#!/bin/sh

set -e

# This assumes that /proc/cmdline contains a cryptdevice with a UUID identifier,
# like:
#
# cryptdevice=UUID=1ff1d6f7-7540-4500-8011-1abe1e9ac00d:cryptroot
uuid=$(cat /proc/cmdline | \
    tr ' ' '\n' | \
    grep cryptdevice | \
    cut -d= -f3 | \
    cut -d: -f1)

device=$(lsblk -o PATH,UUID | grep "$uuid" | awk '{print $1}')
echo "Root device is $device"

echo -n "Enter root key: "
read -s pw
echo ""

# This will check if the key is right, and cause the process to exit if not due
# to the "set -e"
echo "Checking key..."
echo "$pw" | sudo cryptsetup open --test-passphrase "$device"

echo "Good job, writing /boot/keyfile..."
echo -n "$pw" | sudo tee /boot/keyfile >/dev/null

echo "Shutting down..."
sudo systemctl poweroff