#!/usr/bin/env bash
# Created by Tobias Powalowski <tpowa@archlinux.org>

build ()
{
    # https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
    _RUNNING_ARCH="$(uname -m)"
    map add_binary openssl cert-to-efi-hash-list efi-readvar efi-updatevar efitool-mkusb flash-var \
          hash-to-efi-sig-list sig-list-to-certs cert-to-efi-sig-list sign-efi-sig-list sbattach sbkeysync \
          sbsiglist sbsign sbvarsign sbverify mokutil sbctl
    map add_file "/etc/ssl/openssl.cnf" "/usr/share/licenses/sbctl/LICENSE"
    # add mkkeys.sh, 
    # curl -s -L -O https://www.rodsbooks.com/efi-bootloaders/mkkeys.sh
    # modiiied to use uuidgen instead of python
    add_file "/usr/bin/archboot-mkkeys.sh" "/usr/bin/mkkeys.sh"
    # add efitools files
    [[ "${_RUNNING_ARCH}" == "x86_64" ]] && add_file "/usr/share/efitools/efi/PreLoader.efi"
    map add_file "/usr/share/efitools/efi/HashTool.efi" "/usr/share/efitools/efi/KeyTool.efi"
    if [[ "${_RUNNING_ARCH}" == "x86_64" ]]; then
        for i in shimx64.efi mmx64.efi mmia32.efi shimia32.efi; do
            add_file "/usr/share/archboot/bootloader/${i}"
        done
    fi
     if [[ "${_RUNNING_ARCH}" == "aarch64" ]]; then
        for i in mmaa64.efi shimaa64.efi; do
            add_file "/usr/share/archboot/bootloader/${i}"
        done
    fi
    # add generate keys script
    add_file "/usr/bin/archboot-secureboot-keys.sh" "/usr/bin/secureboot-keys.sh"
}

help ()
{
cat<<HELPEOF
  This hook includes secure boot tools on an archboot image.
HELPEOF
} 
