--- /dev/null
+#!/bin/sh -eu
+# DESCRIPTION: sauvegarde localement les entĂȘtes des partitions chiffrĂ©es.
+# SYNTAX: ${gpg_options:---recipient $USER@}
+tool=$(readlink -e "${0%/*}/..")
+. "$tool"/remote/lib.sh
+
+test $# -gt 0 || set -- --recipient "$USER@"
+for part in root var home
+ do
+ mkdir -p var/sec/luks
+ "$tool"/remote/ssh -l root ' \
+ set -e -f -u;
+ exec 2>/dev/null;
+ tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run);
+ cryptsetup luksHeaderBackup >/dev/null \
+ /dev/'"$vm_lvm_vg"'/'"$vm_lvm_lv"'_'"$part"' \
+ --header-backup-file "$tmp"; \
+ cat "$tmp";
+ shred >/dev/null --remove "$tmp"; \
+ ' |
+ gpg "$@" --encrypt \
+ -o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg
+ done