#!/bin/sh

PREREQ="dropbear"

prereqs() {
        echo "$PREREQ"
}

case "$1" in
        prereqs)
                prereqs
                exit 0
        ;;
esac

. "${CONFDIR}/initramfs.conf"
. /usr/share/initramfs-tools/hook-functions

if [ "${BOOTGUARD}" = "y" ] || ( [ "${BOOTGUARD}" != "n" ] && [ -r "/etc/crypttab" ] ); then

	# cURL
	copy_exec /usr/bin/curl /bin/

	# SSL support
	mkdir -p "${DESTDIR}/etc/ssl/certs/"
	cp /etc/ssl/certs/ca-certificates.crt "${DESTDIR}/etc/ssl/certs/"

	# DNS resolving
	mkdir -p "${DESTDIR}/lib/x86_64-linux-gnu/"
	cp /lib/x86_64-linux-gnu/libnss_files.so.2 "${DESTDIR}/lib/x86_64-linux-gnu/"
	cp /lib/x86_64-linux-gnu/libnss_dns.so.2 "${DESTDIR}/lib/x86_64-linux-gnu/"
	cp /lib/x86_64-linux-gnu/libresolv.so.2 "${DESTDIR}/lib/x86_64-linux-gnu/"
	/bin/echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" > "${DESTDIR}/etc/resolv.conf"

	# Current hostname
	/bin/echo "BOOTGUARD_HOST=\"$(hostname --fqdn)\"" >> "${DESTDIR}/conf/conf.d/bootguard"

	# Unlock binary
	copy_exec /usr/share/bootguard/unlock /bin/

	# Find root home from /etc/passwd
	home=$(cut -f6 -d: "${DESTDIR}/etc/passwd")

	# Run unlock on remote login
	mkdir -p "${DESTDIR}${home}"
	/bin/echo /bin/cryptroot-unlock >> "${DESTDIR}${home}/.profile"

	# Create nicer login env
	if [ -x /usr/bin/figlet ]; then
		/bin/echo -e "$(figlet BootGuard)\n$(figlet $(hostname))" | paste /usr/share/bootguard/logo - > "${DESTDIR}/etc/motd"
	else
		/bin/echo -e "$(cat /usr/share/bootguard/text)\n$(hostname)" | paste /usr/share/bootguard/logo - > "${DESTDIR}/etc/motd"
	fi

fi
