Run cryptroot-unlock if present.

Addresses #2.

unlock-cryptroot

@@ -95,7 +95,10 @@ host=$1; shift
 [ -n "${id+set}" ] || id=${idbase}${host%%.*}
 [ -n "${config+set}" ] || ! [ -e "${configdefault}" ] || config=${configdefault}
 
-script=$(cat <<\END_OF_SCRIPT
+# Script to run inside the initramfs for Ubuntu 16.04 (Xenial) and
+# older. Newer versions of Ubuntu have a /bin/cryptroot-unlock script
+# already in the initramfs.
+legacy_script=$(cat <<\END_OF_SCRIPT
 #!/bin/sh
 PATH=/sbin:${PATH}
 
@@ -222,24 +225,32 @@ run_ssh_cmd() {
     while IFS= read -r line; do
         log "${line}"
     done <<\EOF
-After you are logged in:
-  1. use 'ps -l' to get cryptsetup's command-line arguments
-  2. run:
+After you are logged in, run cryptroot-unlock. If cryptroot-unlock is not
+available (Ubuntu 16.04 (Xenial) and older), do the following:
+  1. Use 'ps -l' to get cryptsetup's command-line arguments
+  2. Run:
          /lib/cryptsetup/askpass "Enter passphrase: " \
              | /sbin/cryptsetup <args go here>
-  3. kill 'plymouth ask-for-password' or 'askpass' as appropriate
-  4. log out
+  3. Kill 'plymouth ask-for-password' or 'askpass' as appropriate
+  4. Log out
 
 EOF
     run_ssh root@"${host}"
     exit $?
 }
 
-log "sending script to ${host}..."
-run_ssh_cmd 'cat >tmp.sh && chmod +x tmp.sh' \
-    <<EOF || fatal "unable to create script"
-${script}
+log "Checking for cryptroot-unlock..."
+run_ssh_cmd '[ -x /bin/cryptroot-unlock ]' || {
+    log "Remote machine does not have cryptroot-unlock."
+    log "Sending script to ${host}..."
+    run_ssh_cmd 'cat >tmp.sh && chmod +x tmp.sh' \
+        <<EOF || fatal "failed to create script"
+${legacy_script}
 EOF
+    log "Running script on ${host}..."
+    run_ssh_cmd -t './tmp.sh'
+    exit $?
+}
 
-log "running script on ${host}..."
-run_ssh_cmd -t './tmp.sh'
+log "Running cryptroot-unlock..."
+run_ssh_cmd -t '/bin/cryptroot-unlock'