#!/bin/sh

source /etc/ykfde.conf

# Looks like Yubikey is reset after challenge response, triggering
# yet another add event. Ignore if the file exists.
[ -s /crypto_keyfile.bin ] && exit 0

# write the response to keyfile
ykchalresp -${YKFDE_SLOT:-2} "$(cat /ykfde-challenge)" 2>/dev/null | tr -d '\n' > /crypto_keyfile.bin

# if the systemd unit was faster try to answer password agent
for REQUEST in $(grep -l '^Message=Please enter passphrase for disk' /run/systemd/ask-password/ask.* || \
		inotifywait -q --format %w%f -e MOVED_TO /run/systemd/ask-password/); do
	/usr/lib/systemd/systemd-reply-password 1 $(grep '^Socket=' ${REQUEST} | cut -d= -f2) < /crypto_keyfile.bin
done