@@ -575,22 +575,31 @@ is_valid_tomb() {
575575 # First argument must be the path to a tomb
576576 [[ ! -z $1 ]] || _failure " Tomb file is missing from arguments."
577577
578+ # We set global variables
579+ typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME TOMBMAPPER
580+
581+ TOMBPATH=" $1 "
582+
583+ TOMBDIR=$( dirname $TOMBPATH )
584+
585+ TOMBFILE=$( basename $TOMBPATH )
586+
578587 local _fail=0
579588 # Tomb file must be a readable, writable, non-empty regular file.
580589 # If passed the "ro" mount option, the writable check is skipped.
581590 while true ; do
582591 option_value_contains -o ro || {
583- [[ ! -w " $1 " && {
584- _warning " Tomb file is not writable: ::1 tomb file::" $1
592+ [[ ! -w " $TOMBPATH " && {
593+ _warning " Tomb file is not writable: ::1 tomb file::" $TOMBPATH
585594 _fail=1; break ; }
586595 }
587596 _verbose " tomb file is readable"
588- [[ ! -f " $1 " && {
589- _warning " Tomb file is not a regular file: ::1 tomb file::" $1
597+ [[ ! -f " $TOMBPATH " && {
598+ _warning " Tomb file is not a regular file: ::1 tomb file::" $TOMBPATH
590599 _fail=1; break ; }
591600 _verbose " tomb file is a regular file"
592- [[ ! -s " $1 " && {
593- _warning " Tomb file is empty (zero length): ::1 tomb file::" $1
601+ [[ ! -s " $TOMBPATH " && {
602+ _warning " Tomb file is empty (zero length): ::1 tomb file::" $TOMBPATH
594603 _fail=1; break ; }
595604 _verbose " tomb file is not empty"
596605 break ;
@@ -599,19 +608,6 @@ is_valid_tomb() {
599608 _failure " Tomb command failed: ::1 command name::" $subcommand
600609 }
601610
602- # Tomb file may be a LUKS FS (or we are creating it)
603- cryptsetup isLuks " $1 " || {
604- _message " File is not yet a tomb: ::1 tomb file::" $1 }
605-
606- # We set global variables
607- typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME TOMBMAPPER
608-
609- TOMBPATH=" $1 "
610-
611- TOMBDIR=$( dirname $TOMBPATH )
612-
613- TOMBFILE=$( basename $TOMBPATH )
614-
615611 # The tomb name is TOMBFILE without an extension and underscores instead of spaces (for mount and cryptsetup)
616612 # It can start with dots: ..foo bar baz.tomb -> ..foo_bar_baz
617613 TOMBNAME=${${TOMBFILE// / _} % .* }
@@ -638,6 +634,12 @@ is_valid_tomb() {
638634
639635 _verbose " tomb file is not currently in use"
640636
637+ # Confirm if the Tomb file is a LUKS device
638+ cryptsetup isLuks " $TOMBPATH " || {
639+ _message " File is not a tomb: ::1 tomb file::" $TOMBPATH
640+ return 1
641+ }
642+
641643 _message " Valid tomb file found: ::1 tomb path::" $TOMBPATH
642644 return 0
643645}
@@ -2063,8 +2065,16 @@ lock_tomb_with_key() {
20632065 return 1
20642066 }
20652067
2066-
2068+ _message " Checking if the tomb is empty (we never step on somebody else's bones). "
20672069 is_valid_tomb $tombpath
2070+ if [ $? = 0 ]; then
2071+ # is it a LUKS encrypted nest? then bail out and avoid reformatting it
2072+ _warning " The tomb was already locked with another key."
2073+ _failure " Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
2074+ else
2075+ _message " Fine, this tomb seems empty."
2076+ fi
2077+ lo_check " $TOMBPATH "
20682078
20692079 _message " Commanded to lock tomb ::1 tomb file::" $TOMBFILE
20702080
@@ -2100,18 +2110,6 @@ lock_tomb_with_key() {
21002110 _success " Selected filesystem type ::1 filesystem::" $filesystem
21012111 }
21022112
2103- lo_check " $TOMBPATH "
2104-
2105- _message " Checking if the tomb is empty (we never step on somebody else's bones)."
2106- cryptsetup isLuks ${TOMBPATH}
2107- if [ $? = 0 ]; then
2108- # is it a LUKS encrypted nest? then bail out and avoid reformatting it
2109- _warning " The tomb was already locked with another key."
2110- _failure " Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
2111- else
2112- _message " Fine, this tomb seems empty."
2113- fi
2114-
21152113 _load_key # Try loading key from option -k and set TOMBKEYFILE
21162114
21172115 # the encryption cipher for a tomb can be set when locking using -c
@@ -2191,12 +2189,9 @@ change_tomb_key() {
21912189
21922190 _check_swap
21932191
2194- is_valid_tomb $tombpath
2195- lo_check " $TOMBPATH "
2196- cryptsetup isLuks ${TOMBPATH}
2197- # is it a LUKS encrypted nest? we check one more time
2198- [[ $? == 0 ]] || {
2192+ is_valid_tomb $tombpath || {
21992193 _failure " Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
2194+ lo_check " $TOMBPATH "
22002195
22012196 _load_key $tombkey # Try loading given key and set TOMBKEY
22022197
@@ -2288,7 +2283,10 @@ mount_tomb() {
22882283
22892284 _check_swap
22902285
2291- is_valid_tomb $1
2286+ is_valid_tomb $1 || {
2287+ # is it a LUKS encrypted nest? see cryptsetup(1)
2288+ _failure " ::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
2289+ lo_check " $TOMBPATH "
22922290
22932291 _track_stat " $TOMBPATH "
22942292
@@ -2316,12 +2314,6 @@ mount_tomb() {
23162314 _failure " Mountpoint already in use: ::1 mount point::" " $tombmount "
23172315 done
23182316
2319-
2320- lo_check " $TOMBPATH "
2321- cryptsetup isLuks ${TOMBPATH} || {
2322- # is it a LUKS encrypted nest? see cryptsetup(1)
2323- _failure " ::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
2324-
23252317 _message " This tomb is a valid LUKS encrypted device."
23262318
23272319 local luksdump=" ` _sudo cryptsetup luksDump ${TOMBPATH} ` "
@@ -2835,7 +2827,8 @@ resize_tomb() {
28352827 [[ -z " $newtombsize " && {
28362828 _failure " Aborting operations: new size was not specified, use -s"
28372829
2838- is_valid_tomb $tombpath
2830+ is_valid_tomb $tombpath || {
2831+ _failure " ::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
28392832
28402833 _load_key # Try loading new key from option -k and set TOMBKEYFILE
28412834
0 commit comments