIR}/etc/ykluks.cfg"

if [ "$SUSPEND" = "1" ]; then
    echo "YKLUKS: adding yubikey authentication to suspend."
    cp -pnL /usr/lib/yubikey-luks/initramfs-suspend "${DESTDIR}/suspend"
    chmod 755 "${DESTDIR}/suspend"
    systemctl enable yubikey-luks-suspend.service
else
    echo "YKLUKS: removing yubikey authentication to suspend."
    systemctl disable yubikey-luks-suspend.service
fi

exit 0