#!/bin/sh -eu
# DESCRIPTION: sauvegarde localement les entêtes des partitions chiffrées.
# SYNTAX: ${gpg_options:---recipient $USER@}
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh

test $# -gt 0 || set -- --recipient "$USER@"
for part in root var home
 do
	mkdir -p var/sec/luks
	"$tool"/remote/ssh -l root ' \
		set -e -f -u;
		exec 2>/dev/null;
		tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run);
		cryptsetup luksHeaderBackup >/dev/null \
		 /dev/'"$local_lvm_vg"'/'"$local_lvm_lv"'_'"$part"' \
		 --header-backup-file "$tmp"; \
		cat "$tmp";
		shred >/dev/null --remove "$tmp"; \
	 ' |
	gpg "$@" --encrypt \
	 -o var/sec/luks/${local_lvm_lv}_${part}.luks.gpg
 done