cleanup

hooks/luks/luks

@@ -3,36 +3,35 @@
 #
 # false positive
 # shellcheck disable=2154
-{
-    [ "$hostonly" = 1 ] &&
-        for _module in \
-            aes ecb xts lrw wp512 sha256 \
-            sha512 twofish serpent dm-crypt
-        do
-            copy_module "$_module"
-        done
 
-    copy_binary cryptsetup
+[ "$luks_key" ] && {
+    copy_file "${luks_key#*=}" /root/key 400 0
 
-    # avoid possible issues with libgcc_s.so.1
-    # see https://bugs.archlinux.org/task/56771
-    [ -e /lib/libgcc_s.so.1 ] && copy_file /lib/libgcc_s.so.1 /lib/libgcc_s.so.1 755 1
+    sed "s|${luks_key#*=}|/root/key|" \
+        "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_"
 
-    if [ "$luks_key" ]; then
-        copy_file "${luks_key#*=}" /root/key 400 0
-
-        sed "s|${luks_key#*=}|/root/key|" \
-            "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_"
-
-        mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config"
-    fi
-
-    if [ "$luks_header" ]; then
-        copy_file "${luks_header#*=}" /root/header 400 0
-
-        sed "s|${luks_header#*=}|/root/header|" \
-            "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_"
-
-        mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config"
-    fi
+    mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config"
 }
+
+[ "$luks_header" ] && {
+    copy_file "${luks_header#*=}" /root/header 400 0
+
+    sed "s|${luks_header#*=}|/root/header|" \
+        "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_"
+
+    mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config"
+}
+
+[ "$hostonly" = 1 ] &&
+    for _module in \
+        aes ecb xts lrw wp512 sha256 \
+        sha512 twofish serpent dm-crypt
+    do
+        copy_module "$_module"
+    done
+
+copy_binary cryptsetup
+
+# avoid possible issues with libgcc_s.so.1
+# see https://bugs.archlinux.org/task/56771
+[ -e /lib/libgcc_s.so.1 ] && copy_file /lib/libgcc_s.so.1 /lib/libgcc_s.so.1 755 1

hooks/luks/luks.init

@@ -6,17 +6,16 @@
 #
 # word splitting is safe by design
 # shellcheck disable=2068
-{
-    [ "$break" = luks ] && { print "break before unlock_luks()"; sh; }
 
-    export DM_DISABLE_UDEV=1
-    mkdir -p /run/cryptsetup
+[ "$break" = luks ] && { print "break before luks.init"; sh; }
 
-    resolve_device "$luks_root"
+export DM_DISABLE_UDEV=1
+mkdir -p /run/cryptsetup
 
-    set -- \
-         "${luks_discard:+--allow-discards}" "${luks_header:+--header $luks_header}" \
-         "${luks_key:+-d $luks_key}" "$device" "${luks_name:-crypt-${device##*/}}"
+resolve_device "$luks_root"
 
-    cryptsetup open $@ || panic "failed to unlock LUKS"
-}
+set -- \
+    "${luks_discard:+--allow-discards}" "${luks_header:+--header $luks_header}" \
+    "${luks_key:+-d $luks_key}" "$device" "${luks_name:-crypt-${device##*/}}"
+
+cryptsetup open $@ || panic "failed to unlock LUKS"