Adding debian version 2:2.3.7-1+deb11u1.debian/2%2.3.7-1+deb11u1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 32 insertions, 0 deletions

diff --git a/debian/scripts/decrypt_derived b/debian/scripts/decrypt_derived
new file mode 100644
index 0000000..0e1e418
--- /dev/null
+++ b/debian/scripts/decrypt_derived
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# WARNING: If you use the decrypt_derived keyscript for devices with
+# persistent data (i.e. not swap or temp devices), then you will lose
+# access to that data permanently if something damages the LUKS header
+# of the LUKS device you derive from. The same applies if you luksFormat
+# the device, even if you use the same passphrase(s). A LUKS header
+# backup, or better a backup of the data on the derived device may be
+# a good idea. See the Cryptsetup FAQ on how to do this right.
+
+if [ -z "$1" ]; then
+    echo "$0: must be executed with a crypto device as argument" >&2
+    exit 1
+fi
+
+unset -v keys count
+keys="$(dmsetup table --target crypt --showkeys -- "$1" 2>/dev/null | cut -s -d' ' -f5)"
+count="$(printf '%s' "$keys" | wc -l)"
+
+if [ -n "$keys" ] && [ $count -le 1 ]; then
+    if [ "${keys#:}" = "$keys" ]; then
+        printf '%s' "$keys"
+        exit 0
+    else
+        echo "$0: device $1 uses the kernel keyring" >&2
+    fi
+elif [ $count -eq 0 ]; then
+    echo "$0: device $1 doesn't exist or isn't a crypto device" >&2
+else
+    echo "$0: more than one device match" >&2
+fi
+exit 1