dépôts / lhc / ateliers.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Modification : vm_{host,hosted,remote} -> {host,local,remote}/ .
[lhc/ateliers.git] / remote / luks-key-backup
diff --git a/remote/luks-key-backup b/remote/luks-key-backup
new file mode 100755 (executable)
index 0000000..b99146f
--- /dev/null
+++ b/remote/luks-key-backup
@@ -0,0 +1,23 @@
+#!/bin/sh -eu
+# DESCRIPTION: sauvegarde localement les entĂȘtes des partitions chiffrĂ©es.
+# SYNTAX: ${gpg_options:---recipient $USER@}
+tool=$(readlink -e "${0%/*}/..")
+. "$tool"/remote/lib.sh
+
+test $# -gt 0 || set -- --recipient "$USER@"
+for part in root var home
+ do
+       mkdir -p var/sec/luks
+       "$tool"/remote/ssh -l root ' \
+               set -e -f -u;
+               exec 2>/dev/null;
+               tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run);
+               cryptsetup luksHeaderBackup >/dev/null \
+                /dev/'"$vm_lvm_vg"'/'"$vm_lvm_lv"'_'"$part"' \
+                --header-backup-file "$tmp"; \
+               cat "$tmp";
+               shred >/dev/null --remove "$tmp"; \
+        ' |
+       gpg "$@" --encrypt \
+        -o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg
+ done
outils d'administration d'ateliers.heureux-cyclage.org