From 82ff52e0800702dee9402f8efe13dbc02e5883d2 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 6 May 2024 02:31:20 +0200
Subject: Adding debian version 2:2.1.0-5+deb10u2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/scripts/decrypt_derived | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 debian/scripts/decrypt_derived

(limited to 'debian/scripts/decrypt_derived')

diff --git a/debian/scripts/decrypt_derived b/debian/scripts/decrypt_derived
new file mode 100644
index 0000000..864e049
--- /dev/null
+++ b/debian/scripts/decrypt_derived
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+# WARNING: If you use the decrypt_derived keyscript for devices with
+# persistent data (i.e. not swap or temp devices), then you will lose
+# access to that data permanently if something damages the LUKS header
+# of the LUKS device you derive from. The same applies if you luksFormat
+# the device, even if you use the same passphrase(s). A LUKS header
+# backup, or better a backup of the data on the derived device may be
+# a good idea. See the Cryptsetup FAQ on how to do this right.
+
+if [ -z "$1" ]; then
+    echo "$0: must be executed with a crypto device as argument" >&2
+    exit 1
+fi
+
+unset -v keys count
+keys="$(dmsetup table --target crypt --showkeys -- "$1" 2>/dev/null | cut -s -d' ' -f5)"
+count="$(printf '%s' "$keys" | wc -l)"
+
+if [ -n "$keys" ] && [ $count -le 1 ]; then
+    if [ "${keys#:}" = "$keys" ]; then
+        printf '%s' "$keys" | tr -d '\n'
+    else
+        echo "$0: device $1 uses the kernel keyring"
+    fi
+elif [ $count -eq 0 ]; then
+    echo "$0: device $1 doesn't exist or isn't a crypto device" >&2
+else
+    echo "$0: more than one device match" >&2
+fi
+exit 1
-- 
cgit v1.2.3