Add detection of plain swap on encrypted volumes. (Fixes #163)

Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.

Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
This commit is contained in:
hellekin 2015-02-08 14:54:27 -03:00
parent 46583fa445
commit 1e5820fbd3

39
tomb
View File

@ -277,6 +277,18 @@ _tmp_create() {
return 0
}
# Check if a block device is encrypted
# Synopsis: _is_encrypted_block /path/to/block/device
# Return 0 if it is an encrypted block device
_is_encrypted_block() {
local b=$1 # Path to a block device
sudo lsblk -s -o TYPE -n $b 2>/dev/null \
| egrep -q '^crypt$'
return $?
}
# Check if swap is activated
# Return 0 if NO swap is used, 1 if swap is used.
# Return 1 if any of the swaps is not encrypted.
@ -292,29 +304,12 @@ _ensure_safe_swap() {
swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
[[ -z "$swaps" ]] && return 0 # No swap partition is active
for s in $=swaps; do
bone=$(sudo file $s)
if [[ "$bone" =~ "swap file" ]]; then
# It's a regular (unencrypted) swap file
r=1
break
elif [[ "$bone" =~ "symbolic link" ]]; then
# Might link to a block
r=1
[[ "/dev/mapper" == "${s%/*}" ]] || { break }
is_crypt=$(sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
[[ $is_crypt == "crypt" ]] && { r=2 }
elif [[ "$bone" =~ "block special" ]]; then
# It's a block
r=1
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
[[ $is_crypt == "crypt" ]] && { r=2 } || { break }
fi
done
_message "An active swap partition is detected..."
for s in $=swaps; do
{ _is_encrypted_block $s } \
&& { r=2 } || { r=1; break }
done
if [[ $r -eq 2 ]]; then
_success "All your swaps are belong to crypt. Good."
else