From 55c55a4a088fc69229c4d0485e2e7f06457e72e7 Mon Sep 17 00:00:00 2001 From: MatMoul Date: Mon, 27 Apr 2026 23:37:40 +0200 Subject: [PATCH] feat: strengthen wipe safety checks and confirmation flow Add mounted/in-use device detection, show detailed device info before confirmation, and require an exact wipe phrase to proceed. Also move status output to stderr and refresh the usage warnings for clearer destructive-action guidance. --- .continue/rules/project.md | 7 +++-- mtm-ddwipe | 61 ++++++++++++++++++++++++++++---------- 2 files changed, 51 insertions(+), 17 deletions(-) diff --git a/.continue/rules/project.md b/.continue/rules/project.md index f0ae761..a6511d5 100644 --- a/.continue/rules/project.md +++ b/.continue/rules/project.md @@ -9,6 +9,8 @@ description: mtm-ddwipe project conventions - Strengthen destructive-action safety checks in `mtm-ddwipe`. - Keep `mtm-ddwipe` interactive by default. - Require explicit confirmation before destructive actions. +- Show clear device details before confirmation. +- Check that target devices are not mounted or in use before wiping. - Keep user-facing messages short and clear. - Keep error and help messages short and clear. - Prefer minimal, focused changes that preserve intent. @@ -18,12 +20,13 @@ description: mtm-ddwipe project conventions - `mtm-ddwipe` must print a usage line and support `-h`/`--help`. - Validate that wipe targets are real block devices before operating on them. - Keep short, explicit confirmation prompts before destructive operations. -- Prefer confirmation prompts that require typing the target device path. -- Keep help text concise and usage-first. +- Prefer confirmation prompts that require typing the target device path or an exact safety phrase. +- Keep help text concise, usage-first, and warning-focused. - Keep destructive safeguards strict and explicit. - If adding non-interactive support, make it an opt-in safety flag. - Keep device identification prompts clear and specific. - Preserve the fallback wipe flow: secure discard, zero discard, then zero-fill with `dd`. +- Keep timing and status output short and readable. # Project identity - Main script: `mtm-ddwipe` diff --git a/mtm-ddwipe b/mtm-ddwipe index 40bdb5e..54fe4fb 100644 --- a/mtm-ddwipe +++ b/mtm-ddwipe @@ -2,21 +2,28 @@ set -euo pipefail IFS=$'\n\t' -VERSION="0.0.3" +VERSION="0.0.4" STARTDATE=0 STARTDATESTRING="" -DEVICE_PATH="" usage() { cat <&2 } die() { @@ -48,14 +55,26 @@ check_device() { [ -b "$dev" ] || die "Not a block device: $dev" } +check_device_not_in_use() { + local dev="$1" + + if lsblk -nrpo NAME,MOUNTPOINT "$dev" | awk '$2 != "" { found=1 } END { exit !found }'; then + die "Device or one of its children is mounted: $dev" + fi +} + confirm_wipe() { local dev="$1" local choice="" - lsblk "$dev" + echo "Selected device:" + lsblk -o NAME,SIZE,TYPE,FSTYPE,MOUNTPOINT,MODEL,SERIAL "$dev" echo "" - read -r -p "Type the device path to confirm wipe: " choice - [ "$choice" = "$dev" ] || die "Canceled" + echo "This will destroy data on: $dev" + echo "Type exactly: WIPE $dev" + echo "" + read -r -p "Confirmation: " choice + [ "$choice" = "WIPE $dev" ] || die "Canceled" echo "" } @@ -65,22 +84,34 @@ confirm_root() { fi } +format_duration() { + local total="$1" + local hours minutes seconds + + hours=$((total / 3600)) + minutes=$(((total % 3600) / 60)) + seconds=$((total % 60)) + + printf '%02d:%02d:%02d\n' "$hours" "$minutes" "$seconds" +} + print_time() { local enddate calctime echo "" - echo "Start date :" - echo "$STARTDATESTRING" + log "Start date :" + log "$STARTDATESTRING" enddate=$(date +%s) - echo "" - echo "End date :" - date - calctime=$((enddate - STARTDATE)) + echo "" - echo "Total time :" - date -d@"${calctime}" -u +%H:%M:%S + log "End date :" + date >&2 + + echo "" + log "Total time :" + format_duration "$calctime" >&2 } wipe_with_blkdiscard_secure() { @@ -111,7 +142,6 @@ wipe_dev() { STARTDATE=$(date +%s) STARTDATESTRING="$(date)" - DEVICE_PATH="$dev" log "Begin wiping device $dev" echo "" @@ -146,6 +176,7 @@ main() { check_args "$@" confirm_root check_device "$1" + check_device_not_in_use "$1" confirm_wipe "$1" wipe_dev "$1" print_time