From 1e5820fbd36e68c93c979626f3969026d5ceb793 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@dyne.org>
Date: Sun, 8 Feb 2015 14:54:27 -0300
Subject: [PATCH 1/5] Add detection of plain swap on encrypted volumes. (Fixes
 #163)

Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.

Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
---
 tomb | 39 +++++++++++++++++----------------------
 1 file changed, 17 insertions(+), 22 deletions(-)

diff --git a/tomb b/tomb
index a300287..182fc1b 100755
--- a/tomb
+++ b/tomb
@@ -277,6 +277,18 @@ _tmp_create() {
     return 0
 }
 
+# Check if a block device is encrypted
+# Synopsis: _is_encrypted_block /path/to/block/device
+# Return 0 if it is an encrypted block device
+_is_encrypted_block() {
+    local    b=$1 # Path to a block device
+
+    sudo lsblk -s -o TYPE -n $b 2>/dev/null \
+	| egrep -q '^crypt$'
+
+    return $?
+}
+
 # Check if swap is activated
 # Return 0 if NO swap is used, 1 if swap is used.
 # Return 1 if any of the swaps is not encrypted.
@@ -292,29 +304,12 @@ _ensure_safe_swap() {
     swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
     [[ -z "$swaps" ]] && return 0 # No swap partition is active
 
-    for s in $=swaps; do
-        bone=$(sudo file $s)
-        if [[ "$bone" =~ "swap file" ]]; then
-            # It's a regular (unencrypted) swap file
-            r=1
-            break
-
-        elif [[ "$bone" =~ "symbolic link" ]]; then
-            # Might link to a block
-            r=1
-            [[ "/dev/mapper" == "${s%/*}" ]] || { break }
-            is_crypt=$(sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
-            [[ $is_crypt == "crypt" ]] && { r=2 }
-
-        elif [[ "$bone" =~ "block special" ]]; then
-            # It's a block
-            r=1
-            is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
-            [[ $is_crypt == "crypt" ]] && { r=2 } || { break }
-
-        fi
-    done
     _message "An active swap partition is detected..."
+    for s in $=swaps; do
+        { _is_encrypted_block $s } \
+	    && { r=2 } || { r=1; break }
+    done
+
     if [[ $r -eq 2 ]]; then
         _success "All your swaps are belong to crypt.  Good."
     else

From a5ab84fdac4da07838cbd8c501d0109aee437936 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@dyne.org>
Date: Sun, 8 Feb 2015 19:34:32 -0300
Subject: [PATCH 2/5] Recover legacy code for systems using util-linux < 2.22

---
 tomb | 46 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 42 insertions(+), 4 deletions(-)

diff --git a/tomb b/tomb
index 182fc1b..5973368 100755
--- a/tomb
+++ b/tomb
@@ -305,10 +305,44 @@ _ensure_safe_swap() {
     [[ -z "$swaps" ]] && return 0 # No swap partition is active
 
     _message "An active swap partition is detected..."
-    for s in $=swaps; do
-        { _is_encrypted_block $s } \
-	    && { r=2 } || { r=1; break }
-    done
+
+    # Issue #163
+    # lsblk --inverse appeared in util-linux 2.22
+    # but --version is not consistent...
+    local bug_163=0
+    lsblk --help | grep -q '\-\-inverse'
+    if [[ $? -eq 0 ]]; then
+	for s in $=swaps; do
+            { _is_encrypted_block $s } \
+		&& { r=2 } || { r=1; break }
+	done
+    else
+	# Use legacy code that does not detect plain swaps on
+	# encrypted volumes.  On such systems -f must be used.
+	bug_163=1
+	for s in $=swaps; do
+	    bone=$(sudo file $s)
+	    if [[ "$bone" =~ "swap file" ]]; then
+		# It's a regular (unencrypted) swap file
+		r=1
+		break
+
+	    elif [[ "$bone" =~ "symbolic link" ]]; then
+		# Might link to a block
+		r=1
+		[[ "/dev/mapper" == "${s%/*}" ]] || { break }
+		is_crypt=$(sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
+		[[ $is_crypt == "crypt" ]] && { r=2 }
+
+	    elif [[ "$bone" =~ "block special" ]]; then
+		# It's a block
+		r=1
+		is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
+		[[ $is_crypt == "crypt" ]] && { r=2 } || { break }
+
+	    fi
+	done
+    fi
 
     if [[ $r -eq 2 ]]; then
         _success "All your swaps are belong to crypt.  Good."
@@ -317,6 +351,10 @@ _ensure_safe_swap() {
         _warning "You can deactivate all swap partitions using the command:"
         _warning " swapoff -a"
         _warning "But if you want to proceed like this, use the -f (force) flag."
+	if [[ $bug_163 -eq 1 ]]; then
+	    _warning "[#163] I cannot detect plain swaps on an encrypted volume."
+	    _warning "[#163] Use -f, or upgrade util-linux to 2.22+."
+	fi
     fi
     return $r
 

From 02dead6c9d2ed40c7c6d51b4b976f0bc1ca43e56 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@dyne.org>
Date: Sun, 8 Feb 2015 19:50:52 -0300
Subject: [PATCH 3/5] Simplify patch

---
 tomb | 45 +++++++++------------------------------------
 1 file changed, 9 insertions(+), 36 deletions(-)

diff --git a/tomb b/tomb
index 5973368..6043fc8 100755
--- a/tomb
+++ b/tomb
@@ -282,8 +282,15 @@ _tmp_create() {
 # Return 0 if it is an encrypted block device
 _is_encrypted_block() {
     local    b=$1 # Path to a block device
+    local    s="" # lsblk option -s (if available)
 
-    sudo lsblk -s -o TYPE -n $b 2>/dev/null \
+    # Issue #163
+    # lsblk --inverse appeared in util-linux 2.22
+    # but --version is not consistent...
+    lsblk --help | grep -q '\-\-inverse'
+    [[ $? -eq 0 ]] && s="--inverse"
+
+    sudo lsblk $s -o type -n $b 2>/dev/null \
 	| egrep -q '^crypt$'
 
     return $?
@@ -306,42 +313,11 @@ _ensure_safe_swap() {
 
     _message "An active swap partition is detected..."
 
-    # Issue #163
-    # lsblk --inverse appeared in util-linux 2.22
-    # but --version is not consistent...
-    local bug_163=0
-    lsblk --help | grep -q '\-\-inverse'
     if [[ $? -eq 0 ]]; then
 	for s in $=swaps; do
             { _is_encrypted_block $s } \
 		&& { r=2 } || { r=1; break }
 	done
-    else
-	# Use legacy code that does not detect plain swaps on
-	# encrypted volumes.  On such systems -f must be used.
-	bug_163=1
-	for s in $=swaps; do
-	    bone=$(sudo file $s)
-	    if [[ "$bone" =~ "swap file" ]]; then
-		# It's a regular (unencrypted) swap file
-		r=1
-		break
-
-	    elif [[ "$bone" =~ "symbolic link" ]]; then
-		# Might link to a block
-		r=1
-		[[ "/dev/mapper" == "${s%/*}" ]] || { break }
-		is_crypt=$(sudo dmsetup status "$s" | awk '/crypt/ {print $3}')
-		[[ $is_crypt == "crypt" ]] && { r=2 }
-
-	    elif [[ "$bone" =~ "block special" ]]; then
-		# It's a block
-		r=1
-		is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
-		[[ $is_crypt == "crypt" ]] && { r=2 } || { break }
-
-	    fi
-	done
     fi
 
     if [[ $r -eq 2 ]]; then
@@ -350,11 +326,8 @@ _ensure_safe_swap() {
         _warning "This poses a security risk."
         _warning "You can deactivate all swap partitions using the command:"
         _warning " swapoff -a"
+	_warning "[#163] I may not detect plain swaps on an encrypted volume."
         _warning "But if you want to proceed like this, use the -f (force) flag."
-	if [[ $bug_163 -eq 1 ]]; then
-	    _warning "[#163] I cannot detect plain swaps on an encrypted volume."
-	    _warning "[#163] Use -f, or upgrade util-linux to 2.22+."
-	fi
     fi
     return $r
 

From 22f0705f21ac9bb3184f3b09ac6619f0015b3cdb Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@dyne.org>
Date: Sun, 8 Feb 2015 20:01:01 -0300
Subject: [PATCH 4/5] Remove leftover and notify #163 :)

---
 tomb | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/tomb b/tomb
index 6043fc8..6f67653 100755
--- a/tomb
+++ b/tomb
@@ -313,12 +313,9 @@ _ensure_safe_swap() {
 
     _message "An active swap partition is detected..."
 
-    if [[ $? -eq 0 ]]; then
-	for s in $=swaps; do
-            { _is_encrypted_block $s } \
-		&& { r=2 } || { r=1; break }
-	done
-    fi
+    for s in $=swaps; do
+        { _is_encrypted_block $s } && { r=2 } || { r=1; break }
+    done
 
     if [[ $r -eq 2 ]]; then
         _success "All your swaps are belong to crypt.  Good."

From 21415b157f9188bd5cc980e90c7d64768399c072 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@dyne.org>
Date: Sun, 8 Feb 2015 20:06:53 -0300
Subject: [PATCH 5/5] Remove tabs

---
 tomb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tomb b/tomb
index 6f67653..b4e53bf 100755
--- a/tomb
+++ b/tomb
@@ -291,7 +291,7 @@ _is_encrypted_block() {
     [[ $? -eq 0 ]] && s="--inverse"
 
     sudo lsblk $s -o type -n $b 2>/dev/null \
-	| egrep -q '^crypt$'
+        | egrep -q '^crypt$'
 
     return $?
 }
@@ -312,7 +312,6 @@ _ensure_safe_swap() {
     [[ -z "$swaps" ]] && return 0 # No swap partition is active
 
     _message "An active swap partition is detected..."
-
     for s in $=swaps; do
         { _is_encrypted_block $s } && { r=2 } || { r=1; break }
     done
@@ -323,7 +322,7 @@ _ensure_safe_swap() {
         _warning "This poses a security risk."
         _warning "You can deactivate all swap partitions using the command:"
         _warning " swapoff -a"
-	_warning "[#163] I may not detect plain swaps on an encrypted volume."
+        _warning "[#163] I may not detect plain swaps on an encrypted volume."
         _warning "But if you want to proceed like this, use the -f (force) flag."
     fi
     return $r