tMerge pull request #107 from gdrooid/master - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 85fe8fdc019d9e39bf9b278a9449e05871655e11
DIR parent bfe9ed7e93df73ca8f1fb15461c9f190572d43e9
HTML Author: Jaromil <jaromil@dyne.org>
Date: Sun, 11 May 2014 09:28:01 +0200
Merge pull request #107 from gdrooid/master
Message formatting inconsistencies
Diffstat:
M tomb | 462 ++++++++++++++++----------------
1 file changed, 231 insertions(+), 231 deletions(-)
---
DIR diff --git a/tomb b/tomb
t@@ -73,20 +73,20 @@ typeset -h _tty
_have_shm() {
# Check availability of 1MB of SHM
- xxx "_have_shm 0 We need only 1 MB of RAM"
+ _verbose "_have_shm 0 We need only 1 MB of RAM."
[[ -k /dev/shm ]] || return 1
local -i SHM RAM
SHM=$(df -k -B 4K -a -t tmpfs /dev/shm | awk '/\/dev\/shm/ { print $4; }')
(( $? )) && return 1
- xxx "_have_shm 1 SHM $SHM KB are available"
+ _verbose "_have_shm 1 SHM $SHM KB are available."
RAM=$(awk '/MemFree/ { print $2 }' /proc/meminfo)
- xxx "_have_shm 2 RAM $RAM KB are free"
+ _verbose "_have_shm 2 RAM $RAM KB are free."
(( $RAM >= 1024 )) && return 0
- xxx "_have_shm 3 RAM $RAM KB left only :("
+ _verbose "_have_shm 3 RAM $RAM KB left only :("
# Now we have more RAM than affected to SHM, so we can expect some for our little needs.
# Does that work when SHM is disabled from kernel config?
return 1
t@@ -101,7 +101,7 @@ safe_dir() {
while (( $tries < 3 )) ; do
tries+=1
if _have_shm; then
- xxx "safe_dir creating $1 dir in RAM"
+ _verbose "safe_dir creating $1 dir in RAM."
if (( $MKTEMP )); then
mktemp -d /dev/shm/tomb.$1.$$.XXXXXXX
else
t@@ -112,7 +112,7 @@ safe_dir() {
return 0
else
_warning "WARNING: we cannot ensure we're running in RAM."
- xxx "Wait a bit before retrying... (attempt $tries)"
+ _verbose "Wait a bit before retrying... (attempt $tries)."
sync && sleep 0.5
fi
done
t@@ -122,7 +122,7 @@ safe_dir() {
# Provide a random filename in shared memory
safe_filename() {
- _have_shm || die "No access to shared memory on this system, sorry."
+ _have_shm || _failure "No access to shared memory on this system, sorry."
(( $MKTEMP )) && \
mktemp -u /dev/shm/tomb.$1.$$.XXXXXXX || \
print "/dev/shm/tomb.$1.$$.$RANDOM$RANDOM"
t@@ -165,14 +165,14 @@ check_swap() {
fi
fi
done
- no "An active swap partition is detected, this poses security risks."
+ _warning "An active swap partition is detected, this poses security risks."
if [[ $ret -eq 2 ]]; then
- yes "All your swaps are belong to crypt. Good."
+ _success "All your swaps are belong to crypt. Good."
else
- no "You can deactivate all swap partitions using the command:"
- no " swapoff -a"
- no "But if you want to proceed like this, use the -f (force) flag."
- die "Operation aborted."
+ _warning "You can deactivate all swap partitions using the command:"
+ _warning " swapoff -a"
+ _warning "But if you want to proceed like this, use the -f (force) flag."
+ _failure "Operation aborted."
fi
return $ret
}
t@@ -207,7 +207,7 @@ ask_password() {
GTK2_RC=/usr/share/themes/tomb/gtk-2.0-key/gtkrc
fi
- title="Insert tomb password"
+ title="Insert tomb password."
if [ $2 ]; then title="$2"; fi
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} pinentry 2>/dev/null | tail -n +7
t@@ -231,7 +231,7 @@ exec_as_user() {
exec $@[@]
return $?
fi
- xxx "exec_as_user '$SUDO_USER': ${(f)@}"
+ _verbose "exec_as_user '$SUDO_USER': ${(f)@}"
sudo -u $SUDO_USER "${@[@]}"
return $?
}
t@@ -241,7 +241,7 @@ check_priv() {
# save original user
username=$USER
if [ $UID != 0 ]; then
- xxx "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'"
+ _verbose "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'."
# check if sudo has a timestamp active
sudok=false
t@@ -257,7 +257,7 @@ GETPIN
EOF
fi
else
- _verbose "Escalating privileges using sudo-pwd"
+ _verbose "Escalating privileges using sudo-pwd."
sudo -S -v <<<`option_value --sudo-pwd`
fi
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
t@@ -267,10 +267,10 @@ EOF
# check if we have support for loop mounting
losetup -f > /dev/null
{ test "$?" = "0" } || {
- no "Loop mount of volumes is not supported on this machine, this error"
- no "often occurs on VPS and kernels that don't provide the loop module."
- no "It is impossible to use Tomb on this machine at this conditions."
- die "Operation aborted."
+ _warning "Loop mount of volumes is not supported on this machine, this error"
+ _warning "often occurs on VPS and kernels that don't provide the loop module."
+ _warning "It is impossible to use Tomb on this machine at this conditions."
+ _failure "Operation aborted."
}
# make sure necessary kernel modules are loaded
t@@ -282,10 +282,10 @@ EOF
# check if a filename is a valid tomb
is_valid_tomb() {
- xxx "is_valid_tomb $1"
+ _verbose "is_valid_tomb $1"
# argument check
{ test "$1" = "" } && {
- _warning "Tomb file is missing from arguments"; return 1 }
+ _warning "Tomb file is missing from arguments."; return 1 }
# file checks
{ test -r "$1" } || {
_warning "Tomb file not found: $1"; return 1 }
t@@ -498,7 +498,7 @@ progress() {
check_bin() {
# check for required programs
for req in cryptsetup pinentry sudo gpg; do
- command -v $req >/dev/null || die "Cannot find $req. It's a requirement to use Tomb, please install it." 1
+ command -v $req >/dev/null || _failure "Cannot find $req. It's a requirement to use Tomb, please install it." 1
done
export PATH=/sbin:/usr/sbin:$PATH
t@@ -542,18 +542,18 @@ load_key() {
# take the name of a tomb file as argument
if option_is_set -k ; then
if [[ "`option_value -k`" == "-" ]]; then
- xxx "load_key reading from stdin"
+ _verbose "load_key reading from stdin."
# take key from stdin
tombkeydir=`safe_dir load_key_stdin` # global used to check if key from stdin
- xxx "tempdir is $tombkeydir"
- act "waiting for the key to be piped from stdin... "
+ _verbose "tempdir is $tombkeydir"
+ act "Waiting for the key to be piped from stdin... "
cat > ${tombkeydir}/stdin.tmp.key
print ok >&2
tombdir=${tombkeydir}
tombfile=stdin.tmp.key
tombname="stdin"
elif [[ "`option_value -k`" != "" ]]; then
- xxx "load_key argument: `option_value -k`"
+ _verbose "load_key argument: `option_value -k`"
# take key from a file
tombkey=`option_value -k`
tombdir=`dirname $tombkey`
t@@ -561,21 +561,21 @@ load_key() {
fi
else # no -k specified
- die "this operation requires a key file to be specified using the -k option"
+ _failure "This operation requires a key file to be specified using the -k option."
return 1
fi
tombkey=${tombdir}/${tombfile}
- xxx "load_key: ${tombkey}"
+ _verbose "load_key: ${tombkey}"
{ test -r "${tombkey}" } || {
- _warning "Key not found, specify one using -k"
+ _warning "Key not found, specify one using -k."
drop_key
return 1 }
# this does a check on the file header
if ! is_valid_key ${tombkey}; then
- _warning "The key seems invalid, the application/pgp header is missing"
+ _warning "The key seems invalid, the application/pgp header is missing."
drop_key
return 1
fi
t@@ -589,12 +589,12 @@ load_key() {
ask_key_password() {
tombkey="$1"
local keyname=`basename $tombkey`
- _message "a password is required to use key ${keyname}"
+ _message "A password is required to use key ${keyname}"
local passok=0
local tombpass=""
if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd`
- xxx "ask_key_password takes tombpass from CLI argument: $tombpass"
+ _verbose "ask_key_password takes tombpass from CLI argument: $tombpass"
get_lukskey "$tombpass" ${tombkey} >/dev/null
t@@ -609,7 +609,7 @@ ask_key_password() {
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
fi
if [[ $? != 0 ]]; then
- _warning "User aborted password dialog"
+ _warning "User aborted password dialog."
return 1
fi
t@@ -638,13 +638,13 @@ change_passwd() {
# check the keyfile
if ! [ -r $keyfile ]; then
- _warning "key not found: $keyfile"
+ _warning "Key not found: $keyfile"
return 1
fi
if ! is_valid_key $keyfile ; then
- _warning "file doesn't seems to be a tomb key: $keyfile"
- _warning "operation aborted."
+ _warning "File doesn't seems to be a tomb key: $keyfile"
+ _warning "Operation aborted."
return 1
fi
t@@ -657,7 +657,7 @@ change_passwd() {
tombpass=`ask_key_password $keyfile`
{ test $? = 0 } || {
- die "No valid password supplied" }
+ _failure "No valid password supplied." }
get_lukskey "${tombpass}" ${keyfile} > ${lukskey};
t@@ -671,14 +671,14 @@ change_passwd() {
gen_key $lukskey $algopt > ${tmpnewkey}
if ! is_valid_key $tmpnewkey; then
- die "Error: the newly generated keyfile does not seem valid"
+ _failure "Error: the newly generated keyfile does not seem valid."
else
# copy the new key as the original keyfile name
cp "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated."
fi
} always {
- _verbose "cleanup: $tmpnewkey $lukskey"
+ _verbose "Cleanup: $tmpnewkey $lukskey"
# wipe all temp file
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
t@@ -689,21 +689,21 @@ change_passwd() {
# To be called after load_key()
drop_key() {
- xxx "drop_key $tombkey"
+ _verbose "drop_key $tombkey"
# delete key if temp stored from stdin
if [[ "$tombkey" =~ "/dev/shm/tomb.load_key_stdin" ]]; then
{ test -r ${tombkey} } && {
- _message "removing key temporarily stored from stdin"
+ _message "Removing key temporarily stored from stdin"
${=WIPE} ${tombkey}; rmdir `dirname ${tombkey}` }
fi
}
#$1 is the keyfile we are checking
is_valid_key() {
- xxx "is_valid_key $1"
+ _verbose "is_valid_key $1"
# argument check
{ test "$1" = "" } && {
- _warning "Key file is missing from arguments"; return 1 }
+ _warning "Key file is missing from arguments."; return 1 }
# file checks
{ test -r "$1" } || {
_warning "Key file not found: $1"; return 1 }
t@@ -716,7 +716,7 @@ is_valid_key() {
return 0 }
# if no BEGIN header found then we try to recover it
[[ `file $1 -bi` =~ text/plain ]] && {
- _warning "Key data found with missing headers, attempting recovery"
+ _warning "Key data found with missing headers, attempting recovery."
local tmp_keyfix=`safe_filename keyfix`
touch $tmp_keyfix
# make sure KDF header comes first
t@@ -750,7 +750,7 @@ get_lukskey() {
local tombpass=$1
local keyfile=$2
firstline=`head -n1 $keyfile`
- xxx "get_lukskey XXX $keyfile"
+ _verbose "get_lukskey XXX $keyfile"
if [[ $firstline =~ '^_KDF_' ]]; then
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
case `cut -d_ -f 3 <<<$firstline` in
t@@ -759,7 +759,7 @@ get_lukskey() {
tombpass=$(tomb-kdb-pbkdf2 ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
;;
*)
- _failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
+ _failure "No suitable program for KDF `cut -f 3 <<<$firstline`."
unset tombpass
return 1
;;
t@@ -769,7 +769,7 @@ get_lukskey() {
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
gpgver=`gpg --version | awk '/^gpg/ {print $3}'`
if [ "$gpgver" = "1.4.11" ]; then
- xxx "GnuPG is version 1.4.11 - adopting status fix"
+ _verbose "GnuPG is version 1.4.11 - adopting status fix."
print ${tombpass} | \
gpg --batch --passphrase-fd 0 --no-tty --no-options -d "${keyfile}"
t@@ -779,7 +779,7 @@ get_lukskey() {
else # using status-file in gpg != 1.4.11
res=`safe_filename lukskey`
- { test $? = 0 } || { unset tombpass; die "Fatal error creating temp file." }
+ { test $? = 0 } || { unset tombpass; _failure "Fatal error creating temp file." }
print ${tombpass} | \
gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \
t@@ -791,7 +791,7 @@ get_lukskey() {
ret=$?; rm -f $res
fi
- xxx "get_lukskey returns $ret"
+ _verbose "get_lukskey returns $ret"
return $ret
}
t@@ -811,16 +811,16 @@ gen_key() {
# 3 tries to write two times a matching password
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
if [[ $? != 0 ]]; then
- die "User aborted"
+ _failure "User aborted."
fi
if [ -z $tombpass ]; then
- _warning "you set empty password, which is not possible"
+ _warning "You set empty password, which is not possible."
continue
fi
tombpasstmp=$tombpass
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
if [[ $? != 0 ]]; then
- die "User aborted"
+ _failure "User aborted."
fi
if [ "$tombpasstmp" = "$tombpass" ]; then
break;
t@@ -830,7 +830,7 @@ gen_key() {
done
else
tombpass="`option_value --tomb-pwd`"
- xxx "gen_key takes tombpass from CLI argument: $tombpass"
+ _verbose "gen_key takes tombpass from CLI argument: $tombpass"
fi
header=""
t@@ -843,12 +843,12 @@ gen_key() {
if [[ "$itertime" != <-> ]]; then
unset tombpass
unset tombpasstmp
- die "Wrong argument for --kdf: must be an integer number (iteration seconds)"
+ _failure "Wrong argument for --kdf: must be an integer number (iteration seconds)."
fi
# --kdf takes one parameter: iter time (on present machine) in seconds
local -i microseconds
microseconds=$((itertime*10000))
- yes "Using KDF, iterations: $microseconds"
+ _success "Using KDF, iterations: $microseconds"
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
# We use a length of 64bytes = 512bits (more than needed!?)
t@@ -873,7 +873,7 @@ gen_key() {
# prints an array of ciphers available in gnupg (to encrypt keys)
list_gnupg_ciphers() {
# prints an error if GnuPG is not found
- which gpg > /dev/null || die "gpg (GnuPG) is not found, Tomb cannot function without it."
+ which gpg > /dev/null || _failure "gpg (GnuPG) is not found, Tomb cannot function without it."
ciphers=(`gpg --version | awk '
BEGIN { ciphers=0 }
t@@ -892,20 +892,20 @@ bury_key() {
imagefile=$1
{ is_valid_key ${tombkey} } || {
- die "Bury failed: not a tomb key $tombkey" }
+ _failure "Bury failed: not a tomb key $tombkey" }
file $imagefile | grep JPEG > /dev/null
if [ $? != 0 ]; then
- _warning "encode failed: $imagefile is not a jpeg image"
+ _warning "Encode failed: $imagefile is not a jpeg image."
return 1
fi
_success "Encoding key $tombkey inside image $imagefile"
- _message "please confirm the key password for the encoding"
+ _message "Please confirm the key password for the encoding"
tombpass=`ask_key_password $tombkey`
{ test $? = 0 } || {
_warning "Wrong password supplied."
- die "You shall not bury a key whose password is unknown to you."
+ _failure "You shall not bury a key whose password is unknown to you."
}
# we omit armor strings since having them as constants can give
t@@ -918,10 +918,10 @@ bury_key() {
| steghide embed --embedfile - --coverfile ${imagefile} \
-p ${tombpass} -z 9 -e serpent cbc
if [ $? != 0 ]; then
- _warning "encoding error: steghide reports problems"
+ _warning "Encoding error: steghide reports problems."
res=1
else
- _success "tomb key encoded succesfully into image ${imagefile}"
+ _success "Tomb key encoded succesfully into image ${imagefile}"
res=0
fi
t@@ -937,15 +937,15 @@ exhume_key() {
file $imagefile | grep JPEG > /dev/null
if [ $? != 0 ]; then
- _warning "encode failed: $imagefile is not a jpeg image"
+ _warning "Encode failed: $imagefile is not a jpeg image."
return 1
fi
if [[ -e "$tombkey" ]]; then
_warning "File exists: $tombkey"
{ option_is_set -f } || {
- _warning "Make explicit use of --force to overwrite"
- die "Refusing to overwrite file. Operation aborted." }
+ _warning "Make explicit use of --force to overwrite."
+ _failure "Refusing to overwrite file. Operation aborted." }
_warning "Use of --force selected: overwriting."
rm -f ${tombkey}
fi
t@@ -953,7 +953,7 @@ exhume_key() {
_message "Trying to exhume a key out of image $imagefile"
if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd`
- xxx "ask_key_password takes tombpass from CLI argument: $tombpass"
+ _verbose "ask_key_password takes tombpass from CLI argument: $tombpass"
else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Steg password for ${tombkey}"`
fi
t@@ -964,11 +964,11 @@ exhume_key() {
unset tombpass
if [ $res = 0 ]; then
- _success "${tombkey} succesfully decoded"
+ _success "${tombkey} succesfully decoded."
return 0
fi
- _warning "nothing found in $imagefile"
+ _warning "Nothing found in $imagefile"
return 1
}
t@@ -977,19 +977,19 @@ exhume_key() {
engrave_key() {
# load key from options
tombkey="`load_key $1`"
- { test $? = 0 } || { die "No key specified." }
+ { test $? = 0 } || { _failure "No key specified." }
keyname=`basename $tombkey`
pngname="$keyname.qr.png"
- yes "Rendering a printable QRCode for key: $tombkey"
+ _success "Rendering a printable QRCode for key: $tombkey"
# we omit armor strings to save space
awk '
/^-----/ {next}
/^Version/ {next}
{print $0}' ${tombkey} | qrencode --size 4 --level H \
--casesensitive -o "$pngname"
- { test $? = 0 } || { die "QREncode reported an error." }
- yes "Operation successful:"
+ { test $? = 0 } || { _failure "QREncode reported an error." }
+ _success "Operation successful:"
_message "`ls -lh $pngname`"
_message "`file $pngname`"
}
t@@ -1008,7 +1008,7 @@ engrave_key() {
forge_key() {
- xxx "forge_key()"
+ _verbose "forge_key()"
_check_swap
# can be specified both as simple argument or using -k
t@@ -1016,7 +1016,7 @@ forge_key() {
{ option_is_set -k } && { destkey="`option_value -k`" }
{ test "$destkey" = "" } && {
- _warning "no key name specified for creation"
+ _warning "No key name specified for creation."
return 1 }
# make sure that gnupg doesn't quits with an error before first run
t@@ -1026,18 +1026,18 @@ forge_key() {
{ test -r "$destkey" } && {
_warning "Forging this key would overwrite an existing file. Operation aborted."
- die "`ls -lh $destkey`" }
+ _failure "`ls -lh $destkey`" }
# create the keyfile in tmpfs so that we leave less traces in RAM
local keytmp=`safe_dir forge`
- (( $? )) && die "error creating temp dir"
- xxx "safe_dir at $keytmp"
+ (( $? )) && _failure "Error creating temp dir."
+ _verbose "safe_dir at $keytmp"
mount tmpfs "${keytmp}" -t tmpfs -o size=1m
if [ $? != 0 ]; then
- _warning "cannot mount tmpfs filesystem in volatile memory"
+ _warning "Cannot mount tmpfs filesystem in volatile memory."
rm -r "${keytmp}"
- die "operation aborted."
+ _failure "Operation aborted."
fi
local algo
t@@ -1048,7 +1048,7 @@ forge_key() {
local tombkey="$destkey"
- _message "this operation takes time, keep using this computer on other tasks,"
+ _message "This operation takes time, keep using this computer on other tasks,"
_message "once done you will be asked to choose a password for your tomb."
_message "To make it faster you can move the mouse around."
_message "If you are on a server, you can use an Entropy Generation Daemon."
t@@ -1060,18 +1060,18 @@ forge_key() {
random_source=/dev/urandom
fi
- xxx "Data dump using ${DD[1]} from $random_source"
+ _verbose "Data dump using ${DD[1]} from $random_source"
${=DD} bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
if ! [ -r ${keytmp}/tomb.tmp ]; then
- _warning "cannot generate encryption key"
+ _warning "Cannot generate encryption key."
umount ${keytmp}
rm -r $keytmp
- die "operation aborted."
+ _failure "Operation aborted."
fi
_success "Choose the password of your key: ${tombkey}"
- _message "(you can also change it later using 'tomb passwd')"
+ _message "(You can also change it later using 'tomb passwd'.)"
touch ${tombkey}
chown ${_uid}:${_gid} ${tombkey}
chmod 0600 ${tombkey}
t@@ -1081,13 +1081,13 @@ forge_key() {
gen_key "${keytmp}/tomb.tmp" "$algo" > ${tombkey}
# this does a check on the file header
if ! is_valid_key ${tombkey}; then
- _warning "The key does not seem to be valid"
+ _warning "The key does not seem to be valid."
_warning "Dumping contents to screen:"
cat ${tombkey}
_warning "--"
umount ${keytmp}
rm -r $keytmp
- die "operation aborted."
+ _failure "Operation aborted."
fi
${=WIPE} ${keytmp}/tomb.tmp # no need really, but anyway
t@@ -1096,7 +1096,7 @@ forge_key() {
chown ${_uid}:${_gid} ${tombkey}
- _message "done forging $tombkey"
+ _message "Done forging $tombkey"
_success "Your key is ready:"
ls -lh ${tombkey}
}
t@@ -1109,7 +1109,7 @@ dig_tomb() {
_check_swap
if ! [ $1 ]; then
- _warning "no tomb name specified for creation"
+ _warning "No tomb name specified for creation."
return 1
fi
t@@ -1124,11 +1124,11 @@ dig_tomb() {
# require the specification of the size of the tomb (-s) in MB
tombsize="`option_value -s`"
- [ $tombsize ] || die "Size argument missing, use -s"
+ [ $tombsize ] || _failure "Size argument missing, use -s"
- [[ $tombsize != <-> ]] && die "Size argument is not an integer"
+ [[ $tombsize != <-> ]] && _failure "Size argument is not an integer."
- [[ $tombsize -lt 10 ]] && die "Tombs can't be smaller than 10 megabytes"
+ [[ $tombsize -lt 10 ]] && _failure "Tombs can't be smaller than 10 megabytes."
if [ -e ${tombdir}/${tombfile} ]; then
_warning "A tomb exists already. I'm not digging here:"
t@@ -1144,17 +1144,17 @@ dig_tomb() {
chmod 0600 "${tombdir}/${tombfile}"
chown $_uid:$_gid "${tombdir}/${tombfile}"
- xxx "Data dump using ${DD[1]} from /dev/urandom"
+ _verbose "Data dump using ${DD[1]} from /dev/urandom"
${=DD} if=/dev/urandom bs=1048576 count=${tombsize} of=${tombdir}/${tombfile}
if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then
_message " `ls -lh ${tombdir}/${tombfile}`"
else
- die "Error creating the tomb ${tombdir}/${tombfile}, operation aborted."
+ _failure "Error creating the tomb ${tombdir}/${tombfile}, operation aborted."
fi
_success "Done digging $tombname"
- _message "your tomb is not yet ready, you need to forge a key and lock it:"
+ _message "Your tomb is not yet ready, you need to forge a key and lock it:"
_message "tomb forge ${tombname}.tomb.key"
_message "tomb lock ${tombname}.tomb -k ${tombname}.tomb.key"
}
t@@ -1165,8 +1165,8 @@ dig_tomb() {
# it take arguments as the LUKS cipher to be used
lock_tomb_with_key() {
if ! [ $1 ]; then
- _warning "no tomb specified for locking"
- _warning "usage: tomb lock file.tomb file.tomb.key"
+ _warning "No tomb specified for locking."
+ _warning "Usage: tomb lock file.tomb file.tomb.key"
return 1
fi
t@@ -1178,32 +1178,32 @@ lock_tomb_with_key() {
tombname=${tombfile%%\.*}
{ test -f ${tombdir}/${tombfile} } || {
- die "There is no tomb here. You have to it dig first."
+ _failure "There is no tomb here. You have to it dig first."
return 1 }
- xxx "tomb found: ${tombdir}/${tombfile}"
+ _verbose "Tomb found: ${tombdir}/${tombfile}"
nstloop=`losetup -f` # get the number for next loopback device
losetup -f ${tombdir}/${tombfile} # allocates the next loopback for our file
- xxx "loop mounted on ${nstloop}"
+ _verbose "Loop mounted on ${nstloop}"
- _message "checking if the tomb is empty (we never step on somebody else's bones)"
+ _message "Checking if the tomb is empty (we never step on somebody else's bones)."
cryptsetup isLuks ${nstloop}
if [ $? = 0 ]; then
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
- _warning "The tomb was already locked with another key"
+ _warning "The tomb was already locked with another key."
losetup -d ${nstloop}
- die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
+ _failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
else
- _message "fine, this tomb seems empty."
+ _message "Fine, this tomb seems empty."
fi
# load key from options or file
tombkey=`load_key ${tombdir}/${tombfile}`
{ test $? = 0 } || {
losetup -d $nstloop
- die "Aborting operations: error loading key $tombkey" }
+ _failure "Aborting operations: error loading key $tombkey" }
# make sure to call drop_key later
# the encryption cipher for a tomb can be set when locking using -o
t@@ -1214,48 +1214,48 @@ lock_tomb_with_key() {
# old default was aes-cbc-essiv:sha256
# for more alternatives refer to cryptsetup(8)
fi
- _message "locking using cipher: $cipher"
+ _message "Locking using cipher: $cipher"
# get the pass from the user and check it
tombpass=`ask_key_password "$tombkey"`
{ test $? = 0 } || {
losetup -d ${nstloop}
- die "No valid password supplied" }
+ _failure "No valid password supplied." }
_success "Locking ${tombfile} with ${tombkey}"
- _message "formatting Luks mapped device"
+ _message "Formatting Luks mapped device."
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - --batch-mode \
--cipher ${cipher} --key-size 256 --key-slot 0 \
luksFormat ${nstloop}
if ! [ $? = 0 ]; then
- _warning "cryptsetup luksFormat returned an error"
+ _warning "cryptsetup luksFormat returned an error."
unset tombpass
losetup -d $nstloop
- die "Operation aborted."
+ _failure "Operation aborted."
fi
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - \
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp
if ! [ $? = 0 ]; then
- _warning "cryptsetup luksOpen returned an error"
+ _warning "cryptsetup luksOpen returned an error."
unset tombpass
losetup -d $nstloop
- die "Operation aborted."
+ _failure "Operation aborted."
fi
# cleanup tombs
unset tombpass
drop_key # make sure all temp files are out
- _message "formatting your Tomb with Ext3/Ext4 filesystem"
+ _message "Formatting your Tomb with Ext3/Ext4 filesystem."
${=MKFS} ${tombname} /dev/mapper/tomb.tmp
if [ $? != 0 ]; then
- _warning "Tomb format returned an error"
- _warning "your tomb ${tombfile} may be corrupted."
+ _warning "Tomb format returned an error."
+ _warning "Your tomb ${tombfile} may be corrupted."
fi
sync
t@@ -1264,7 +1264,7 @@ lock_tomb_with_key() {
losetup -d ${nstloop}
- _message "done locking $tombname using Luks dm-crypt ${create_cipher}"
+ _message "Done locking $tombname using Luks dm-crypt ${create_cipher}"
_success "Your tomb is ready in ${tombdir}/${tombfile} and secured with key ${tombkey}"
}
t@@ -1273,33 +1273,33 @@ lock_tomb_with_key() {
change_tomb_key() {
_check_swap
- { option_is_set -k } || { die "Specify the new key with -k" }
+ { option_is_set -k } || { _failure "Specify the new key with -k" }
newkey="`option_value -k`"
{ is_valid_key "$newkey" } || {
- die "New key invalid. Check your usage of the --key option." }
+ _failure "New key invalid. Check your usage of the --key option." }
oldkey="$1"
{ is_valid_key "$oldkey" } || {
- die "Old key invalid. Check your usage of the first argument." }
+ _failure "Old key invalid. Check your usage of the first argument." }
{ is_valid_tomb "$2" } || {
- die "Specify the name of a tomb as second argument" }
+ _failure "Specify the name of a tomb as second argument." }
nstloop=`losetup -f`
{ test $? = 255 } && {
- die "Too many tombs are open. Please close any of them to proceed." }
+ _failure "Too many tombs are open. Please close any of them to proceed." }
losetup -f "$2"
cryptsetup isLuks ${nstloop}
# is it a LUKS encrypted nest? we check one more timesee cryptsetup(1)
{ test $? = 0 } || {
losetup -d "$nstloop"
- die "Not a valid LUKS encrypted volume: $2" }
+ _failure "Not a valid LUKS encrypted volume: $2" }
# we have everything, prepare to mount
- yes "Changing lock on tomb $tombname"
- _message "old key: $oldkey"
- _message "new key: $newkey"
+ _success "Changing lock on tomb $tombname"
+ _message "Old key: $oldkey"
+ _message "New key: $newkey"
# render the mapper
mapdate=`date +%s`
t@@ -1310,36 +1310,36 @@ change_tomb_key() {
# load the new key from the -k option
tombkey=`load_key`
{ test $? = 0 } || {
- die "Aborting operations: error loading new key $tombkey" }
+ _failure "Aborting operations: error loading new key $tombkey" }
newkeypass=`ask_key_password $tombkey`
{ test $? = 0 } || {
- die "No valid password supplied for the new key" }
+ _failure "No valid password supplied for the new key." }
newkeyfile="`safe_filename newkey`"
get_lukskey "$newkeypass" "$newkey" > $newkeyfile
# load the old key
oldkeypass="`ask_key_password $oldkey`"
{ test $? = 0 } || {
- die "No valid password supplied for the old key" }
+ _failure "No valid password supplied for the old key." }
# luksOpen the tomb (not really mounting, just on the loopback)
get_lukskey "$oldkeypass" "$oldkey" | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
{ test $? = 0 } || {
losetup -d "$nstloop"
- die "Unexpected error in luksOpen." }
+ _failure "Unexpected error in luksOpen." }
get_lukskey "$oldkeypass" "$oldkey" | \
cryptsetup --key-file - luksChangeKey "$nstloop" "$newkeyfile"
{ test $? = 0 } || {
losetup -d "$nstloop"
- die "Unexpected error in luksChangeKey." }
+ _failure "Unexpected error in luksChangeKey." }
cryptsetup luksClose "${mapper}"
{ test $? = 0 } || {
losetup -d "$nstloop"
- die "Unexpected error in luksClose." }
+ _failure "Unexpected error in luksClose." }
drop_key
t@@ -1347,7 +1347,7 @@ change_tomb_key() {
${=WIPE} "$newkeyfile"
losetup -d ${nstloop}
- yes "Succesfully changed key for tomb: $2"
+ _success "Succesfully changed key for tomb: $2"
_message "The new key is: $newkey"
return 0
t@@ -1355,18 +1355,18 @@ change_tomb_key() {
# backward compatibility
create_tomb() {
- xxx "create_tomb(): ${=@} ${=OLDARGS}"
+ _verbose "create_tomb(): ${=@} ${=OLDARGS}"
if ! [ $1 ]; then
- _warning "no tomb name specified for creation"
+ _warning "No tomb name specified for creation."
return 1
fi
{ test -r "$1" } && {
_warning "Creating this tomb would overwrite an existing file. Operation aborted."
- die "`ls -lh $1`" }
+ _failure "`ls -lh $1`" }
- { test $? = 0 } || { die "Failed to dig tomb, operation aborted." }
+ { test $? = 0 } || { _failure "Failed to dig tomb, operation aborted." }
tombfile=`basename $1`
t@@ -1377,12 +1377,12 @@ create_tomb() {
${TOMBEXEC} dig ${=PARAM}
${TOMBEXEC} forge ${tombdir}/${tombfile}.key
- { test $? = 0 } || { die "Failed to forge key, operation aborted." }
+ { test $? = 0 } || { _failure "Failed to forge key, operation aborted." }
${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
- { test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." }
+ { test $? = 0 } || { _failure "Failed to lock tomb with key, operation aborted." }
- yes "Tomb $tombname succesfully created"
+ _success "Tomb $tombname succesfully created."
ls -l ${tombfile}*
}
t@@ -1396,7 +1396,7 @@ mount_tomb() {
_check_swap
if ! [ ${1} ]; then
- _warning "no tomb name specified for creation"
+ _warning "No tomb name specified for creation."
return 1
fi
t@@ -1413,21 +1413,21 @@ mount_tomb() {
# check file type (if its a Luks fs)
file ${tombdir}/${tombfile} | grep -i 'luks encrypted file' 2>&1 >/dev/null
if [ $? != 0 ]; then
- _warning "$1 is not a valid tomb file, operation aborted"
+ _warning "$1 is not a valid tomb file, operation aborted."
return 1
fi
tombname=${tombfile%%\.*}
- xxx "tomb found: ${tombdir}/${tombfile}"
+ _verbose "Tomb found: ${tombdir}/${tombfile}"
# load_key called here
tombkey=`load_key ${tombdir}/${tombfile}`
{ test $? = 0 } || {
- die "Aborting operations: error loading key $tombkey" }
+ _failure "Aborting operations: error loading key $tombkey" }
if [ "$2" = "" ]; then
tombmount=/media/${tombfile}
- _message "mountpoint not specified, using default: $tombmount"
+ _message "Mountpoint not specified, using default: $tombmount"
else
tombmount=$2
fi
t@@ -1436,7 +1436,7 @@ mount_tomb() {
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
if [ $? = 0 ]; then
_warning "$tombname is already open."
- _message "here below its status is reported:"
+ _message "Here below its status is reported:"
list_tombs ${tombname}
return 0
fi
t@@ -1446,26 +1446,26 @@ mount_tomb() {
nstloop=`losetup -f`
if [ $? = 255 ]; then
- die "too many tomb opened. Please close any of them to open another tomb"
+ _failure "Too many tombs open. Please close any of them to open another tomb."
fi
- xxx "next free loop device: $nstloop"
+ _verbose "Next free loop device: $nstloop"
losetup -f ${tombdir}/${tombfile}
cryptsetup isLuks ${nstloop}
if [ $? != 0 ]; then
# is it a LUKS encrypted nest? see cryptsetup(1)
- _warning "$tombfile is not a valid Luks encrypted storage file"
+ _warning "$tombfile is not a valid Luks encrypted storage file."
losetup -d ${nstloop}
return 1
fi
- say "this tomb is a valid LUKS encrypted device"
+ _message "This tomb is a valid LUKS encrypted device."
luksdump="`cryptsetup luksDump ${nstloop}`"
tombdump=(`print $luksdump | awk '
/^Cipher name/ {print $3}
/^Cipher mode/ {print $3}
/^Hash spec/ {print $3}'`)
- say "cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
+ _message "Cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
slotwarn=`print $luksdump | awk '
BEGIN { zero=0 }
t@@ -1478,14 +1478,14 @@ mount_tomb() {
mapdate=`date +%s`
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
- xxx "dev mapper device: $mapper"
- xxx "tomb key: $tombkey"
+ _verbose "dev mapper device: $mapper"
+ _verbose "Tomb key: $tombkey"
keyname=`basename $tombkey | cut -d. -f1`
tombpass=`ask_key_password $tombkey`
{ test $? = 0 } || {
losetup -d ${nstloop}
- die "No valid password supplied" }
+ _failure "No valid password supplied." }
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
t@@ -1497,7 +1497,7 @@ mount_tomb() {
if ! [ -r /dev/mapper/${mapper} ]; then
losetup -d ${nstloop}
- die "failure mounting the encrypted file"
+ _failure "Failure mounting the encrypted file."
fi
# array: [ cipher, keysize, loopdevice ]
t@@ -1505,12 +1505,12 @@ mount_tomb() {
/cipher:/ {print $2}
/keysize:/ {print $2}
/device:/ {print $2}'`)
- yes "Success unlocking tomb $tombname"
- xxx "key size is $tombstat[2] for cipher $tombstat[1]"
+ _success "Success unlocking tomb $tombname"
+ _verbose "Key size is $tombstat[2] for cipher $tombstat[1]"
- _message "checking filesystem via $tombstat[3]"
+ _message "Checking filesystem via $tombstat[3]"
fsck -p -C0 /dev/mapper/${mapper}
- xxx "tomb engraved as $tombname"
+ _verbose "Tomb engraved as $tombname"
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
# we need root from here on
t@@ -1530,8 +1530,8 @@ mount_tomb() {
tombuid="`cat ${tombmount}/.uid`"
tomblast="`cat ${tombmount}/.last`"
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
- say "last visit by $fg_bold[white]$tombuser($tombuid)$fg_no_bold[white] from $fg_bold[white]$tombtty$fg_no_bold[white] on $fg_bold[white]$tombhost$fg_no_bold[white]"
- say "on date $fg_bold[white]`date --date @${tomblast} +%c`$fg_no_bold[white]"
+ _message "Last visit by $fg_bold[white]$tombuser($tombuid)$fg_no_bold[white] from $fg_bold[white]$tombtty$fg_no_bold[white] on $fg_bold[white]$tombhost$fg_no_bold[white]"
+ _message "on date $fg_bold[white]`date --date @${tomblast} +%c`$fg_no_bold[white]"
}
# write down the UID and TTY that opened the tomb
rm -f ${tombmount}/.uid
t@@ -1566,15 +1566,15 @@ exec_safe_bind_hooks() {
local ME=${SUDO_USER:-$(whoami)}
local HOME=$(awk -v a="$ME" -F ':' '{if ($1 == a) print $6}' /etc/passwd 2>/dev/null)
if [ $? -ne 0 ]; then
- _warning "how pitiful! A tomb, and no HOME"
+ _warning "How pitiful! A tomb, and no HOME."
return 1
fi
if [ -z "$MOUNTPOINT" -o ! -d "$MOUNTPOINT" ]; then
- _warning "cannot exec bind hooks without a mounted tomb."
+ _warning "Cannot exec bind hooks without a mounted tomb."
return 1
fi
if ! [ -r "$MOUNTPOINT/bind-hooks" ]; then
- xxx "bind-hooks not found in $MOUNTPOINT"
+ _verbose "bind-hooks not found in $MOUNTPOINT"
return 1
fi
typeset -al mounted
t@@ -1613,7 +1613,7 @@ exec_safe_post_hooks() {
# make encrypted executables.
cat ${mnt}/post-hooks | head -n1 | grep '^#!/'
if [ $? = 0 ]; then
- _success "post hooks found, executing as user $SUDO_USER"
+ _success "Post hooks found, executing as user $SUDO_USER."
exec_as_user ${mnt}/post-hooks "$2" "$1"
fi
}
t@@ -1629,7 +1629,7 @@ list_tombs() {
# list all open tombs
mounted_tombs=(`list_tomb_mounts $1`)
{ test ${#mounted_tombs} = 0 } && {
- die "I can't see any ${1:-open} tomb, may they all rest in peace." }
+ _failure "I can't see any ${1:-open} tomb, may they all rest in peace." }
for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}`
t@@ -1759,7 +1759,7 @@ BEGIN { main="" }
# needs an argument: name of tomb whose hooks belong
list_tomb_binds() {
if [ "$1" = "" ]; then
- _failure "internal error: list_tomb_binds called without argument."; fi
+ _failure "Internal error: list_tomb_binds called without argument."; fi
# list bind hooks on util-linux 2.20 (Debian 7)
mount -l \
t@@ -1791,30 +1791,30 @@ BEGIN { main="" }
# $1 is optional, to specify a tomb
index_tombs() {
{ command -v updatedb > /dev/null } || {
- die "Cannot index tombs on this system: updatedb (mlocate) not installed" }
+ _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
updatedbver=`updatedb --version | grep '^updatedb'`
[[ "$updatedbver" =~ "GNU findutils" ]] && {
- _warning "Cannot use GNU findutils for index/search commands" }
+ _warning "Cannot use GNU findutils for index/search commands." }
[[ "$updatedbver" =~ "mlocate" ]] || {
- die "Index command needs 'mlocate' to be installed." }
+ _failure "Index command needs 'mlocate' to be installed." }
- xxx "$updatedbver"
+ _verbose "$updatedbver"
mounted_tombs=(`list_tomb_mounts $1`)
{ test ${#mounted_tombs} = 0 } && {
- if [ $1 ]; then die "There seems to be no open tomb engraved as [$1]"
- else die "I can't see any open tomb, may they all rest in peace."
+ if [ $1 ]; then _failure "There seems to be no open tomb engraved as [$1]"
+ else _failure "I can't see any open tomb, may they all rest in peace."
fi
}
- yes "Creating and updating search indexes"
+ _success "Creating and updating search indexes."
# start the LibreOffice document converter if installed
{ command -v unoconv >/dev/null } && {
unoconv -l 2>/dev/null &
- xxx "unoconv listener launched"
+ _verbose "unoconv listener launched."
sleep 1 }
for t in ${mounted_tombs}; do
t@@ -1822,14 +1822,14 @@ index_tombs() {
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
{ test -r ${tombmount}/.noindex } && {
- say "skipping $tombname (.noindex found)"
+ _message "Skipping $tombname (.noindex found)."
continue }
- say "indexing $tombname filenames..."
+ _message "Indexing $tombname filenames..."
updatedb -l 0 -o ${tombmount}/.updatedb -U ${tombmount}
# here we use swish to index file contents
{ test $SWISH = 1 } && {
- say "indexing $tombname contents..."
+ _message "Indexing $tombname contents..."
swishrc=`safe_filename swish`
cat <<EOF > $swishrc
t@@ -1898,55 +1898,55 @@ IndexContents HTML* .htm .html .shtml
IndexContents XML* .xml
EOF
- xxx "Using swish-e to create index"
+ _verbose "Using swish-e to create index."
swish-e -c $swishrc -S fs -v3
rm -f $swishrc
}
- say "search index updated"
+ _message "Search index updated."
done
}
search_tombs() {
{ command -v locate > /dev/null } || {
- die "Cannot index tombs on this system: updatedb (mlocate) not installed" }
+ _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
updatedbver=`updatedb --version | grep '^updatedb'`
[[ "$updatedbver" =~ "GNU findutils" ]] && {
- _warning "Cannot use GNU findutils for index/search commands" }
+ _warning "Cannot use GNU findutils for index/search commands." }
[[ "$updatedbver" =~ "mlocate" ]] || {
- die "Index command needs 'mlocate' to be installed." }
+ _failure "Index command needs 'mlocate' to be installed." }
- xxx "$updatedbver"
+ _verbose "$updatedbver"
# list all open tombs
mounted_tombs=(`list_tomb_mounts`)
if [ ${#mounted_tombs} = 0 ]; then
- die "I can't see any open tomb, may they all rest in peace."; fi
+ _failure "I can't see any open tomb, may they all rest in peace."; fi
- yes "Searching for: $fg_bold[white]${(f)@}$fg_no_bold[white]"
+ _success "Searching for: $fg_bold[white]${(f)@}$fg_no_bold[white]"
for t in ${mounted_tombs}; do
- xxx "checking for index: ${t}"
+ _verbose "Checking for index: ${t}"
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
if [ -r ${tombmount}/.updatedb ]; then
# use mlocate to search hits on filenames
- say "Searching filenames in tomb $tombname"
+ _message "Searching filenames in tomb $tombname"
locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
- say "Matches found: `locate -d ${tombmount}/.updatedb -e -i -c ${(f)@}`"
+ _message "Matches found: `locate -d ${tombmount}/.updatedb -e -i -c ${(f)@}`"
# use swish-e to search over contents
{ test $SWISH = 1 } && { test -r $tombmount/.swish } && {
- say "Searching contents in tomb $tombname"
+ _message "Searching contents in tomb $tombname"
swish-search -w ${=@} -f $tombmount/.swish -H0 }
else
- no "skipping tomb $tombname: not indexed"
- no "run 'tomb index' to create indexes"
+ _warning "Skipping tomb $tombname: not indexed."
+ _warning "Run 'tomb index' to create indexes."
fi
done
- say "Search completed."
+ _message "Search completed."
}
# }}} - Index and search
t@@ -1955,9 +1955,9 @@ search_tombs() {
# resize tomb file size
resize_tomb() {
- _message "Commanded to resize tomb $1 to $opts[-s] megabytes"
+ _message "Commanded to resize tomb $1 to $opts[-s] megabytes."
if ! [ $1 ]; then
- _failure "No tomb name specified for resizing"
+ _failure "No tomb name specified for resizing."
elif ! [ -r "$1" ]; then
_failure "Cannot find $1"
fi
t@@ -1965,7 +1965,7 @@ resize_tomb() {
local newtombsize="`option_value -s`"
{ test "$newtombsize" = "" } && {
- die "Aborting operations: new size was not specified, use -s" }
+ _failure "Aborting operations: new size was not specified, use -s" }
local c tombpass tombkey
t@@ -1977,29 +1977,29 @@ resize_tomb() {
local tombkey="`load_key ${tombdir}/${tombfile}`"
# make sure to call drop_key later
{ test -r "$tombkey" } || {
- die "Aborting operations: key not found, use -k" }
+ _failure "Aborting operations: key not found, use -k" }
local oldtombsize=$(( `stat -c %s "$1" 2>/dev/null` / 1048576 ))
local mounted_tomb=`mount -l |
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
if [ "$mounted_tomb" ]; then
- _failure "the tomb $tombname is open, to resize it it needs to be close."
+ _failure "The tomb $tombname is open, to resize it it needs to be closed."
fi
if ! [ "$newtombsize" ] ; then
_failure "You must specify the new size of $tombname"
elif [[ $newtombsize != <-> ]]; then
- _failure "Size is not an integer"
+ _failure "Size is not an integer."
elif [ "$newtombsize" -le "$oldtombsize" ]; then
- _failure "the new size must be greater then old tomb size."
+ _failure "The new size must be greater then old tomb size."
fi
delta="$(( $newtombsize - $oldtombsize ))"
act "Generating ${tombfile} of ${newtombsize}MiB"
- xxx "Data dump using ${DD[1]} from /dev/urandom"
+ _verbose "Data dump using ${DD[1]} from /dev/urandom"
${=DD} if=/dev/urandom bs=1048576 count=${delta} >> ${tombdir}/${tombfile}
{ test $? = 0 } || {
t@@ -2007,11 +2007,11 @@ resize_tomb() {
tombpass=`ask_key_password $tombkey`
{ test $? = 0 } || {
- die "No valid password supplied" }
+ _failure "No valid password supplied." }
local nstloop=`losetup -f`
if [ $? = 255 ]; then
- _failure "too many tomb opened. Please close any of them to open another tomb"
+ _failure "Too many tombs opened. Please close any of them to open another tomb."
fi
losetup -f ${tombdir}/${tombfile}
t@@ -2027,7 +2027,7 @@ resize_tomb() {
if ! [ -r /dev/mapper/${mapper} ]; then
losetup -d ${nstloop}
- _failure "failure mounting the encrypted file"
+ _failure "Failure mounting the encrypted file."
fi
cryptsetup resize "${mapper}"
t@@ -2073,7 +2073,7 @@ umount_tomb() {
fi
{ test ${#mounted_tombs} = 0 } && {
- _warning "There is no open tomb to be closed"
+ _warning "There is no open tomb to be closed."
return 1 }
{ test ${#mounted_tombs} -gt 1 } && { test "$1" = "" } && {
t@@ -2081,7 +2081,7 @@ umount_tomb() {
_warning "or issue the command 'tomb close all' to close them all."
return 1 }
- say "Tomb close $1"
+ _message "Tomb close $1"
for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}`
t@@ -2091,9 +2091,9 @@ umount_tomb() {
tombfsopts=${t[(ws:;:)4]}
tombloop=${mapper[(ws:.:)4]}
- xxx "name: $tombname"
- xxx "mount: $tombmount"
- xxx "mapper: $mapper"
+ _verbose "Name: $tombname"
+ _verbose "Mount: $tombmount"
+ _verbose "Mapper: $mapper"
{ test -e "$mapper" } && {
_warning "Tomb not found: $1"
t@@ -2102,13 +2102,13 @@ umount_tomb() {
if [ $SLAM ]; then
_success "Slamming tomb $tombname mounted on $tombmount"
- _message "Kill all processes busy inside the tomb"
+ _message "Kill all processes busy inside the tomb."
if ! slam_tomb "$tombmount"; then
_warning "Cannot slam the tomb $tombname"
return 1
fi
else
- say "Closing tomb $tombname mounted on $tombmount"
+ _message "Closing tomb $tombname mounted on $tombmount"
fi
# check if there are binded dirs and close them
t@@ -2116,11 +2116,11 @@ umount_tomb() {
for b in ${bind_tombs}; do
bind_mapper="${b[(ws:;:)1]}"
bind_mount="${b[(ws:;:)2]}"
- _message "closing tomb bind hook: $bind_mount"
+ _message "Closing tomb bind hook: $bind_mount"
umount $bind_mount
if [[ $? != 0 ]]; then
if [ $SLAM ]; then
- _success "Slamming tomb: killing all processes using this hook"
+ _success "Slamming tomb: killing all processes using this hook."
slam_tomb "$bind_mount"
if [[ $? == 1 ]]; then
_warning "Cannot slam the bind hook $bind_mount"
t@@ -2138,7 +2138,7 @@ umount_tomb() {
exec_safe_post_hooks ${tombmount%%/} close
fi
- xxx "performing umount of $tombmount"
+ _verbose "Performing umount of $tombmount"
umount ${tombmount}
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
else
t@@ -2149,7 +2149,7 @@ umount_tomb() {
cryptsetup luksClose $mapper
{ test $? = 0 } || {
- _warning "error occurred in cryptsetup luksClose ${mapper}"
+ _warning "Error occurred in cryptsetup luksClose ${mapper}"
return 1 }
losetup -d "/dev/$tombloop"
t@@ -2169,11 +2169,11 @@ slam_tomb() {
fi
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
for s in TERM HUP KILL; do
- xxx "Sending $s to processes inside the tomb:"
+ _verbose "Sending $s to processes inside the tomb:"
if option_is_set -D; then
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
while read line; do
- xxx $line
+ _verbose $line
done
fi
fuser -s -m "$1" -k -M -$s
t@@ -2266,7 +2266,7 @@ main() {
fi
unset discardme
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
- die "error parsing"
+ _failure "Error parsing."
return 127
fi
unset discardme
t@@ -2277,8 +2277,8 @@ main() {
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
_warning "There's no such command \"$subcommand\"."
- _failure "Please try -h for help" 127
-# die "Subcommand '$subcommand' doesn't exist" 127
+ _failure "Please try -h for help." 127
+# _failure "Subcommand '$subcommand' doesn't exist" 127
fi
argv=(${oldstar})
unset oldstar
t@@ -2291,7 +2291,7 @@ main() {
zparseopts -M -E -D -Aopts ${cmd_opts}
if [[ $? != 0 ]]; then
_warning "Some error occurred during option processing."
- die "See \"tomb help\" for more info" 127
+ _failure "See \"tomb help\" for more info." 127
fi
fi
#build PARAM (array of arguments) and check if there are unrecognized options
t@@ -2303,7 +2303,7 @@ main() {
continue #it shouldnt be appended to PARAM
elif [[ $arg[1] == '-' ]]; then
if [[ $ok == 0 ]]; then
- die "unrecognized option $arg for subcommand $subcommand" 127
+ _failure "Unrecognized option $arg for subcommand $subcommand" 127
fi
fi
PARAM+=$arg
t@@ -2320,7 +2320,7 @@ main() {
if ! option_is_set --unsecure-dev-mode; then
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
if option_is_set $opt; then
- die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
+ _failure "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
fi
done
fi
t@@ -2331,8 +2331,8 @@ main() {
if option_is_set -G; then _gid="`option_value -G`"; fi
if option_is_set -T; then _tty="`option_value -T`"; fi
- xxx "Tomb command: $subcommand ${PARAM}"
- xxx "caller uid[$_uid] gid[$_gid] tty[$_tty]"
+ _verbose "Tomb command: $subcommand ${PARAM}"
+ _verbose "Caller: uid[$_uid], gid[$_gid], tty[$_tty]."
case "$subcommand" in
t@@ -2356,7 +2356,7 @@ main() {
engrave)
{ test "$QRENCODE" = 0 } && {
- die "QREncode not installed: cannot engrave keys on paper." }
+ _failure "QREncode not installed: cannot engrave keys on paper." }
engrave_key ${=PARAM}
;;
t@@ -2394,17 +2394,17 @@ main() {
;;
bury)
{ test "$STEGHIDE" = 0 } && {
- die "Steghide not installed: cannot bury keys into images." }
+ _failure "Steghide not installed: cannot bury keys into images." }
bury_key $PARAM[1]
;;
exhume)
{ test "$STEGHIDE" = 0 } && {
- die "Steghide not installed: cannot exhume keys from images." }
+ _failure "Steghide not installed: cannot exhume keys from images." }
exhume_key $PARAM[1]
;;
resize)
{ test "$RESIZER" = 0 } && {
- die "Resize2fs not installed: cannot resize tombs." }
+ _failure "Resize2fs not installed: cannot resize tombs." }
check_priv
resize_tomb $PARAM[1]
;;
t@@ -2444,8 +2444,8 @@ EOF
usage
;;
*)
- _warning "command \"$subcommand\" not recognized"
- _message "try -h for help"
+ _warning "Command \"$subcommand\" not recognized."
+ _message "Try -h for help."
return 1
;;
esac