--- files/2.4.0-dmcrypt.rc	2021-08-19 10:09:50.000000000 +0100
+++ /etc/init.d/dmcrypt	2022-03-11 20:49:02.168257465 +0000
@@ -81,11 +81,20 @@
 	# cryptsetup:
 	# open   <device> <name>      # <device> is $source
 	# create <name>   <device>    # <name>   is $target
-	local arg1="create" arg2="${target}" arg3="${source}"
+	local arg1="create" arg2="${target}" arg3="${source}" arg_header=""
 	if cryptsetup isLuks ${source} 2>/dev/null ; then
 		arg1="open"
 		arg2="${source}"
 		arg3="${target}"
+		if [ -n "${luks_header}" ] ; then
+			if [ ! -e "${luks_header}" ] ; then
+				ewarn "${source} will not be decrypted ..."
+				einfo "Reason: header file ${luks_header} does not exist."
+				return
+			else
+				arg_header="--header ${luks_header}"
+			fi
+		fi
 	fi
 
 	# Older versions reported:
@@ -182,7 +191,7 @@
 	else
 		mode=none
 	fi
-	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
+	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}"
 	if [ "${mode}" = "gpg" ] ; then
 		: ${gpg_options:='-q -d'}
 		# gpg available ?
@@ -192,7 +201,7 @@
 				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
 				# save stdin stdout stderr "values"
 				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
-					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
+					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
 				ret=$?
 				# The timeout command exits 124 when it times out.
 				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
@@ -207,11 +216,11 @@
 		fi
 	else
 		if [ "${mode}" = "reg" ] ; then
-			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
+			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header}
 			ret=$?
 			eend ${ret} "failure running cryptsetup"
 		else
-			cryptsetup ${options} ${arg1} ${arg2} ${arg3}
+			cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
 			ret=$?
 			eend ${ret} "failure running cryptsetup"
 		fi
@@ -280,7 +289,7 @@
 			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
 			;;
 
-		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*)
+		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|luks_header=*)
 			if [ -z "${target}${swap}" ] ; then
 				ewarn "Ignoring setting outside target/swap section: ${targetline}"
 				continue