bee/iso/builder/config/hooks/normal/9012-wipe.hook.chroot

#!/bin/sh
# 9012-wipe.hook.chroot
#
# Adds bee-initramfs-wipe to the initramfs so that selecting the
# "WIPE ALL DISKS" boot menu entry runs the wipe tool before squashfs
# is mounted — i.e. it works even when live boot fails.
#
# Two files are installed inside the chroot:
#   /etc/initramfs-tools/hooks/bee-wipe         — copies binaries into initrd
#   /etc/initramfs-tools/scripts/local-premount/bee-wipe — runs at boot

set -e

HOOK_DIR="/etc/initramfs-tools/hooks"
SCRIPT_DIR="/etc/initramfs-tools/scripts/local-premount"

mkdir -p "${HOOK_DIR}" "${SCRIPT_DIR}"

# ── initramfs hook: copy binaries ────────────────────────────────────────────
cat > "${HOOK_DIR}/bee-wipe" << 'EOF'
#!/bin/sh
PREREQ=""
prereqs() { echo "$PREREQ"; }
case "$1" in prereqs) prereqs; exit 0 ;; esac

. /usr/share/initramfs-tools/hook-functions

for bin in lsblk blkid blkdiscard blockdev; do
    b=$(command -v "$bin" 2>/dev/null) && copy_exec "$b" /bin
done

[ -x /usr/sbin/nvme ] && copy_exec /usr/sbin/nvme /sbin

copy_exec /usr/local/bin/bee-initramfs-wipe /bin/bee-wipe
EOF

chmod +x "${HOOK_DIR}/bee-wipe"

# ── initramfs premount script: trigger on bee.wipe=all ───────────────────────
cat > "${SCRIPT_DIR}/bee-wipe" << 'EOF'
#!/bin/sh
PREREQ=""
prereqs() { echo "$PREREQ"; }
case "$1" in prereqs) prereqs; exit 0 ;; esac

grep -qw 'bee.wipe=all' /proc/cmdline 2>/dev/null || exit 0
exec /bin/bee-wipe
EOF

chmod +x "${SCRIPT_DIR}/bee-wipe"

echo "9012-wipe: installed initramfs hook and premount script"

KVER=$(ls /lib/modules | sort -V | tail -1)
echo "9012-wipe: rebuilding initramfs for kernel ${KVER}"
update-initramfs -u -k "${KVER}"
echo "9012-wipe: done"