Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-28 04:39:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #391 from dyne/loopmount_refactor

Browse Source 
refactor of state tracking for loop mounting
This commit is contained in:
Denis Roio 2020-11-17 10:21:43 +01:00 committed by GitHub
commit f9d9d4bc8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 90 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

239
tomb
View File

@ -95,7 +95,7 @@ typeset -Hi _UID # Running user identifier
typeset -Hi _GID # Running user group identifier typeset -Hi _GID # Running user group identifier
typeset -H _TTY # Connected input terminal typeset -H _TTY # Connected input terminal
# Tomb context (see _plot()) # Tomb context (see is_valid_tomb())
typeset -H TOMBPATH # Full path to the tomb typeset -H TOMBPATH # Full path to the tomb
typeset -H TOMBDIR # Directory where the tomb is typeset -H TOMBDIR # Directory where the tomb is
typeset -H TOMBFILE # File name of the tomb typeset -H TOMBFILE # File name of the tomb
@ -257,33 +257,6 @@ _whoami() {
} }
# Define sepulture's plot (setup tomb-related arguments)
# Synopsis: _plot /path/to/the.tomb
# Set TOMB{PATH,DIR,FILE,NAME}
_plot() {
# We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME
TOMBPATH="$1"
TOMBDIR=$(dirname $TOMBPATH)
TOMBFILE=$(basename $TOMBPATH)
# The tomb name is TOMBFILE without an extension and underscores instead of spaces (for mount and cryptsetup)
# It can start with dots: ..foo bar baz.tomb -> ..foo_bar_baz
TOMBNAME=${${TOMBFILE// /_}%.*}
# use the entire filename if the previous transformation returns
# an empty string. This handles the corner case of tomb being
# hidden files (starting with a dot) and have no extension (only
# one dot in string)
TOMBNAME=${TOMBNAME:-${TOMBFILE}}
[[ "$TOMBNAME" = "" ]] &&
_failure "Tomb won't work without a TOMBNAME."
}
# Provide a random filename in shared memory # Provide a random filename in shared memory
_tmp_create() { _tmp_create() {
[[ -d "$TMPPREFIX" ]] || { [[ -d "$TMPPREFIX" ]] || {
@ -567,16 +540,15 @@ sphinx_set_password() {
fi fi
} }
# Check if a filename is a valid tomb # Check if a filename is a valid tomb
is_valid_tomb() { is_valid_tomb() {
_verbose "is_valid_tomb ::1 tomb file::" $1 _verbose "is_valid_tomb ::1 tomb file::" $1
# First argument must be the path to a tomb # First argument must be the path to a tomb
[[ -z "$1" ]] && { [[ $1 ]] || _failure "Tomb file is missing from arguments."
_failure "Tomb file is missing from arguments." }
_fail=0 local _fail=0
# Tomb file must be a readable, writable, non-empty regular file. # Tomb file must be a readable, writable, non-empty regular file.
# If passed the "ro" mount option, the writable check is skipped. # If passed the "ro" mount option, the writable check is skipped.
[[ ! -w "$1" ]] && [[ $(option_value -o) != *"ro"* ]] && { [[ ! -w "$1" ]] && [[ $(option_value -o) != *"ro"* ]] && {
@ -597,67 +569,60 @@ is_valid_tomb() {
} }
_verbose "tomb file is not empty" _verbose "tomb file is not empty"
# no more checking on the uid [[ $_fail == 1 ]] && {
# _uid="`zstat +uid $1`"
# [[ "$_uid" = "$UID" ]] || {
# _user="`zstat -s +uid $1`"
# _warning "Tomb file is owned by another user: ::1 tomb owner::" $_user
# }
# _verbose "tomb is not owned by another user"
[[ $_fail = 1 ]] && {
_failure "Tomb command failed: ::1 command name::" $subcommand _failure "Tomb command failed: ::1 command name::" $subcommand
} }
# TODO: split the rest of that function out.
# We already have a valid tomb, now we're checking
# whether we can alter it.
# Tomb file may be a LUKS FS (or we are creating it) # Tomb file may be a LUKS FS (or we are creating it)
[[ "`file $1`" =~ "luks encrypted file" ]] || { [[ "`file $1`" =~ "luks encrypted file" ]] || {
_warning "File is not yet a tomb: ::1 tomb file::" $1 } _warning "File is not yet a tomb: ::1 tomb file::" $1 }
_plot $1 # Set TOMB{PATH,DIR,FILE,NAME} # We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME TOMBMAPPER
# Tomb already mounted (or we cannot alter it) TOMBPATH="$1"
[[ "`_sudo findmnt -rvo SOURCE,TARGET,FSTYPE,OPTIONS,LABEL |
awk -vtomb="[$TOMBNAME]" '
/^\/dev\/mapper\/tomb/ { if($5==tomb) print $1 }'`" = "" ]] || {
_failure "Tomb is currently in use: ::1 tomb name::" $TOMBNAME
}
_verbose "tomb file is not currently in use"
_message "Valid tomb file found: ::1 tomb path::" $TOMBPATH TOMBDIR=$(dirname $TOMBPATH)
return 0 TOMBFILE=$(basename $TOMBPATH)
}
# render the path to the unique /dev/mapper using an hash of the path # The tomb name is TOMBFILE without an extension and underscores instead of spaces (for mount and cryptsetup)
# of the tombfile and its name. Checks for duplicates (tomb is in use) # It can start with dots: ..foo bar baz.tomb -> ..foo_bar_baz
render_mapper() { TOMBNAME=${${TOMBFILE// /_}%.*}
[[ "$tombpath" == "" ]] && # use the entire filename if the previous transformation returns
_failure "cannot render mapper: missing \$tombpath" # an empty string. This handles the corner case of tomb being
[[ "$TOMBNAME" == "" ]] && # hidden files (starting with a dot) and have no extension (only
_failure "cannot render mapper: missing \$TOMBNAME" # one dot in string)
local maphash=`realpath $tombpath | sha256sum -z` TOMBNAME=${TOMBNAME:-${TOMBFILE}}
mapper="tomb.$TOMBNAME.${maphash[(w)1]}.loop" [[ "$TOMBNAME" = "" ]] &&
_failure "Tomb won't work without a TOMBNAME."
# checks if Tomb already mounted (or we cannot alter it)
local maphash=`realpath $TOMBPATH | sha256sum -z`
local nextloop=`losetup -f`
TOMBMAPPER="tomb.$TOMBNAME.${maphash[(w)1]}.`basename $nextloop`"
local mounted_tombs=(`list_tomb_mounts`) local mounted_tombs=(`list_tomb_mounts`)
local usedmapper local usedmapper
for t in ${mounted_tombs}; do for t in ${mounted_tombs}; do
usedmapper=`basename "${t[(ws:;:)1]}"` usedmapper=`basename "${t[(ws:;:)1]}"`
[[ "$usedmapper" == "$mapper" ]] && [[ "${usedmapper%.*}" == "${TOMBMAPPER%.*}" ]] &&
_failure "Tomb file already in use: ::1 tombname::" $TOMBNAME _failure "Tomb file already in use: ::1 tombname::" $TOMBPATH
done done
_verbose "Mapper: ::1 mapper::" $mapper _verbose "Mapper: ::1 mapper::" $TOMBMAPPER
print "$mapper"
_verbose "tomb file is not currently in use"
_message "Valid tomb file found: ::1 tomb path::" $TOMBPATH
return 0
} }
# $1 is the tomb file to be lomounted # $1 is the tomb file to be lomounted
lo_mount() { lo_mount() {
tpath="$1" tpath="$1"
# check if we have support for loop mounting # check if we have support for loop mounting
_nstloop=`_sudo losetup -f` TOMBLOOP=`_sudo losetup -f`
[[ $? = 0 ]] || { [[ $? = 0 ]] || {
_warning "Loop mount of volumes is not possible on this machine, this error" _warning "Loop mount of volumes is not possible on this machine, this error"
_warning "often occurs on VPS and kernels that don't provide the loop module." _warning "often occurs on VPS and kernels that don't provide the loop module."
@ -667,8 +632,7 @@ lo_mount() {
_sudo losetup -f "$tpath" # allocates the next loopback for our file _sudo losetup -f "$tpath" # allocates the next loopback for our file
TOMBLOOPDEVS+=("$_nstloop") # add to array of lodevs used TOMBLOOPDEVS+=("$TOMBLOOP") # add to array of lodevs used
return 0 return 0
} }
@ -1865,52 +1829,43 @@ engrave_key() {
# which blocks in the filesystem contain that data. # which blocks in the filesystem contain that data.
dig_tomb() { dig_tomb() {
local tombpath="$1" # Path to tomb # $1 arg is path to tomb
# Require the specification of the size of the tomb (-s) in MiB # Require the specification of the size of the tomb (-s) in MiB
local -i tombsize=$(option_value -s) local -i tombsize=$(option_value -s)
_message "Commanded to dig tomb ::1 tomb path::" $tombpath _message "Commanded to dig tomb ::1 tomb path::" $tombpath
[[ -n "$tombpath" ]] || _failure "Missing path to tomb" [[ $1 ]] || _failure "Missing path to tomb"
[[ -n "$tombsize" ]] || _failure "Size argument missing, use -s" [[ -n "$tombsize" ]] || _failure "Size argument missing, use -s"
[[ $tombsize == <-> ]] || _failure "Size must be an integer (mebibytes)" [[ $tombsize == <-> ]] || _failure "Size must be an integer (mebibytes)"
[[ $tombsize -ge 10 ]] || _failure "Tombs can't be smaller than 10 mebibytes" [[ $tombsize -ge 10 ]] || _failure "Tombs can't be smaller than 10 mebibytes"
_plot $tombpath # Set TOMB{PATH,DIR,FILE,NAME} [[ -e $1 ]] && {
[[ -e $TOMBPATH ]] && {
_warning "A tomb exists already. I'm not digging here:" _warning "A tomb exists already. I'm not digging here:"
ls -lh $TOMBPATH ls -lh $1
return 1 return 1
} }
_success "Creating a new tomb in ::1 tomb path::" $TOMBPATH _success "Creating a new tomb in ::1 tomb path::" $1
_message "Generating ::1 tomb file:: of ::2 size::MiB" $1 $tombsize
_message "Generating ::1 tomb file:: of ::2 size::MiB" $TOMBFILE $tombsize touch "$1"
# Ensure that file permissions are safe even if interrupted
touch $TOMBPATH
[[ $? = 0 ]] || { [[ $? = 0 ]] || {
_warning "Error creating the tomb ::1 tomb path::" $TOMBPATH _warning "Error creating the tomb ::1 tomb path::" $1
_failure "Operation aborted." _failure "Operation aborted."
} }
chmod 0600 $TOMBPATH # Ensure that file permissions are safe even if interrupted
_sudo chown ${_UID}:${_GID} "$1"
chmod 0600 $1
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]} _verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
${=DD} if=/dev/urandom bs=1048576 count=$tombsize of=$TOMBPATH ${=DD} if=/dev/urandom bs=1048576 count=$tombsize of=$1
ls -lh "$1"
[[ $? == 0 && -e $TOMBPATH ]] && { _success "Done digging ::1 tomb name::" $1
_sudo chown ${_UID}:${_GID} "$TOMBPATH"
ls -lh "$TOMBPATH"
} || {
_warning "Error creating the tomb ::1 tomb path::" $TOMBPATH
_failure "Operation aborted."
}
_success "Done digging ::1 tomb name::" $TOMBNAME
_message "Your tomb is not yet ready, you need to forge a key and lock it:" _message "Your tomb is not yet ready, you need to forge a key and lock it:"
_message "tomb forge ::1 tomb path::.key" $TOMBPATH _message "tomb forge ::1 tomb path::.key" $1
_message "tomb lock ::1 tomb path:: -k ::1 tomb path::.key" $TOMBPATH _message "tomb lock ::1 tomb path:: -k ::1 tomb path::.key" $1
return 0 return 0
} }
@ -2043,7 +1998,8 @@ lock_tomb_with_key() {
return 1 return 1
} }
_plot $tombpath
is_valid_tomb $tombpath
_message "Commanded to lock tomb ::1 tomb file::" $TOMBFILE _message "Commanded to lock tomb ::1 tomb file::" $TOMBFILE
@ -2053,12 +2009,11 @@ lock_tomb_with_key() {
_verbose "Tomb found: ::1 tomb path::" $TOMBPATH _verbose "Tomb found: ::1 tomb path::" $TOMBPATH
lo_mount $TOMBPATH lo_mount $TOMBPATH
nstloop=`lo_new`
_verbose "Loop mounted on ::1 mount point::" $nstloop _verbose "Loop mounted on ::1 mount point::" $TOMBLOOP
_message "Checking if the tomb is empty (we never step on somebody else's bones)." _message "Checking if the tomb is empty (we never step on somebody else's bones)."
_sudo cryptsetup isLuks ${nstloop} _sudo cryptsetup isLuks ${TOMBLOOP}
if [ $? = 0 ]; then if [ $? = 0 ]; then
# is it a LUKS encrypted nest? then bail out and avoid reformatting it # is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key." _warning "The tomb was already locked with another key."
@ -2089,12 +2044,12 @@ lock_tomb_with_key() {
_message "Formatting Luks mapped device." _message "Formatting Luks mapped device."
_cryptsetup --batch-mode \ _cryptsetup --batch-mode \
--cipher ${cipher} --hash sha512 --key-size 512 --key-slot 0 \ --cipher ${cipher} --hash sha512 --key-size 512 --key-slot 0 \
luksFormat ${nstloop} luksFormat ${TOMBLOOP}
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_warning "cryptsetup luksFormat returned an error." _warning "cryptsetup luksFormat returned an error."
_failure "Operation aborted." } _failure "Operation aborted." }
_cryptsetup --cipher ${cipher} --hash sha512 luksOpen ${nstloop} tomb.tmp _cryptsetup --cipher ${cipher} --hash sha512 luksOpen ${TOMBLOOP} tomb.tmp
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_warning "cryptsetup luksOpen returned an error." _warning "cryptsetup luksOpen returned an error."
_failure "Operation aborted." } _failure "Operation aborted." }
@ -2130,20 +2085,17 @@ change_tomb_key() {
_check_swap _check_swap
# this also calls _plot()
is_valid_tomb $tombpath is_valid_tomb $tombpath
lo_mount $TOMBPATH lo_mount $TOMBPATH
nstloop=`lo_new`
_sudo cryptsetup isLuks ${nstloop} _sudo cryptsetup isLuks ${TOMBLOOP}
# is it a LUKS encrypted nest? we check one more time # is it a LUKS encrypted nest? we check one more time
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH } _failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
_load_key $tombkey # Try loading given key and set TOMBKEY _load_key $tombkey # Try loading given key and set TOMBKEY
mapper=`render_mapper`
[[ "$mapper" == "" ]] && _failure "Operation aborted."
# TOMBKEYFILE # TOMBKEYFILE
local oldkey=$TOMBKEY local oldkey=$TOMBKEY
@ -2167,7 +2119,7 @@ change_tomb_key() {
# luksOpen the tomb (not really mounting, just on the loopback) # luksOpen the tomb (not really mounting, just on the loopback)
print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \ print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \
luksOpen ${nstloop} ${mapper} luksOpen ${TOMBLOOP} ${TOMBMAPPER}
[[ $? == 0 ]] || _failure "Unexpected error in luksOpen." [[ $? == 0 ]] || _failure "Unexpected error in luksOpen."
_load_key # Try loading new key from option -k and set TOMBKEYFILE _load_key # Try loading new key from option -k and set TOMBKEYFILE
@ -2189,11 +2141,11 @@ change_tomb_key() {
print -R -n - "$TOMBSECRET" >> $tmpnewkey print -R -n - "$TOMBSECRET" >> $tmpnewkey
print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \ print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \
luksChangeKey "$nstloop" "$tmpnewkey" luksChangeKey "$TOMBLOOP" "$tmpnewkey"
[[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey." [[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey."
_sudo cryptsetup luksClose "${mapper}" || _failure "Unexpected error in luksClose." _sudo cryptsetup luksClose "${TOMBMAPPER}" || _failure "Unexpected error in luksClose."
_success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE _success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE
_message "The new key is: ::1 new key::" $TOMBKEYFILE _message "The new key is: ::1 new key::" $TOMBKEYFILE
@ -2220,23 +2172,18 @@ _update_control_file() {
# $1 = tombfile $2(optional) = mountpoint # $1 = tombfile $2(optional) = mountpoint
mount_tomb() { mount_tomb() {
local tombpath="$1" # First argument is the path to the tomb [[ -n "$1" ]] || _failure "No tomb name specified for opening."
[[ -n "$tombpath" ]] || _failure "No tomb name specified for opening."
_message "Commanded to open tomb ::1 tomb name::" $tombpath _message "Commanded to open tomb ::1 tomb name::" $1
_check_swap _check_swap
# this also calls _plot() is_valid_tomb $1
is_valid_tomb $tombpath
_track_stat "$tombpath" _track_stat "$TOMBPATH"
_load_key # Try loading new key from option -k and set TOMBKEYFILE _load_key # Try loading new key from option -k and set TOMBKEYFILE
mapper=`render_mapper`
[[ "$mapper" == "" ]] && _failure "Operation aborted."
tombmount="$2" tombmount="$2"
[[ "$tombmount" = "" ]] && { [[ "$tombmount" = "" ]] && {
tombmount=/media/$TOMBNAME tombmount=/media/$TOMBNAME
@ -2257,15 +2204,14 @@ mount_tomb() {
done done
lo_mount $TOMBPATH lo_mount $TOMBPATH
nstloop=`lo_new`
_sudo cryptsetup isLuks ${nstloop} || { _sudo cryptsetup isLuks ${TOMBLOOP} || {
# is it a LUKS encrypted nest? see cryptsetup(1) # is it a LUKS encrypted nest? see cryptsetup(1)
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE } _failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
_message "This tomb is a valid LUKS encrypted device." _message "This tomb is a valid LUKS encrypted device."
luksdump="`_sudo cryptsetup luksDump ${nstloop}`" luksdump="`_sudo cryptsetup luksDump ${TOMBLOOP}`"
tombdump=(`print $luksdump | awk ' tombdump=(`print $luksdump | awk '
/^Cipher name/ {print $3} /^Cipher name/ {print $3}
/^Cipher mode/ {print $3} /^Cipher mode/ {print $3}
@ -2293,15 +2239,15 @@ mount_tomb() {
} }
[[ $? == 0 ]] || _failure "No valid password supplied." [[ $? == 0 ]] || _failure "No valid password supplied."
_cryptsetup luksOpen ${nstloop} ${mapper} _cryptsetup luksOpen ${TOMBLOOP} ${TOMBMAPPER}
[[ $? = 0 ]] || { [[ $? = 0 ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
# preserve the loopdev after exit # preserve the loopdev after exit
lo_preserve "$nstloop" lo_preserve "$TOMBLOOP"
# array: [ cipher, keysize, loopdevice ] # array: [ cipher, keysize, loopdevice ]
tombstat=(`_sudo cryptsetup status ${mapper} | awk ' tombstat=(`_sudo cryptsetup status ${TOMBMAPPER} | awk '
/cipher:/ {print $2} /cipher:/ {print $2}
/keysize:/ {print $2} /keysize:/ {print $2}
/device:/ {print $2}'`) /device:/ {print $2}'`)
@ -2309,9 +2255,9 @@ mount_tomb() {
_verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1] _verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1]
_message "Checking filesystem via ::1::" $tombstat[3] _message "Checking filesystem via ::1::" $tombstat[3]
_sudo fsck -p -C0 /dev/mapper/${mapper} _sudo fsck -p -C0 /dev/mapper/${TOMBMAPPER}
_verbose "Tomb engraved as ::1 tomb name::" $TOMBNAME _verbose "Tomb engraved as ::1 tomb name::" $TOMBNAME
_sudo tune2fs -L $TOMBNAME /dev/mapper/${mapper} > /dev/null _sudo tune2fs -L $TOMBNAME /dev/mapper/${TOMBMAPPER} > /dev/null
# we need root from here on # we need root from here on
_sudo mkdir -p $tombmount _sudo mkdir -p $tombmount
@ -2322,15 +2268,15 @@ mount_tomb() {
MOUNTOPTS="$(option_value -o)" } MOUNTOPTS="$(option_value -o)" }
# TODO: safety check MOUNTOPTS # TODO: safety check MOUNTOPTS
# safe_mount_options && # safe_mount_options &&
_sudo mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount} _sudo mount -o $MOUNTOPTS /dev/mapper/${TOMBMAPPER} ${tombmount}
# Clean up if the mount failed # Clean up if the mount failed
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_warning "Error mounting ::1 mapper:: on ::2 tombmount::" $mapper $tombmount _warning "Error mounting ::1 mapper:: on ::2 tombmount::" $TOMBMAPPER $tombmount
[[ $oldmountopts != $MOUNTOPTS ]] && \ [[ $oldmountopts != $MOUNTOPTS ]] && \
_warning "Are mount options '::1 mount options::' valid?" $MOUNTOPTS _warning "Are mount options '::1 mount options::' valid?" $MOUNTOPTS
# TODO: move cleanup to _endgame() # TODO: move cleanup to _endgame()
[[ -d $tombmount ]] && _sudo rmdir $tombmount [[ -d $tombmount ]] && _sudo rmdir $tombmount
[[ -e /dev/mapper/$mapper ]] && _sudo cryptsetup luksClose $mapper [[ -e /dev/mapper/$TOMBMAPPER ]] && _sudo cryptsetup luksClose $TOMBMAPPER
# The loop is taken care of in _endgame() # The loop is taken care of in _endgame()
_failure "Cannot mount ::1 tomb name::" $TOMBNAME _failure "Cannot mount ::1 tomb name::" $TOMBNAME
} }
@ -2470,7 +2416,7 @@ exec_safe_func_hooks() {
# here call two actions: open or close. Synopsis: # here call two actions: open or close. Synopsis:
# $1 $2 $3 $4 $5 # $1 $2 $3 $4 $5
# open "$tombmount" # open "$tombmount"
# close "$tombmount" "$tombname" "$tombloop" "$mapper" # close "$tombmount" "$tombname" "$tombloop" "$TOMBMAPPER"
$mnt/exec-hooks "$1" "$2" "$3" "$4" "$5" $mnt/exec-hooks "$1" "$2" "$3" "$4" "$5"
return $? return $?
} }
@ -2502,7 +2448,7 @@ list_tombs() {
tombloop=${mapper[(ws:.:)4]} tombloop=${mapper[(ws:.:)4]}
# calculate tomb size # calculate tomb size
ts=`df -hP /dev/mapper/$mapper | ts=`df -hP /dev/mapper/$TOMBMAPPER |
awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'` awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'`
tombtot=${ts[(ws:;:)1]} tombtot=${ts[(ws:;:)1]}
tombused=${ts[(ws:;:)2]} tombused=${ts[(ws:;:)2]}
@ -2803,21 +2749,17 @@ resize_tomb() {
_message "Commanded to resize tomb ::1 tomb name:: to ::2 size:: mebibytes." $1 $OPTS[-s] _message "Commanded to resize tomb ::1 tomb name:: to ::2 size:: mebibytes." $1 $OPTS[-s]
[[ -z "$tombpath" ]] && _failure "No tomb name specified for resizing." [[ -z "$1" ]] && _failure "No tomb name specified for resizing."
[[ ! -r $tombpath ]] && _failure "Cannot find ::1::" $tombpath [[ ! -r "$1" ]] && _failure "Cannot find ::1::" $1
newtombsize="`option_value -s`" newtombsize="`option_value -s`"
[[ -z "$newtombsize" ]] && { [[ -z "$newtombsize" ]] && {
_failure "Aborting operations: new size was not specified, use -s" } _failure "Aborting operations: new size was not specified, use -s" }
# this also calls _plot()
is_valid_tomb $tombpath is_valid_tomb $tombpath
_load_key # Try loading new key from option -k and set TOMBKEYFILE _load_key # Try loading new key from option -k and set TOMBKEYFILE
mapper=`render_mapper`
[[ "$mapper" == "" ]] && _failure "Operation aborted."
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`" tomb_pwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd _verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
@ -2858,23 +2800,22 @@ resize_tomb() {
fi fi
lo_mount "$TOMBPATH" lo_mount "$TOMBPATH"
nstloop=`lo_new`
_message "opening tomb" _message "opening tomb"
_cryptsetup luksOpen ${nstloop} ${mapper} || { _cryptsetup luksOpen ${TOMBLOOP} ${TOMBMAPPER} || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
_sudo cryptsetup resize "${mapper}" || { _sudo cryptsetup resize "${TOMBMAPPER}" || {
_failure "cryptsetup failed to resize ::1 mapper::" $mapper } _failure "cryptsetup failed to resize ::1 mapper::" $TOMBMAPPER }
_sudo e2fsck -p -f /dev/mapper/${mapper} || { _sudo e2fsck -p -f /dev/mapper/${TOMBMAPPER} || {
_failure "e2fsck failed to check ::1 mapper::" $mapper } _failure "e2fsck failed to check ::1 mapper::" $TOMBMAPPER }
_sudo resize2fs /dev/mapper/${mapper} || { _sudo resize2fs /dev/mapper/${TOMBMAPPER} || {
_failure "resize2fs failed to resize ::1 mapper::" $mapper } _failure "resize2fs failed to resize ::1 mapper::" $TOMBMAPPER }
# close and free the loop device # close and free the loop device
_sudo cryptsetup luksClose "${mapper}" _sudo cryptsetup luksClose "${TOMBMAPPER}"
return 0 return 0
} }