matmoul
ecc6e5b038
Add strict shell options, root and block-device validation, and a typed-device confirmation prompt before wiping. Preserve the fallback wipe sequence through secure discard, zero discard, and dd, while tightening error handling and keeping messages concise.
155 lines
2.2 KiB
Bash
155 lines
2.2 KiB
Bash
#!/bin/bash
|
|
set -euo pipefail
|
|
IFS=$'\n\t'
|
|
|
|
VERSION="0.0.3"
|
|
STARTDATE=0
|
|
STARTDATESTRING=""
|
|
DEVICE_PATH=""
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: mtm-ddwipe-2 DEVICE
|
|
Wipe a block device.
|
|
Version: ${VERSION}
|
|
EOF
|
|
}
|
|
|
|
log() {
|
|
echo "$*"
|
|
}
|
|
|
|
die() {
|
|
echo "Error: $*" >&2
|
|
exit 1
|
|
}
|
|
|
|
check_args() {
|
|
if [ $# -ne 1 ]; then
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
case "$1" in
|
|
-h|--help)
|
|
usage
|
|
exit 0
|
|
;;
|
|
-*)
|
|
die "Invalid option."
|
|
;;
|
|
esac
|
|
}
|
|
|
|
check_device() {
|
|
local dev="$1"
|
|
|
|
[ -e "$dev" ] || die "Missing device: $dev"
|
|
[ -b "$dev" ] || die "Not a block device: $dev"
|
|
}
|
|
|
|
confirm_wipe() {
|
|
local dev="$1"
|
|
local choice=""
|
|
|
|
lsblk "$dev"
|
|
echo ""
|
|
read -r -p "Type the device path to confirm wipe: " choice
|
|
[ "$choice" = "$dev" ] || die "Canceled"
|
|
echo ""
|
|
}
|
|
|
|
confirm_root() {
|
|
if [ "${EUID:-$(id -u)}" -ne 0 ]; then
|
|
die "This tool must be run as root."
|
|
fi
|
|
}
|
|
|
|
print_time() {
|
|
local enddate calctime
|
|
|
|
echo ""
|
|
echo "Start date :"
|
|
echo "$STARTDATESTRING"
|
|
|
|
enddate=$(date +%s)
|
|
echo ""
|
|
echo "End date :"
|
|
date
|
|
|
|
calctime=$((enddate - STARTDATE))
|
|
echo ""
|
|
echo "Total time :"
|
|
date -d@"${calctime}" -u +%H:%M:%S
|
|
}
|
|
|
|
wipe_with_blkdiscard_secure() {
|
|
local dev="$1"
|
|
|
|
log "blkdiscard secure"
|
|
blkdiscard -f -p 500M -s -v "$dev"
|
|
}
|
|
|
|
wipe_with_blkdiscard_zero() {
|
|
local dev="$1"
|
|
|
|
log "blkdiscard zero"
|
|
blkdiscard -f -p 500M -z -v "$dev"
|
|
}
|
|
|
|
wipe_with_dd() {
|
|
local dev="$1"
|
|
|
|
log "dd zero"
|
|
dd if=/dev/zero of="$dev" bs=1M status=progress conv=fsync
|
|
log "Wiped with dd, check if full size is written."
|
|
log "Otherwise use a mechanical destruction of the device."
|
|
}
|
|
|
|
wipe_dev() {
|
|
local dev="$1"
|
|
|
|
STARTDATE=$(date +%s)
|
|
STARTDATESTRING="$(date)"
|
|
DEVICE_PATH="$dev"
|
|
|
|
log "Begin wiping device $dev"
|
|
echo ""
|
|
log "Start date :"
|
|
log "$STARTDATESTRING"
|
|
echo ""
|
|
|
|
if wipe_with_blkdiscard_secure "$dev"; then
|
|
echo ""
|
|
log "Device $dev wiped."
|
|
return
|
|
fi
|
|
|
|
echo ""
|
|
if wipe_with_blkdiscard_zero "$dev"; then
|
|
echo ""
|
|
log "Device $dev wiped."
|
|
return
|
|
fi
|
|
|
|
echo ""
|
|
if wipe_with_dd "$dev"; then
|
|
echo ""
|
|
log "Device $dev wiped."
|
|
return
|
|
fi
|
|
|
|
die "Wipe failed. The device may not be fully overwritten."
|
|
}
|
|
|
|
main() {
|
|
check_args "$@"
|
|
confirm_root
|
|
check_device "$1"
|
|
confirm_wipe "$1"
|
|
wipe_dev "$1"
|
|
print_time
|
|
}
|
|
|
|
main "$@"
|