diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-06-29 10:45:36 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-06-29 10:47:22 +0200 |
| commit | f847dfb10b01bbe5f53c3d66badedfc1be9e9046 (patch) | |
| tree | ea35343eaea356ee9fb5c1e37dbc7ecfa68b4dcd | |
| parent | 9ed79aacd5ef54b9f19f0b91c000f13f46ec76ab (diff) | |
| download | pass-f847dfb10b01bbe5f53c3d66badedfc1be9e9046.tar.gz pass-f847dfb10b01bbe5f53c3d66badedfc1be9e9046.tar.bz2 pass-f847dfb10b01bbe5f53c3d66badedfc1be9e9046.zip | |
darwin: properly ejects ramdisks
In the move away from extensive global variables and improved cleanup
routines, we forgot to fix the darwin platform file, which means
temporary ramdisks never got unmounted. This patch cleans up the general
cleanup trap logic routines.
| -rwxr-xr-x | src/password-store.sh | 15 | ||||
| -rw-r--r-- | src/platform/darwin.sh | 20 |
2 files changed, 20 insertions, 15 deletions
diff --git a/src/password-store.sh b/src/password-store.sh index 8c6c9c5..dfd59fe 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -163,11 +163,16 @@ clip() { echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } tmpdir() { + [[ -n $SECURE_TMPDIR ]] && return local warn=1 [[ $1 == "nowarn" ]] && warn=0 local template="$PROGRAM.XXXXXXXXXXXXX" if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then SECURE_TMPDIR="$(TMPDIR=/dev/shm mktemp -d -t "$template")" + remove_tmpfile() { + rm -rf "$SECURE_TMPDIR" + } + trap remove_tmpfile INT TERM EXIT else [[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF Your system does not have /dev/shm, which means that it may @@ -178,6 +183,11 @@ tmpdir() { _EOF )" SECURE_TMPDIR="$(mktemp -d -t "$template")" + shred_tmpfile() { + find "$SECURE_TMPDIR" -type f -exec $SHRED {} + + rm -rf "$SECURE_TMPDIR" + } + trap shred_tmpfile INT TERM EXIT fi } @@ -413,11 +423,6 @@ cmd_edit() { tmpdir #Defines $SECURE_TMPDIR local tmp_file="$(TMPDIR="$SECURE_TMPDIR" mktemp -t "$template")" - eval "shred_tmpfile() { - $SHRED '$tmp_file' - rm -rf '$SECURE_TMPDIR' '$tmp_file' - }" - trap shred_tmpfile INT TERM EXIT local action="Add" diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh index 1b76c33..24bd048 100644 --- a/src/platform/darwin.sh +++ b/src/platform/darwin.sh @@ -16,19 +16,19 @@ clip() { } tmpdir() { - cleanup_tmp() { - [[ -d $SECURE_TMPDIR ]] || return - rm -rf "$tmp_file" "$SECURE_TMPDIR" 2>/dev/null + [[ -n $SECURE_TMPDIR ]] && return + unmount_tmpdir() { + [[ -n $SECURE_TMPDIR && -d $SECURE_TMPDIR && -n $DARWIN_RAMDISK_DEV ]] || return umount "$SECURE_TMPDIR" - diskutil quiet eject "$ramdisk_dev" - rmdir "$SECURE_TMPDIR" + diskutil quiet eject "$DARWIN_RAMDISK_DEV" + rm -rf "$SECURE_TMPDIR" } - trap cleanup_tmp INT TERM EXIT + trap unmount_tmpdir INT TERM EXIT SECURE_TMPDIR="$(mktemp -t "$template" -d)" - local ramdisk_dev="$(hdid -drivekey system-image=yes -nomount 'ram://32768' | cut -d ' ' -f 1)" # 32768 sectors = 16 mb - [[ -z $ramdisk_dev ]] && exit 1 - newfs_hfs -M 700 "$ramdisk_dev" &>/dev/null || exit 1 - mount -t hfs -o noatime -o nobrowse "$ramdisk_dev" "$SECURE_TMPDIR" || exit 1 + DARWIN_RAMDISK_DEV="$(hdid -drivekey system-image=yes -nomount 'ram://32768' | cut -d ' ' -f 1)" # 32768 sectors = 16 mb + [[ -z $DARWIN_RAMDISK_DEV ]] && die "Error: could not create ramdisk." + newfs_hfs -M 700 "$DARWIN_RAMDISK_DEV" &>/dev/null || die "Error: could not create filesystem on ramdisk." + mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." } GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || echo /usr/local)/bin/getopt" |