remote/luks-key-backup

   1 #!/bin/sh -eu
   2 # DESCRIPTION: sauvegarde localement les entêtes des partitions chiffrées.
   3 # SYNTAX: ${gpg_options:---recipient $USER@}
   4 tool=$(readlink -e "${0%/*}/..")
   5 . "$tool"/remote/lib.sh
   6
   7 test $# -gt 0 || set -- --recipient "$USER@"
   8 for part in root var home
   9  do
  10         mkdir -p var/sec/luks
  11         "$tool"/remote/ssh -l root ' \
  12                 set -e -f -u;
  13                 exec 2>/dev/null;
  14                 tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run);
  15                 cryptsetup luksHeaderBackup >/dev/null \
  16                  /dev/'"$local_lvm_vg"'/'"$local_lvm_lv"'_'"$part"' \
  17                  --header-backup-file "$tmp"; \
  18                 cat "$tmp";
  19                 shred >/dev/null --remove "$tmp"; \
  20          ' |
  21         gpg "$@" --encrypt \
  22          -o var/sec/luks/${local_lvm_lv}_${part}.luks.gpg
  23  done