X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=remote%2Fluks-key-backup;fp=remote%2Fluks-key-backup;h=b99146f0051f7e11a92ebc5705beceef79d8274a;hp=0000000000000000000000000000000000000000;hb=3ad6118386977e346d81042e924e5db9c5f15b7d;hpb=22f04b9fac14adc3d3fc98273ba126c3a51792c3

diff --git a/remote/luks-key-backup b/remote/luks-key-backup
new file mode 100755
index 0000000..b99146f
--- /dev/null
+++ b/remote/luks-key-backup
@@ -0,0 +1,23 @@
+#!/bin/sh -eu
+# DESCRIPTION: sauvegarde localement les entêtes des partitions chiffrées.
+# SYNTAX: ${gpg_options:---recipient $USER@}
+tool=$(readlink -e "${0%/*}/..")
+. "$tool"/remote/lib.sh
+
+test $# -gt 0 || set -- --recipient "$USER@"
+for part in root var home
+ do
+	mkdir -p var/sec/luks
+	"$tool"/remote/ssh -l root ' \
+		set -e -f -u;
+		exec 2>/dev/null;
+		tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run);
+		cryptsetup luksHeaderBackup >/dev/null \
+		 /dev/'"$vm_lvm_vg"'/'"$vm_lvm_lv"'_'"$part"' \
+		 --header-backup-file "$tmp"; \
+		cat "$tmp";
+		shred >/dev/null --remove "$tmp"; \
+	 ' |
+	gpg "$@" --encrypt \
+	 -o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg
+ done