cryptgnupg_sc

#!/bin/sh

set -e

PREREQ="cryptroot"

prereqs()
{
	echo "$PREREQ"
}

case $1 in
prereqs)
	prereqs
	exit 0
	;;
esac

. /usr/share/initramfs-tools/hook-functions

# Hooks for loading Gnupg software and key into the initramfs

# Check whether cryptroot hook has installed decrypt_gnupg_sc script
if [ ! -x ${DESTDIR}/lib/cryptsetup/scripts/decrypt_gnupg_sc ] ; then
    exit 0
fi

# Install cryptroot key files into initramfs
keys=$(sed 's/^\(.*,\|\)key=//; s/,.*//' ${DESTDIR}/conf/conf.d/cryptroot)

if [ "${keys}" != "none" ]; then
    if [ -z "${keys}" ]; then
        echo "$0: Missing key files in ${DESTDIR}/conf/conf.d/cryptroot" >&2
        cat ${DESTDIR}/conf/conf.d/cryptroot >&2
        exit 1
    fi
    for key in ${keys} ; do
        keydir=$(dirname ${key})
	echo "WARNING: GnuPG key $key is copied to initramfs" >&2
	echo "WARNING: GnuPG secret keys in ${keydir}/private-keys-v1.d are copied" \
             "to initramfs" >&2
        if [ ! -d ${DESTDIR}/${keydir} ] ; then
            mkdir -p ${DESTDIR}/${keydir}
        fi
        chmod 700 ${DESTDIR}/${keydir}
        cp -p ${key} ${DESTDIR}/${key}
        cp -p ${keydir}/pubring.kbx ${DESTDIR}/${keydir}
        cp -p -r ${keydir}/private-keys-v1.d ${DESTDIR}/${keydir}
        if [ -e ${keydir}/gpg.conf ] ; then
            cp -p ${keydir}/gpg.conf ${DESTDIR}/${keydir}
        fi
    done
fi

# Install gnupg software
echo "WARNING: /usr/bin/gpg is copied to initramfs" >&2
copy_exec /usr/bin/gpg
echo "WARNING: /usr/bin/gpg-agent is copied to initramfs" >&2
copy_exec /usr/bin/gpg-agent
echo "WARNING: /usr/lib/gnupg/scdaemon is copied to initramfs" >&2
copy_exec /usr/lib/gnupg/scdaemon

# some more libs for pcscd
# only needed for card readers, which are not supported by the gpg internal ccid
copy_exec /usr/sbin/pcscd
copy_exec /usr/lib/pcsc/drivers/serial/libccidtwin.so
copy_exec /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
copy_exec /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
copy_exec /etc/libccid_Info.plist
if uname -r | grep -q amd64; then
        copy_exec /usr/lib/x86_64-linux-gnu/libpcsclite.so.1.0.0
        copy_exec /lib/x86_64-linux-gnu/libgcc_s.so.1
else
        copy_exec /usr/lib/i386-linux-gnu/libpcsclite.so.1.0.0
        copy_exec /lib/i386-linux-gnu/libgcc_s.so.1
fi
exit 0