URI: 
       twhitespace cleanup - tomb - the crypto undertaker
  HTML git clone git://parazyd.org/tomb.git
   DIR Log
   DIR Files
   DIR Refs
   DIR README
   DIR LICENSE
       ---
   DIR commit c20ca3a9209afd0f469f91951a9b111f28eaecfe
   DIR parent 37792ffdc5fd5d697b7e4df11428689234d361d2
  HTML Author: Jaromil <jaromil@dyne.org>
       Date:   Sat, 25 May 2013 15:05:21 +0200
       
       whitespace cleanup
       
       Diffstat:
         M tomb                                |     666 ++++++++++++++++----------------
       
       1 file changed, 333 insertions(+), 333 deletions(-)
       ---
   DIR diff --git a/tomb b/tomb
       t@@ -60,11 +60,11 @@ option_is_set() {
            [[ -n ${(k)opts[$1]} ]];
            r=$?
            if [[ $2 == out ]]; then
       -        if [[ $r == 0 ]]; then
       -            echo 'set'
       -        else
       -            echo 'unset'
       -        fi
       +        if [[ $r == 0 ]]; then
       +            echo 'set'
       +        else
       +            echo 'unset'
       +        fi
            fi
            return $r;
        }
       t@@ -159,7 +159,7 @@ progress() {
            #          progress create 90 formatting the tomb
            #          progress create 100 tomb created successfully
            if ! option_is_set --batch; then
       -        return
       +        return
            fi
            print "[m][P][$1][$2][$3]" >&2
        
       t@@ -184,8 +184,8 @@ check_bin() {
        
            # check for filesystem creation progs
            command -v mkfs.ext4 > /dev/null && \
       -        MKFS="mkfs.ext4 -q -F -j -L" || \
       -        MKFS="mkfs.ext3 -q -F -j -L"
       +        MKFS="mkfs.ext4 -q -F -j -L" || \
       +        MKFS="mkfs.ext3 -q -F -j -L"
        
            # check for mktemp
            command -v mktemp > /dev/null || MKTEMP=0
       t@@ -193,17 +193,17 @@ check_bin() {
            command -v steghide > /dev/null || STEGHIDE=0
            # check for resize
            command -v e2fsck resize2fs > /dev/null || RESIZER=0
       -    
       +
            if which tomb-kdf-pbkdf2 &> /dev/null; then
       -        KDF_PBKDF2="tomb-kdf-pbkdf2"
       +        KDF_PBKDF2="tomb-kdf-pbkdf2"
            else
       -        local our_pbkdf2
       -        our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
       -        if which $our_pbkdf2 &> /dev/null; then
       -            KDF_PBKDF2=$our_pbkdf2
       -        else
       -            KDF_PBKDF2=
       -        fi
       +        local our_pbkdf2
       +        our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
       +        if which $our_pbkdf2 &> /dev/null; then
       +            KDF_PBKDF2=$our_pbkdf2
       +        else
       +            KDF_PBKDF2=
       +        fi
            fi
        
        }
       t@@ -252,7 +252,7 @@ safe_dir() {
                    return 0
                else
                    _warning "WARNING: we cannot ensure we're running in RAM."
       -                  xxx "Wait a bit before retrying... (attempt $tries)"
       +                  xxx "Wait a bit before retrying... (attempt $tries)"
                    sync && sleep 0.5
                fi
            done
       t@@ -308,7 +308,7 @@ SETPROMPT Password:
        GETPIN
        EOF`
            if [[ `tail -n1 <<<$output` =~ ERR ]]; then
       -        return 1
       +        return 1
            fi
            head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
            return 0
       t@@ -336,7 +336,7 @@ check_priv() {
                sudok=false
        #     sudo -n ${TOMBEXEC} &> /dev/null
                if ! option_is_set --sudo-pwd; then
       -            if [ $? != 0 ]; then # if not then ask a password
       +            if [ $? != 0 ]; then # if not then ask a password
                        cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
        OPTION ttyname=$TTY
        OPTION lc-ctype=$LANG
       t@@ -345,30 +345,30 @@ SETDESC Sudo execution of Tomb ${OLDARGS[@]}
        SETPROMPT Insert your USER password:
        GETPIN
        EOF
       -            fi
       +            fi
                else
       -            _verbose "Escalating privileges using sudo-pwd"
       -            sudo -S -v <<<`option_value --sudo-pwd`
       +            _verbose "Escalating privileges using sudo-pwd"
       +            sudo -S -v <<<`option_value --sudo-pwd`
                fi
                sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
                exit $?
            fi # are we root already
        
            # make sure necessary kernel modules are loaded
       -    modprobe dm_crypt 
       -    
       +    modprobe dm_crypt
       +
            return 0
        }
        # }}}
        check_command() {
            #generic checks; useful for interaction, to check if there are problems
            #before wasting user's time
       -    
       +
            if ! option_is_set --ignore-swap && ! option_is_set -f; then
       -        if ! check_swap; then
       -            error "Swap activated. Disable it with swapoff, or use --ignore-swap"
       -            exit 1
       -        fi
       +        if ! check_swap; then
       +            error "Swap activated. Disable it with swapoff, or use --ignore-swap"
       +            exit 1
       +        fi
            fi
        }
        
       t@@ -464,22 +464,22 @@ EOF
        
            cat $TOMBEXEC | awk '
        /(_verbose|xxx) ".*"$/ { sub( /^(_verbose|xxx)/ , "");
       -                 print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
       +                 print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
        
        /(_success|yes) ".*"$/ { sub( /^(_success|yes)/ , "");
       -                 print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
       +                 print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
        
        /(_warning|no) ".*"$/ { sub( /^(_warning|no)/ , "");
       -                 print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
       +                 print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
        
        /(_failure|die) ".*"$/ { sub( /^(_failure|die)/ , "");
       -                 print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
       +                 print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
        
        /(_message|say) ".*"$/ { sub( /^(_message|say)/ , "");
       -              print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
       +              print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
        
        /(_message -n|act) ".*"$/ { sub( /^(_message -n|act)/ , "");
       -              print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
       +              print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
        '
        }
        # }}}
       t@@ -554,8 +554,8 @@ decode_key() {
        
            keyfile=${tombname%%\.*}.tomb.key
            if [[ -e "$keyfile" ]]; then
       -        _warning "Key file $keyfile already exist."
       -        return 1
       +        _warning "Key file $keyfile already exist."
       +        return 1
            fi
            _message "Trying to exhume a key out of image $imagefile"
            for c in 1 2 3; do
       t@@ -612,7 +612,7 @@ BEGIN { ciphers=0 }
        
        exec_safe_bind_hooks() {
            if [[ -n ${(k)opts[-o]} ]]; then
       -        MOUNTOPTS=${opts[-o]}
       +        MOUNTOPTS=${opts[-o]}
            fi
            local MOUNTPOINT="${1}"
            local ME=${SUDO_USER:-$(whoami)}
       t@@ -685,8 +685,8 @@ forge_key() {
            _message "Commanded to forge key $1"
        
            if ! [ $1 ]; then
       -          _warning "no key name specified for creation"
       -        return 1
       +          _warning "no key name specified for creation"
       +        return 1
            fi
        
            # if swap is on, we remind the user about possible data leaks to disk
       t@@ -702,7 +702,7 @@ forge_key() {
            if [ $? != 0 ]; then
                _warning "cannot mount tmpfs filesystem in volatile memory"
                rm -r "${keytmp}"
       -        die "operation aborted." 
       +        die "operation aborted."
            fi
        
            tombkey="$1"
       t@@ -716,19 +716,19 @@ forge_key() {
            chmod 0600 ${keytmp}/tomb.tmp
            random_source=/dev/random
            if option_is_set --use-urandom; then
       -        random_source=/dev/urandom
       +        random_source=/dev/urandom
            fi
        
            if [[ $DD = "dcfldd" ]]; then
       -        $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
       +        $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
            else
       -        $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
       +        $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
            fi
            if ! [ -r ${keytmp}/tomb.tmp ]; then
                _warning "cannot generate encryption key"
                umount ${keytmp}
                rm -r $keytmp
       -        die "operation aborted." 
       +        die "operation aborted."
            fi
        
            _success "Choose the password of your key: ${tombkey}"
       t@@ -742,18 +742,18 @@ forge_key() {
            gen_key ${keytmp}/tomb.tmp > ${tombkey}
        
            # this does a check on the file header, virtuosism by hellekin
       -    # [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]    
       +    # [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
            if ! is_valid_key ${tombkey}; then
       -        _warning "The key does not seem to be valid"
       +        _warning "The key does not seem to be valid"
                _warning "Dumping contents to screen:"
                cat ${tombkey}
                _warning "--"
                umount ${keytmp}
                rm -r $keytmp
       -        die "operation aborted." 
       +        die "operation aborted."
            fi
        
       -    ${=WIPE} ${keytmp}/tomb.tmp # no need really, but anyway    
       +    ${=WIPE} ${keytmp}/tomb.tmp # no need really, but anyway
            umount ${keytmp}
            rm -r ${keytmp}
        
       t@@ -774,8 +774,8 @@ dig_tomb() {
            if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
        
            if ! [ $1 ]; then
       -        _warning "no tomb name specified for creation"
       -        return 1
       +        _warning "no tomb name specified for creation"
       +        return 1
            fi
        
        
       t@@ -798,7 +798,7 @@ dig_tomb() {
                _warning " `ls -lh ${tombdir}/${tombfile}`"
                return 1
            fi
       -    
       +
            _success "Creating a new tomb in ${tombdir}/${tombfile}"
        
        
       t@@ -813,7 +813,7 @@ dig_tomb() {
            if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then
                _message " `ls -lh ${tombdir}/${tombfile}`"
            else
       -        die "Error creating the tomb ${tombdir}/${tombfile}, operation aborted." 
       +        die "Error creating the tomb ${tombdir}/${tombfile}, operation aborted."
            fi
        
            _success "Done digging $tombname"
       t@@ -827,9 +827,9 @@ dig_tomb() {
        # it take arguments as the LUKS cipher to be used
        lock_tomb_with_key() {
            if ! [ $1 ]; then
       -        _warning "no tomb specified for locking"
       +        _warning "no tomb specified for locking"
                _warning "usage: tomb lock file.tomb file.tomb.key"
       -        return 1
       +        return 1
            fi
        
            tombfile=`basename $1`
       t@@ -853,10 +853,10 @@ lock_tomb_with_key() {
            xxx "loop mounted on ${nstloop}"
        
            _message "checking if the tomb is empty (we never step on somebody else's bones)"
       -        cryptsetup isLuks ${nstloop}
       +        cryptsetup isLuks ${nstloop}
            if [ $? = 0 ]; then
       -        # is it a LUKS encrypted nest? then bail out and avoid reformatting it
       -        _warning "The tomb was already locked with another key"
       +        # is it a LUKS encrypted nest? then bail out and avoid reformatting it
       +        _warning "The tomb was already locked with another key"
                losetup -d ${nstloop}
                die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
            else
       t@@ -873,11 +873,11 @@ lock_tomb_with_key() {
                    tombkey=${tombkeydir}/stdin.tmp
                else
                    # take key from a file
       -            tombkey=`option_value -k`
       +            tombkey=`option_value -k`
                fi
            else
                # guess key as lying besides the tomb
       -        tombkey=${tombdir}/${tombname}.tomb.key
       +        tombkey=${tombdir}/${tombname}.tomb.key
            fi
        
            if [ -r "${tombkey}" ]; then
       t@@ -892,13 +892,13 @@ lock_tomb_with_key() {
            # [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
            if ! is_valid_key ${tombkey}; then
                _warning "The key seems invalid, the application/pgp header is missing"
       -        losetup -d ${nstloop}
       +        losetup -d ${nstloop}
                die "Operation aborted."
       -    fi            
       +    fi
        
            # the encryption cipher for a tomb can be set at creation using -o
       -    if option_is_set -o; then 
       -        cipher="`option_value -o`"
       +    if option_is_set -o; then
       +        cipher="`option_value -o`"
            else
                cipher="aes-cbc-essiv:sha256"
            fi
       t@@ -908,20 +908,20 @@ lock_tomb_with_key() {
            _message "a password is required to use key ${keyname}"
            local passok=0
            if option_is_set --tomb-pwd; then
       -            tombpass=`option_value --tomb-pwd`
       -    else        
       +            tombpass=`option_value --tomb-pwd`
       +    else
                for c in 1 2 3; do
                    if [ $c = 1 ]; then
       -                tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
       +                tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
                    else
       -                tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
       +                tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
                    fi
       -            if [[ $? != 0 ]]; then
       -                losetup -d ${nstloop}                
       -                die "User aborted"
       -            fi
       -            
       -            get_lukskey "${tombpass}" ${tombkey} >/dev/null
       +            if [[ $? != 0 ]]; then
       +                losetup -d ${nstloop}
       +                die "User aborted"
       +            fi
       +
       +            get_lukskey "${tombpass}" ${tombkey} >/dev/null
                     if [ $? = 0 ]; then
                        passok=1; _message "Password OK."
                        break;
       t@@ -930,7 +930,7 @@ lock_tomb_with_key() {
            fi
            if [ "$passok" = "0" ]; then
                _warning "Password incorrect"
       -        losetup -d $nstloop        
       +        losetup -d $nstloop
                die "Operation aborted."
            fi
        
       t@@ -947,12 +947,12 @@ lock_tomb_with_key() {
                losetup -d $nstloop
                die "Operation aborted."
            fi
       -    
       -    
       -    
       +
       +
       +
            get_lukskey "${tombpass}" ${tombkey} | \
                cryptsetup --key-file - \
       -        --cipher ${cipher} luksOpen ${nstloop} tomb.tmp    
       +        --cipher ${cipher} luksOpen ${nstloop} tomb.tmp
            if ! [ $? = 0 ]; then
                _warning "cryptsetup luksOpen returned an error"
                unset tombpass
       t@@ -984,10 +984,10 @@ lock_tomb_with_key() {
        # backward compatibility
        create_tomb() {
            if ! [ $1 ]; then
       -        _warning "no tomb name specified for creation"
       -        return 1
       +        _warning "no tomb name specified for creation"
       +        return 1
            fi
       -    
       +
            dig_tomb ${=PARAM}
            { test $? = 0 } || { die "Failed to dig tomb, operation aborted." }
        
       t@@ -996,13 +996,13 @@ create_tomb() {
            # make sure the file has a .tomb extension
            tombname=${tombfile%%\.*}
            tombfile=${tombname}.tomb
       -    
       +
            forge_key ${tombfile}.key
            { test $? = 0 } || { die "Failed to forge key, operation aborted." }
        
            lock_tomb_with_key ${tombfile} -l ${tombfile}.key
            { test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." }
       -    
       +
            yes "Tomb $tombname succesfully created"
            ls -l ${tombfile}*
        }
       t@@ -1023,25 +1023,25 @@ get_lukskey() {
            firstline=`head -n1 $keyfile`
            xxx "get_lukskey XXX $keyfile"
            if [[ $firstline =~ '^_KDF_' ]]; then
       -        _verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
       -        case `cut -d_ -f 3 <<<$firstline` in
       -            pbkdf2sha1)
       -                if [[ -z $KDF_PBKDF2 ]]; then
       -                    die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
       -                fi
       -                pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
       -                tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
       -                ;;
       -            *)
       -                _failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
       -                unset tombpass
       -                return 1
       -                ;;
       -        esac
       +        _verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
       +        case `cut -d_ -f 3 <<<$firstline` in
       +            pbkdf2sha1)
       +                if [[ -z $KDF_PBKDF2 ]]; then
       +                    die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
       +                fi
       +                pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
       +                tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
       +                ;;
       +            *)
       +                _failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
       +                unset tombpass
       +                return 1
       +                ;;
       +        esac
            fi
            print ${tombpass} | \
                gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \
       -        -d "${keyfile}" 2> /dev/null 
       +        -d "${keyfile}" 2> /dev/null
            ret=$?
            xxx "gpg decryption returns $ret"
            unset tombpass
       t@@ -1057,29 +1057,29 @@ gen_key() {
            local tombpass=""
            local tombpasstmp=""
            if ! option_is_set --tomb-pwd; then
       -        while true; do
       -            # 3 tries to write two times a matching password
       -            tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
       -            if [[ $? != 0 ]]; then
       -                die "User aborted"
       -            fi
       -            if [ -z $tombpass ]; then
       -                _warning "you set empty password, which is not possible"
       -                continue
       -            fi
       -            tombpasstmp=$tombpass
       -            tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
       -            if [[ $? != 0 ]]; then
       -                die "User aborted"
       -            fi
       -            if [ "$tombpasstmp" = "$tombpass" ]; then
       -                break;
       -            fi
       -            unset tombpasstmp
       -            unset tombpass
       -        done
       +        while true; do
       +            # 3 tries to write two times a matching password
       +            tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
       +            if [[ $? != 0 ]]; then
       +                die "User aborted"
       +            fi
       +            if [ -z $tombpass ]; then
       +                _warning "you set empty password, which is not possible"
       +                continue
       +            fi
       +            tombpasstmp=$tombpass
       +            tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
       +            if [[ $? != 0 ]]; then
       +                die "User aborted"
       +            fi
       +            if [ "$tombpasstmp" = "$tombpass" ]; then
       +                break;
       +            fi
       +            unset tombpasstmp
       +            unset tombpass
       +        done
            else
       -        tombpass=`option_value --tomb-pwd`
       +        tombpass=`option_value --tomb-pwd`
            fi
        
        
       t@@ -1088,40 +1088,40 @@ gen_key() {
            _verbose "KDF method chosen is: '`option_value --kdf`'"
            kdf_method=$(cut -d: -f1 <<<`option_value --kdf` )
            case $kdf_method in
       -        pbkdf2)
       -            if [[ -z $KDF_PBKDF2 ]]; then
       -                die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
       -            fi
       -            # --kdf takes one parameter: iter time (on present machine) in seconds
       -            seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
       -            if [[ -z $seconds ]]; then
       -                seconds=1
       -            fi
       -            local -i microseconds
       -            microseconds=$((seconds*1000000))
       -            _verbose "Microseconds: $microseconds"
       -            pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
       -            pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
       -            # We use a length of 64bytes = 512bits (more than needed!?)
       -            tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
       -           
       -            header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
       -            ;;
       -        ""|null)
       -        
       -            header=""
       -            ;;
       -        *)
       -            _warning "KDF method non recognized"
       -            return 1
       -            header=""
       -            ;;
       +        pbkdf2)
       +            if [[ -z $KDF_PBKDF2 ]]; then
       +                die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
       +            fi
       +            # --kdf takes one parameter: iter time (on present machine) in seconds
       +            seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
       +            if [[ -z $seconds ]]; then
       +                seconds=1
       +            fi
       +            local -i microseconds
       +            microseconds=$((seconds*1000000))
       +            _verbose "Microseconds: $microseconds"
       +            pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
       +            pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
       +            # We use a length of 64bytes = 512bits (more than needed!?)
       +            tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
       +
       +            header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
       +            ;;
       +        ""|null)
       +
       +            header=""
       +            ;;
       +        *)
       +            _warning "KDF method non recognized"
       +            return 1
       +            header=""
       +            ;;
            esac
            echo -n $header
        
            print "${tombpass}" \
                | gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
       -        -o - -c -a ${lukskey}
       +        -o - -c -a ${lukskey}
        
            unset tombpass
        }
       t@@ -1136,8 +1136,8 @@ mount_tomb() {
            if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
        
            if ! [ ${1} ]; then
       -        _warning "no tomb name specified for creation"
       -        return 1
       +        _warning "no tomb name specified for creation"
       +        return 1
            fi
        
        
       t@@ -1168,11 +1168,11 @@ mount_tomb() {
                    tombkey=${tombkeydir}/stdin.tmp
                else
                    # take key from a file
       -            tombkey=`option_value -k`
       +            tombkey=`option_value -k`
                fi
            else
                # guess key as lying besides the tomb
       -        tombkey=${tombdir}/${tombfile}.key
       +        tombkey=${tombdir}/${tombfile}.key
            fi
            if ! [ -r ${tombkey} ]; then
                _warning "key file not found: ${tombkey}"
       t@@ -1181,11 +1181,11 @@ mount_tomb() {
            fi
        
            if ! [ $2 ]; then
       -        tombmount=/media/${tombfile}
       -        _message "mountpoint not specified, using default: $tombmount"
       +        tombmount=/media/${tombfile}
       +        _message "mountpoint not specified, using default: $tombmount"
            elif ! [ -x $2 ]; then
       -        _warning "mountpoint $2 doesn't exist, operation aborted."
       -        return 1
       +        _warning "mountpoint $2 doesn't exist, operation aborted."
       +        return 1
            else
                tombmount=$2
            fi
       t@@ -1193,7 +1193,7 @@ mount_tomb() {
            # check if its already open
            mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
            if [ $? = 0 ]; then
       -        _warning "$tombname is already open on $tombmount"
       +        _warning "$tombname is already open on $tombmount"
                _message "here below its status is reported:"
                list_tombs ${tombname}
                return 1
       t@@ -1206,16 +1206,16 @@ mount_tomb() {
        
            nstloop=`losetup -f`
            if [ $? = 255 ]; then
       -        die "too many tomb opened. Please close any of them to open another tomb" 
       +        die "too many tomb opened. Please close any of them to open another tomb"
            fi
            losetup -f ${tombdir}/${tombfile}
        
            cryptsetup isLuks ${nstloop}
            if [ $? != 0 ]; then
       -        # is it a LUKS encrypted nest? see cryptsetup(1)
       -        _warning "$tombfile is not a valid Luks encrypted storage file"
       -        $norm || rmdir $tombmount 2>/dev/null
       -        return 1
       +        # is it a LUKS encrypted nest? see cryptsetup(1)
       +        _warning "$tombfile is not a valid Luks encrypted storage file"
       +        $norm || rmdir $tombmount 2>/dev/null
       +        return 1
            fi
            say "this tomb is a valid LUKS encrypted device"
        
       t@@ -1235,47 +1235,47 @@ mount_tomb() {
        
            # save date of mount in minutes since 1970
            mapdate=`date +%s`
       -    
       +
        
            mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
            keyname=`basename $tombkey | cut -d. -f1`
        
            _warning "Password is required for key ${keyname}"
            for c in 1 2 3; do
       -        if ! option_is_set --tomb-pwd; then
       -            tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
       -            if [[ $? != 0 ]]; then
       -                die "User aborted"
       -            fi
       -        else
       -            tombpass=`option_value --tomb-pwd`
       -        fi
       -        get_lukskey "${tombpass}" ${tombkey} | \
       -            cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
       -        local ret=$?
       -        unset tombpass
       -        if [[ $ret != 0 ]]; then
       -            if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
       -                die "Wrong password: aborting"
       -            fi
       -            continue
       -        fi
       -
       -        # if key was from stdin delete temp file and dir
       -        if [ $tombkeydir ]; then
       -            ${=WIPE} ${tombkey}
       -            rmdir $tombkeydir
       -        fi
       -
       -        if [ -r /dev/mapper/${mapper} ]; then
       -            break;  # password was correct
       -        fi
       +        if ! option_is_set --tomb-pwd; then
       +            tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
       +            if [[ $? != 0 ]]; then
       +                die "User aborted"
       +            fi
       +        else
       +            tombpass=`option_value --tomb-pwd`
       +        fi
       +        get_lukskey "${tombpass}" ${tombkey} | \
       +            cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
       +        local ret=$?
       +        unset tombpass
       +        if [[ $ret != 0 ]]; then
       +            if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
       +                die "Wrong password: aborting"
       +            fi
       +            continue
       +        fi
       +
       +        # if key was from stdin delete temp file and dir
       +        if [ $tombkeydir ]; then
       +            ${=WIPE} ${tombkey}
       +            rmdir $tombkeydir
       +        fi
       +
       +        if [ -r /dev/mapper/${mapper} ]; then
       +            break;  # password was correct
       +        fi
            done
        
            if ! [ -r /dev/mapper/${mapper} ]; then
       -        losetup -d ${nstloop}
       -        $norm || rmdir ${tombmount} 2>/dev/null
       -        die "failure mounting the encrypted file"
       +        losetup -d ${nstloop}
       +        $norm || rmdir ${tombmount} 2>/dev/null
       +        die "failure mounting the encrypted file"
            fi
        
            # array: [ cipher, keysize, loopdevice ]
       t@@ -1326,8 +1326,8 @@ mount_tomb() {
            # process bind-hooks (mount -o bind of directories)
            # and post-hooks (execute on open)
            if ! option_is_set -n ; then
       -        exec_safe_bind_hooks ${tombmount}
       -        exec_safe_post_hooks ${tombmount} open
       +        exec_safe_bind_hooks ${tombmount}
       +        exec_safe_post_hooks ${tombmount} open
            fi
            return 0
        }
       t@@ -1336,7 +1336,7 @@ mount_tomb() {
        
        # {{{ - Internal operations on mounted tombs
        
       -# list_tomb_mounts 
       +# list_tomb_mounts
        # print out an array of mounted tombs (internal use)
        # format is semi-colon separated list of attributes
        # if 1st arg is supplied, then list only that tomb
       t@@ -1352,7 +1352,7 @@ list_tomb_mounts() {
                mount -l \
                    | awk '
        BEGIN { main="" }
       -/^\/dev\/mapper\/tomb/ { 
       +/^\/dev\/mapper\/tomb/ {
          if(main==$1) next;
          print $1 ";" $3 ";" $5 ";" $6 ";" $7
          main=$1
       t@@ -1379,8 +1379,8 @@ BEGIN { main="" }
        # needs an argument: name of tomb whose hooks belong
        list_tomb_binds() {
            if [ "$1" = "" ]; then
       -        _failure "internal error: list_tomb_binds called without argument."; fi
       -    
       +        _failure "internal error: list_tomb_binds called without argument."; fi
       +
            # list bind hooks on util-linux 2.20 (Debian 7)
            mount -l \
                | awk -vtomb="$1" '
       t@@ -1389,18 +1389,18 @@ BEGIN { main="" }
          if($7!=tomb) next;
          if(main=="") { main=$1; next; }
          if(main==$1)
       -    print $1 ";" $3 ";" $5 ";" $6 ";" $7 
       +    print $1 ";" $3 ";" $5 ";" $6 ";" $7
        }
        '
       -    
       +
            # list bind hooks on util-linux 2.17 (Debian 6)
            tombmount=`mount -l \
              | awk -vtomb="$1" '
        /^\/dev\/mapper\/tomb/ { if($7!=tomb) next; print $3; exit; }'`
       -    
       +
            mount -l | grep "^$tombmount" \
                | awk -vtomb="$1" '
       -        /bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
       +        /bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
        }
        
        # }}}
       t@@ -1411,24 +1411,24 @@ BEGIN { main="" }
        slam_tomb() {
            # $1 = tomb mount point
            if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
       -        return 0
       +        return 0
            fi
            #Note: shells are NOT killed by INT or TERM, but they are killed by HUP
            for s in TERM HUP KILL; do
       -        xxx "Sending $s to processes inside the tomb:"
       -        if option_is_set -D; then
       -            ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
       -            while read line; do
       -                xxx $line
       -            done
       -        fi
       -        fuser -s -m "$1" -k -M -$s
       -        if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
       -            return 0
       -        fi
       -        if ! option_is_set -f; then
       -            sleep 3
       -        fi
       +        xxx "Sending $s to processes inside the tomb:"
       +        if option_is_set -D; then
       +            ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
       +            while read line; do
       +                xxx $line
       +            done
       +        fi
       +        fuser -s -m "$1" -k -M -$s
       +        if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
       +            return 0
       +        fi
       +        if ! option_is_set -f; then
       +            sleep 3
       +        fi
            done
            return 1
        }
       t@@ -1467,19 +1467,19 @@ umount_tomb() {
                xxx "name: $tombname"
                xxx "mount: $tombmount"
                xxx "mapper: $mapper"
       -        
       +
                { test -e "$mapper" } && {
                    _warning "Tomb not found: $1"
                    _warning "Please specify an existing tomb."
                    return 0 }
       -        
       +
                if [ $SLAM ]; then
                    _success "Slamming tomb $tombname mounted on $tombmount"
                    _message "Kill all processes busy inside the tomb"
       -            if ! slam_tomb "$tombmount"; then
       +            if ! slam_tomb "$tombmount"; then
                        _warning "Cannot slam the tomb $tombname"
                        return 1
       -            fi
       +            fi
                else
                    say "Closing tomb $tombname mounted on $tombmount"
                fi
       t@@ -1494,18 +1494,18 @@ umount_tomb() {
                    if [[ $? != 0 ]]; then
                        if [ $SLAM ]; then
                            _success "Slamming tomb: killing all processes using this hook"
       -                    slam_tomb "$bind_mount"
       -                    if [[ $? == 1 ]]; then
       +                    slam_tomb "$bind_mount"
       +                    if [[ $? == 1 ]]; then
                                _warning "Cannot slam the bind hook $bind_mount"
                                return 1
       -                    fi
       +                    fi
                            umount $bind_mount
                        else
                            _warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
                        fi
                    fi
                done
       -        
       +
            # Execute post-hooks for eventual cleanup
                if ! option_is_set -n ; then
                    exec_safe_post_hooks ${tombmount%%/} close
       t@@ -1515,28 +1515,28 @@ umount_tomb() {
                umount ${tombmount}
                if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
                else
       -        # this means we used a "default" mount point
       -            { test "${tombmount}" = "/media/${tombname}.tomb" } && {
       -                rmdir ${tombmount} }
       +        # this means we used a "default" mount point
       +            { test "${tombmount}" = "/media/${tombname}.tomb" } && {
       +                rmdir ${tombmount} }
                fi
        
                cryptsetup luksClose $mapper
                { test $? = 0 } || {
                    _warning "error occurred in cryptsetup luksClose ${mapper}"
                    return 1 }
       -        
       +
                losetup -d "/dev/$tombloop"
       -        
       +
            # # kill the status tray widget if still present
            # # this makes the widget disappear when closing tomb from cli
            #         awkmapper=`sed 's:\/:\\\/:g' <<< $mapper`
            #         statustray_pid=`ps ax | awk "/tomb-status $awkmapper/"' {print $1} '`
            #         { test "$statustray_pid" = "" } || { kill ${statustray_pid} }
       -        
       +
                _success "Tomb $tombname closed: your bones will rest in peace."
       -        
       +
            done # loop across mounted tombs
       -    
       +
            return 0
        }
        # }}}
       t@@ -1553,14 +1553,14 @@ change_passwd() {
        
            # check the keyfile
            if ! [ -r $keyfile ]; then
       -        _warning "key not found: $keyfile"
       -        return 1
       +        _warning "key not found: $keyfile"
       +        return 1
            fi
        
            if ! is_valid_key $keyfile ; then
       -        _warning "file doesn't seems to be a tomb key: $keyfile"
       -        _warning "operation aborted."
       -        return 1
       +        _warning "file doesn't seems to be a tomb key: $keyfile"
       +        _warning "operation aborted."
       +        return 1
            fi
        
            local tmpnewkey lukskey c tombpass tombpasstmp
       t@@ -1571,37 +1571,37 @@ change_passwd() {
            _success "Changing password for $keyfile"
            keyname=`basename $keyfile`
            if ! option_is_set --tomb-old-pwd; then
       -        while true; do
       -            tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
       -            if [[ $? == 1 ]]; then
       -                die "User aborted"
       -            fi
       -            if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
       -                break
       -            fi
       -        done
       +        while true; do
       +            tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
       +            if [[ $? == 1 ]]; then
       +                die "User aborted"
       +            fi
       +            if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
       +                break
       +            fi
       +        done
            else
       -        tombpass=`option_value --tomb-old-pwd`
       -        if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
       -            die "Invalid old password"
       -        fi
       +        tombpass=`option_value --tomb-old-pwd`
       +        if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
       +            die "Invalid old password"
       +        fi
            fi
        
            {
       -        gen_key $lukskey > ${tmpnewkey}
       -
       -        if ! is_valid_key $tmpnewkey; then
       -            die "Error: the newly generated keyfile does not seem valid"
       -        else
       -            # copy the new key as the original keyfile name
       -            cp "${tmpnewkey}" "${keyfile}"
       -            _success "Your passphrase was successfully updated."
       -        fi
       +        gen_key $lukskey > ${tmpnewkey}
       +
       +        if ! is_valid_key $tmpnewkey; then
       +            die "Error: the newly generated keyfile does not seem valid"
       +        else
       +            # copy the new key as the original keyfile name
       +            cp "${tmpnewkey}" "${keyfile}"
       +            _success "Your passphrase was successfully updated."
       +        fi
            } always {
       -        _verbose "cleanup: $tmpnewkey $lukskey"
       -        # wipe all temp file
       -        ${=WIPE} "${tmpnewkey}"
       -        ${=WIPE} "${lukskey}"
       +        _verbose "cleanup: $tmpnewkey $lukskey"
       +        # wipe all temp file
       +        ${=WIPE} "${tmpnewkey}"
       +        ${=WIPE} "${lukskey}"
            }
        
            return $?
       t@@ -1614,9 +1614,9 @@ change_passwd() {
        resize_tomb() {
            _message "Commanded to resize tomb $1 to $opts[-s] megabytes"
            if ! [ $1 ]; then
       -        _failure "No tomb name specified for resizing"
       +        _failure "No tomb name specified for resizing"
            elif ! [ -r "$1" ]; then
       -        _failure "Cannot find $1"
       +        _failure "Cannot find $1"
            fi
        
            local c tombpass tombkey
       t@@ -1628,20 +1628,20 @@ resize_tomb() {
        
            if option_is_set -k ; then
                    if [[ "`option_value -k`" == "-" ]]; then
       -                # take key from stdin
       -                local tombkeydir
       -                tombkeydir=`safe_dir`
       -                cat > ${tombkeydir}/stdin.tmp
       -                tombkey=${tombkeydir}/stdin.tmp
       +                # take key from stdin
       +                local tombkeydir
       +                tombkeydir=`safe_dir`
       +                cat > ${tombkeydir}/stdin.tmp
       +                tombkey=${tombkeydir}/stdin.tmp
                    else
       -                # take key from a file
       -            tombkey=`option_value -k`
       +                # take key from a file
       +            tombkey=`option_value -k`
                    fi
            else
                    # guess key as lying besides the tomb
       -        tombkey=${tombdir}/${tombfile}.key
       +        tombkey=${tombdir}/${tombfile}.key
            fi
       -    
       +
            if ! [ -r ${tombkey} ]; then
                    _failure "key file not found: ${tombkey}"
            fi
       t@@ -1650,28 +1650,28 @@ resize_tomb() {
            local newtombsize=$opts[-s]
            local oldtombsize=`stat -c %s "$1" 2>/dev/null`
            local mounted_tomb=`mount -l |
       -        awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
       +        awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
        
            if [ "$mounted_tomb" ]; then
       -        _failure "the tomb $tombname is open, to resize it it needs to be close."
       +        _failure "the tomb $tombname is open, to resize it it needs to be close."
            fi
        
            # MB to bytes conversion
            newtombsize=`expr \( $newtombsize \* 1024 \) \* 1024 2> /dev/null`
       -    
       +
            if ! [ "$newtombsize" ] ; then
       -        _failure "You must specify the new size of $tombname"
       +        _failure "You must specify the new size of $tombname"
            elif [[ $newtombsize != <-> ]]; then
       -        _failure "Size is not an integer"
       +        _failure "Size is not an integer"
            elif [ "$newtombsize" -le "$oldtombsize" ]; then
       -        _failure "the new size must be greater then old tomb size."
       +        _failure "the new size must be greater then old tomb size."
            fi
        
            local delta=`expr $newtombsize \- $oldtombsize`
       -    
       +
            local tombsize_4k=`expr $delta \/ 1024`
            tombsize_4k=`expr $tombsize_4k \/ 4 `
       -    
       +
            act "Generating ${tombfile} of ${newtombsize}Mb (${tombsize_4k} blocks of 4Kb)"
            "$DD" if=/dev/urandom bs=4k count=${tombsize_4k} of="${tmp_resize}"
        
       t@@ -1680,19 +1680,19 @@ resize_tomb() {
            else
                _failure "Error creating the extra resize $tmp_resize, operation aborted."
            fi
       -    
       +
            cat "${tmp_resize}" >> "$1"
            ${=WIPE} "${tmp_resize}"
       -    
       +
            local nstloop=`losetup -f`
            if [ $? = 255 ]; then
       -        _failure "too many tomb opened. Please close any of them to open another tomb"
       +        _failure "too many tomb opened. Please close any of them to open another tomb"
            fi
            losetup -f "$1"
       -    
       +
            local mapdate=`date +%s`
            local mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
       -    
       +
            _message "Password is required for key ${keyname}"
            for c in 1 2 3; do
                if [ $c = 1 ]; then
       t@@ -1700,37 +1700,37 @@ resize_tomb() {
                else
                    tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
                fi
       -        get_lukskey "${tombpass}" ${tombkey} | \
       -            cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
       -        
       -        unset tombpass
       -        
       +        get_lukskey "${tombpass}" ${tombkey} | \
       +            cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
       +
       +        unset tombpass
       +
                if [ -r /dev/mapper/${mapper} ]; then
                    break;  # password was correct
       -        fi
       +        fi
            done
        
            if ! [ -r /dev/mapper/${mapper} ]; then
       -        losetup -d ${nstloop}
       -        _failure "failure mounting the encrypted file"
       +        losetup -d ${nstloop}
       +        _failure "failure mounting the encrypted file"
            fi
        
            cryptsetup resize "${mapper}"
            if [ $? != 0 ]; then
       -        losetup -d ${nstloop}
       -        _failure "cryptsetup failed to resize $mapper"
       +        losetup -d ${nstloop}
       +        _failure "cryptsetup failed to resize $mapper"
            fi
        
            e2fsck -f /dev/mapper/${mapper}
            if [ $? != 0 ]; then
       -        losetup -d ${nstloop}
       -        _failure "e2fsck failed to check $mapper"
       +        losetup -d ${nstloop}
       +        _failure "e2fsck failed to check $mapper"
            fi
        
            resize2fs /dev/mapper/${mapper}
            if [ $? != 0 ]; then
       -        losetup -d ${nstloop}
       -        _failure "resize2fs failed to resize $mapper"
       +        losetup -d ${nstloop}
       +        _failure "resize2fs failed to resize $mapper"
            fi
        
            sleep 1 # needs to settle a bit
       t@@ -1749,7 +1749,7 @@ resize_tomb() {
        # index files in all tombs for search
        # $1 is optional, to specify a tomb
        index_tombs() {
       -    { command -v updatedb > /dev/null } || { 
       +    { command -v updatedb > /dev/null } || {
                die "Cannot index tombs on this system: updatedb not installed" }
        
            mounted_tombs=(`list_tomb_mounts $1`)
       t@@ -1773,7 +1773,7 @@ index_tombs() {
            done
        }
        search_tombs() {
       -    { command -v locate > /dev/null } || { 
       +    { command -v locate > /dev/null } || {
                die "Cannot index tombs on this system: updatedb not installed" }
        
            # list all open tombs
       t@@ -1795,7 +1795,7 @@ search_tombs() {
                    no "run 'tomb index' to create indexes"
                fi
            done
       -        
       +
        }
        
        # {{{ - List
       t@@ -1835,8 +1835,8 @@ list_tombs() {
                }
        
            if option_is_set --get-mountpoint; then
       -        echo $tombmount
       -        continue
       +        echo $tombmount
       +        continue
            fi
                # breaking up such strings is good for translation
                print -n "$fg[green]$tombname"
       t@@ -1872,7 +1872,7 @@ list_tombs() {
        
                if [[ ${tombp} -ge 90 ]]; then
                    print -n "$fg_no_bold[green]$tombname"
       -            print "$fg_bold[red] Your tomb is almost full!"
       +            print "$fg_bold[red] Your tomb is almost full!"
                fi
        
                # now check hooks
       t@@ -1996,13 +1996,13 @@ main() {
            subcommands_opts[resize]="s: -size=s k: -key=k"
            subcommands_opts[check]="-ignore-swap"
        #    subcommands_opts[translate]=""
       -    
       +
            ### Detect subcommand
            local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
            for optspec in $subcommands_opts$main_opts; do
       -        for opt in ${=optspec}; do
       -            every_opts+=${opt}
       -        done
       +        for opt in ${=optspec}; do
       +            every_opts+=${opt}
       +        done
            done
            local -a oldstar
            oldstar=($argv)
       t@@ -2023,12 +2023,12 @@ main() {
            unset discardme
            subcommand=$1
            if [[ -z $subcommand ]]; then
       -        subcommand="__default"
       +        subcommand="__default"
            fi
        
            if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
       -        _warning "There's no such command \"$subcommand\"."
       -        _failure "Please try -h for help" 127
       +        _warning "There's no such command \"$subcommand\"."
       +        _failure "Please try -h for help" 127
        #        die "Subcommand '$subcommand' doesn't exist" 127
            fi
            argv=(${oldstar})
       t@@ -2038,7 +2038,7 @@ main() {
            # zsh magic: ${=string} will split to multiple arguments when spaces occur
            set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]}
            # if there is no option, we don't need parsing
       -    if [[ -n $cmd_opts ]]; then 
       +    if [[ -n $cmd_opts ]]; then
                zparseopts -M -E -D -Aopts ${cmd_opts}
                if [[ $? != 0 ]]; then
                    _warning "Some error occurred during option processing."
       t@@ -2066,18 +2066,18 @@ main() {
            fi
            ### End parsing command-specific options
            if ! option_is_set --no-color; then
       -        autoload colors; colors
       +        autoload colors; colors
            fi
            if ! option_is_set --unsecure-dev-mode; then
       -        for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
       -            if option_is_set $opt; then
       -                die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
       -            fi
       -        done
       +        for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
       +            if option_is_set $opt; then
       +                die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
       +            fi
       +        done
            fi
        
            # when we run as root, we remember the original uid:gid
       -    # to set permissions for the calling user and drop privileges 
       +    # to set permissions for the calling user and drop privileges
            if option_is_set -U; then _uid="`option_value -U`"; fi
            if option_is_set -G; then _gid="`option_value -G`"; fi
            if option_is_set -T; then _tty="`option_value -T`"; fi
       t@@ -2139,7 +2139,7 @@ main() {
                        _warning "steghide not installed. Cannot bury your key"
                        return 1
                    fi
       -                 encode_key $PARAM[1] $PARAM[2] ;;        
       +                 encode_key $PARAM[1] $PARAM[2] ;;
                exhume)
                    if [ "$STEGHIDE" = 0 ]; then
                         _warning "steghide not installed. Cannot exhume your key"
       t@@ -2152,9 +2152,9 @@ main() {
                        _warning "resize2fs not installed. Cannot resize your tomb."
                        return 1
                    fi
       -            check_priv
       -            resize_tomb $PARAM[1]
       -            ;;
       +            check_priv
       +            resize_tomb $PARAM[1]
       +            ;;
        
                # internal commands useful to developers
                'source')   return 0 ;;