From 1e5820fbd36e68c93c979626f3969026d5ceb793 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@dyne.org>
Date: Sun, 8 Feb 2015 14:54:27 -0300
Subject: [PATCH] Add detection of plain swap on encrypted volumes. (Fixes
 #163)

Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.

Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
---
 tomb | 39 +++++++++++++++++----------------------
 1 file changed, 17 insertions(+), 22 deletions(-)

diff --git a/tomb b/tomb
index a300287..182fc1b 100755
--- a/tomb
+++ b/tomb
@@ -277,6 +277,18 @@ _tmp_create() {
     return 0
 }
 
+# Check if a block device is encrypted
+# Synopsis: _is_encrypted_block /path/to/block/device
+# Return 0 if it is an encrypted block device
+_is_encrypted_block() {
+    local    b=$1 # Path to a block device
+
+    sudo lsblk -s -o TYPE -n $b 2>/dev/null \
+	| egrep -q '^crypt$'
+
+    return $?
+}
+
 # Check if swap is activated
 # Return 0 if NO swap is used, 1 if swap is used.
 # Return 1 if any of the swaps is not encrypted.
@@ -292,29 +304,12 @@ _ensure_safe_swap() {
     swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
     [[ -z "$swaps" ]] && return 0 # No swap partition is active
 
-    for s in $=swaps; do
-        bone=$(sudo file $s)
-        if [[ "$bone" =~ "swap file" ]]; then
-            # It's a regular (unencrypted) swap file
-            r=1
-            break
-
-        elif [[ "$bone" =~ "symbolic link" ]]; then
-            # Might link to a block
-            r=1
-            [[ "/dev/mapper" == "${s%/*}" ]] || { break }
-            is_crypt=$(sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
-            [[ $is_crypt == "crypt" ]] && { r=2 }
-
-        elif [[ "$bone" =~ "block special" ]]; then
-            # It's a block
-            r=1
-            is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
-            [[ $is_crypt == "crypt" ]] && { r=2 } || { break }
-
-        fi
-    done
     _message "An active swap partition is detected..."
+    for s in $=swaps; do
+        { _is_encrypted_block $s } \
+	    && { r=2 } || { r=1; break }
+    done
+
     if [[ $r -eq 2 ]]; then
         _success "All your swaps are belong to crypt.  Good."
     else