t[cleanup] Consolidate temporary file creation - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 14ed549a55d500b1779bb752bc2697a81b8c84ef
(DIR) parent 226fd2a0f82c92e1b5c668324f8891fd762265a1
(HTM) Author: hellekin <hellekin@cepheide.org>
Date: Tue, 28 Oct 2014 09:46:23 -0300
t[cleanup] Consolidate temporary file creation
Diffstat:
M tomb | 91 +++++++++++++------------------
1 file changed, 38 insertions(+), 53 deletions(-)
---
(DIR) diff --git a/tomb b/tomb
t@@ -259,7 +259,7 @@ _plot() {
}
# Provide a random filename in shared memory
-tmp_create() {
+_tmp_create tmp_create() {
local tfile="${TMPPREFIX}${RANDOM}" # Temporary file
t@@ -274,14 +274,9 @@ tmp_create() {
_verbose "Created tempfile: ::1 temp file::" $tfile
TOMBTMPFILES+=($tfile)
- return 0
-
-}
-
-# Print the name of the latest temporary file created
-tmp_new() {
+ print - $tfile # Print it so it can be stored into a variable
- print - "${TOMBTMPFILES[${#TOMBTMPFILES}]}"
+ return 0
}
t@@ -829,10 +824,10 @@ _load_key load_key() {
# contains tweaks for different gpg versions
gpg_decrypt() {
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
- gpgver=`gpg --version --no-permission-warning | awk '/^gpg/ {print $3}'`
- gpgpass="$1\n$TOMBKEY"
+ local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}')
+ local gpgpass="$1\n$TOMBKEY"
- if [ "$gpgver" = "1.4.11" ]; then
+ [[ $gpgver == "1.4.11" ]] && {
_verbose "GnuPG is version 1.4.11 - adopting status fix."
TOMBSECRET=`print - "$gpgpass" | \
t@@ -840,22 +835,21 @@ gpg_decrypt() {
ret=$?
unset gpgpass
- else # using status-file in gpg != 1.4.11
+ } || { # using status-file in gpg != 1.4.11
# TODO: use mkfifo
- tmp_create
- _status=`tmp_new`
+ local statusfile=$(_tmp_create)
TOMBSECRET=`print - "$gpgpass" | \
gpg --batch --passphrase-fd 0 --no-tty --no-options \
--status-fd 2 --no-mdc-warning --no-permission-warning \
- --no-secmem-warning 2> $_status`
+ --no-secmem-warning 2> $statusfile`
unset gpgpass
- grep 'DECRYPTION_OKAY' $_status > /dev/null
+ grep 'DECRYPTION_OKAY' $statusfile > /dev/null
ret=$?
- fi
+ }
return $ret
}
t@@ -955,48 +949,43 @@ ask_key_password() {
# change tomb key password
change_passwd() {
+ local tmpnewkey lukskey c tombpass tombpasstmp
_check_swap
load_key
_message "Commanded to change password for tomb key ::1 key::" $TOMBKEYFILE
- local tmpnewkey lukskey c tombpass tombpasstmp
-
- tmp_create
- tmpnewkey=`tmp_new`
+ tmpnewkey=$(_tmp_create)
if option_is_set --tomb-old-pwd; then
- tomb_old_pwd="`option_value --tomb-old-pwd`"
- _verbose "tomb-old-pwd = ::1 old pass::" $tomb_old_pwd
- ask_key_password "$tomb_old_pwd"
+ local tomboldpwd="`option_value --tomb-old-pwd`"
+ _verbose "tomb-old-pwd = ::1 old pass::" $tomboldpwd
+ ask_key_password "$tomboldpwd"
else
ask_key_password
fi
-
- { test $? = 0 } || {
- _failure "No valid password supplied." }
+ [[ $? == 0 ]] || _failure "No valid password supplied."
_success "Changing password for ::1 key file::" $TOMBKEYFILE
# Here $TOMBSECRET contains the key material in clear
- if option_is_set --tomb-pwd; then
- tomb_new_pwd="`option_value --tomb-pwd`"
- _verbose "tomb-pwd = ::1 new pass::" $tomb_new_pwd
- gen_key "$tomb_new_pwd" >> "$tmpnewkey"
- else
+ { option_is_set --tomb-pwd } && {
+ local tombpwd="`option_value --tomb-pwd`"
+ _verbose "tomb-pwd = ::1 new pass::" $tombpwd
+ gen_key "$tombpwd" >> "$tmpnewkey"
+ } || {
gen_key >> "$tmpnewkey"
- fi
+ }
- if ! is_valid_key "`cat $tmpnewkey`"; then
- _failure "Error: the newly generated keyfile does not seem valid."
- else
- # copy the new key as the original keyfile name
- cp -f "${tmpnewkey}" $TOMBKEYFILE
- _success "Your passphrase was successfully updated."
+ { is_valid_key "$(cat $tmpnewkey)" } || {
+ _failure "Error: the newly generated keyfile does not seem valid." }
+
+ # Copy the new key as the original keyfile name
+ cp -f "${tmpnewkey}" $TOMBKEYFILE
+ _success "Your passphrase was successfully updated."
- fi
return 0
}
t@@ -1591,19 +1580,16 @@ change_tomb_key() {
_failure "No valid password supplied for the new key." }
new_secret=$TOMBSECRET
- # danger zone: due to cryptsetup limitations, in setkey we need
+ # Danger zone: due to cryptsetup limitations, in setkey we need
# to write the bare unencrypted key on the tmpfs.
- tmp_create
- new_secret_file=`tmp_new`
- print -n - "$new_secret" >> $new_secret_file
- print -n - "$old_secret"| \
- cryptsetup --key-file - luksChangeKey "$nstloop" "$new_secret_file"
- { test $? = 0 } || {
- _failure "Unexpected error in luksChangeKey." }
+ local newsecretfile=$(_tmp_create)
- cryptsetup luksClose "${mapper}"
- { test $? = 0 } || {
- _failure "Unexpected error in luksClose." }
+ print -n - "$new_secret" >> $newsecretfile
+ print -n - "$old_secret" | \
+ cryptsetup --key-file - luksChangeKey "$nstloop" "$newsecretfile"
+ [[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey."
+
+ cryptsetup luksClose "${mapper}" || _failure "Unexpected error in luksClose."
_success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE
_message "The new key is: ::1 new key::" $newkey
t@@ -2096,8 +2082,7 @@ index_tombs() {
# here we use swish to index file contents
[[ $SWISH == 1 ]] && {
_message "Indexing ::1 tomb name:: contents..." $tombname
- tmp_create
- swishrc=`tmp_new`
+ local swishrc=$(_tmp_create)
cat <<EOF > $swishrc
# index directives