Age | Commit message (Collapse) | Author |
|
`exit (1)' to `exit (EXIT_FAILURE)', and
`usage (1)' to `usage (EXIT_FAILURE)'.
|
|
|
|
|
|
(wipename): Quote file names only when necessary.
(main): Copy quoted string into malloc'd storage so it doesn't
get clobbered when using -u and --verbose.
Minor clean-up.
* src/shred.c:
Use `NULL' rather than `(time_t *) 0'.
(dopass): Use STREQ in place of strcmp.
Add parentheses around use of nested ternary operator.
|
|
(dopass): If verbose, output a line every VERBOSE_UPDATE seconds,
and suppress duplicate output lines. Output a percentage as well
as a count of bytes.
Also, fix comment/code typo regarding how many bytes have been
written; this typo was harmless before, but is no longer harmless with
the above change in effect.
|
|
|
|
|
|
code in lib/ for compiling this program without config.h.
|
|
|
|
is a valid suffix, assume 1. "MB" now means decimal, "MiB" binary.
Accept 'K' as well as 'k'.
|
|
instead of hard-coding --help and --version descriptions.
|
|
(main): Don't `call' GETTIMEOFDAY_INIT.
|
|
for short options too.''
|
|
the --version option, so this message is consistent with all the rest.
|
|
descriptions are alone in their own string.
|
|
Use fputs, not printf.
|
|
|
|
|
|
(main): `Call' GETTIMEOFDAY_INIT, just in case the code ever changes
to make it necessary.
|
|
|
|
downcase bulleted items
remove some periods
|
|
some of the filesystem types on which shred is not effective.
|
|
|
|
Use UINT_MAX_32_BITS in the cpp conditions that determine
the `word32' typedef. Using a literal `0xffffffff' failed with
HPUX10.20's /bin/cc.
|
|
that would use the PPC mfspr `asm' code.
|
|
(fillrand): Add a parameter, size_max.
Add an assertion.
Adjust caller.
(dopass): Break out of the `for (;;)' loop if size < offset.
That can happen now that dopass is called with SIZE == -1.
(do_wipefd): Accept a length of zero only for a regular file.
If lseek fails or returns 0 for a non-regular file, let dopass
determine the length.
Inspired by a patch from Alan Iwi.
|
|
|
|
|
|
|
|
corresponding argument in a `quote (...)' call.
|
|
Remove FIXME comment.
|
|
|
|
sys/stat.h or system.h. From John David Anglin.
|
|
|
|
sys/stat.h or system.h. From John David Anglin.
|
|
and shorter, skip to the next shorter length length if a rename fails (e.g. due to
permission denied). Otherwise, this loop would iterate for so long that shred would
appear to be stuck in an infinite loop for any but the shortest file names.
|
|
Remove the `R'.
|
|
|
|
things like #define const, and this must be done before
including any system headers.
|
|
Use -u instead of -R for --remove, so that we can preserve
future compatibility with rm.
|
|
(do_wipefd): Use ST_BLKSIZE instead of referring to the st_blksize
member directly.
|
|
"human.h", "xalloc.h": Include.
(attribute): Remove; no longer needed.
(xstrdup): New decl.
(STDOUT_FILENO): New macro.
(O_NOCTTY): Make sure it's always defined, even if HAVE_CONFIG_H.
The following changes have effect only if !HAVE_CONFIG_H.
<ctype.h>: New include.
(RETSIGTYPE): Remove bogus semicolon at end.
(STDOUT_FILENO, uintmax_t, human_readable, LONGEST_HUMAN_READABLE):
New macros.
(xstrtoumax): Renamed from xstrtoul, with corresponding type changes.
Handle suffixes like the real routine does.
(error): Remove bogus assignment of errno to errnum.
(xmalloc, xstrdup): New functions.
(O_NOCTTY): Define even if !HAVE_CONFIG_H.
(S_ISFIFO, S_ISSOCK): New macros, if not already defined.
(OUTPUT_BLOCK_SIZE): New macro.
(struct Options.verbose): Now a boolean, since we no longer have two
levels of verbosity.
(long_opts, usage, main): Remove -D or --device option. Invert -p or
--preserve option, and rename it to -R or --remove.
(usage): Describe G suffix.
(usage): "-" no longer conflicts with -v.
(UCHAR_MAX): Indent `#error' so that SunOS 4.1.4 cc doesn't reject it.
(ind): Portability fixes: return word32, not unsigned; multiply by
sizeof (word32) instead of shifting left by 2.
(isaac_refill, isaac_mix): Comment out size of array parameter, as
ansi2knr mishandles this.
(status_visible, status_pos, pfstatus, flushstatus): Remove, since
pfstatus isn't portable to users with varying width fonts, or
internationalized messages, and vfprintf is problematic. All callers
of pfstatus changed to use error instead; this removes incompatibility
of -v with -. All calls to flushstatus removed.
(dopass, do_wipefd): Do not translate non-English msgs with gettext.
(dopass): Cast lseek constant arguments to (off_t) for benefit
of pre-ANSI compilers; fix one lseek call whose args were interchanged.
Remove unnecessary casts to (off_t). Do not check for EIO
when determining file size; this was just my earlier wild guess.
Use human_readable to print off_t, instead of casting to unsigned long
(which doesn't work in Solaris 2.6, where off_t is longer than long).
Output human-readable sizes, instead of always using "K".
Check for offset overflow (it happened to me in SunOS 4.1.4).
(do_wipefd): Do not insist on regular files, but do check for special
files that cannot possibly be shredded.
Use xmalloc instead of malloc + check.
Do not inspect st_size for non-regular files.
Try to find the size of a non-regular file by seeking to its end.
Do not assume that a regular file of size-0 has unknown size.
Check for regular files with negative sizes,
and for overflow after rounding to next block.
Always try to truncate, even for special files, but do not report an
error if truncation fails on a special file.
(dopass, wipefile): Do not return 1 for special files; the caller
doesn't care any more.
(wipefd): Remove unnecessary (and nonportable) check for
whether the file descriptor is read-only. Remove
no-longer-needed check for `-v -'.
(incname): Return 1 for carry bit, like the documentation says.
(wipename, wipefile): Accept new argument, specifying the
quoted file name. All callers changed.
(wipename): Use xstrdup instead of strdup+error check.
(wipefile): Check for ENOTDIR when opening /dev/fd/NNN. Check for
errors in NNN more carefully. Restore errno after the check.
Check for errors when closing the file descriptor.
Use more consistent wording when unable to remove a file.
(main): Do not remove files by default.
Use xstrtoumax instead of xstrtoul uniformly, since xstrtoul won't
exist if !HAVE_CONFIG_H.
In diagnostics, quote invalid operands to -n and -s options.
Allow T, P, E, Z, and Y suffixes in -s operand.
flags.verbose is now a boolean, not a counter.
Use STDOUT_FILENO instead of 1, for clarity.
|
|
[!HAVE_CONFIG_H]: Include string.h here.
[!HAVE_CONFIG_H]: Hard-code RETSIGTYPE to `int'.
(sigill_handler): Change return type and type of local `oldhandler' to
RETSIGTYPE.
(isaac_seed_machdep): Change and type of local `oldhandler' to
RETSIGTYPE.
|
|
(wipefd): Add parentheses suggested by gcc.
(do_wipefd): Remove declaration of unused local.
|
|
to allow standalone compilation.
(wipefile): Added support for emulating /dev/fd/# files even if
the OS doesn't support them. From Paul Eggert.
(main, usage): Changed --device short option to -D.
(wipefd, do_wipefd): Renamed function to do_wipefd and added
separate wipefd that performs sanity checks on externally-opened file
descriptors, such as not append-only. From Paul Eggert.
(do_wipefd, isaac_seedfd): Do not read file for any reason.
if the file is low-entropy, it's a security hole.
(wipefile) Changed to open O_WRONLY and chmod to write-only when
forcing.
(isaac_seedfd) Function deleted as unnecessary.
From Paul Eggert.
(dopass): Dynamically fall back to fsync() if fdatasync() fails,
since POSIX, in their infinitesimal wisdom, encourage implementations
that return constant -1, making compile-time testing useless.
From Paul Eggert.
(dopass): Changed to support a size of -1 to mean "unknown".
This entailed changing to a counting-up offset rather than couting-down
cursize for the central state variable. Also changed size argument to
be call-by-reference so that it can be passed back once known.
(sizer) Function deleted as unnecessary.
(wipefd): Changed to match. From Paul Eggert
(dopass): Try to skip over bad blocks in destination files.
Also added ftruncate() for more complete destruction of metadata.
(main, usage): Changed "-" to stand for standard output.
(wipefd): Added error message to detect conflict with -v.
(dopass): Added periodic fsync() calls to keep the pass progress
display in sync with reality. Hopefully they're sufficiently far spaced
that throughput isn't affected. It might be a good thing to do even in
non-verbose mode, to avoid filling up the kernel caches with dirty data.
Also added ftruncate() for more complete destruction of metadata.
(quotearg_colon): New function to print
pathological filenames properly.
[!HAVE_CONFIG_H] (quotearg_colon_buf) New internal helper function
that does most of the work.
(wipefd, do_wipefd, dopass) Now take a qname (pre-quoted name) argument.
(wipename, wipefile, main) Changed diagnostics to use quotearg_colon.
Error messages are also in a more uniform format.
From Paul Eggert.
(struct Options, main, do_wipefd): Added -s/--size=N flag.
(xstrtoul): Added support for valid_suffixes to help this.
(usage) Documented it.
(error): Changed some arguments from N_() to _(), since error()
does not translate its argument. I think this is a bug.
(struct Options do_wipefd, wipefd, wipefile, main): moved passes
argument into the Options structure as n_iterations, which is now a
size_t. From Paul Eggert.
(isaac_seed_start, isaac_seed_data, isaac_seed_finish): New functions
to manage seeding of RNG with arbitrary-sized data.
(isaac_init): commented out as dead code.
(isaac_seed): changed to use new functions to prevent any possibility of
a buffer overflow.
(isaac_seed): Added support for Solaris' gethrtime()
configure.in: Corresponding feature test. From Paul Eggert.
(wipename): Change remove() to unlink() for speed & portability.
Use lstat() instead of access() to see if a filename is taken. This
works even on dangling symlinks and avoids the suid problems of
access(2). From Paul Eggert.
(isaac_seed_machdep): New function for reading cycle counters
|
|
|
|
Use gethrtime if available. Don't assume that clock_gettime succeeds.
Put most random sources first.
|
|
Remove options -dp. Do not read output files.
(long_opts, usage, main, wipefile): Adjust to new options.
("human.h", "quotearg.h"): New includes.
(struct Options): New members contents, links, n_iterations.
Remove allow_devices, remove_file. Change n_iterations to size_t.
All uses changed.
(output_block_size): New var.
(usage): Declare __noreturn__ attribute.
(fdatasync): Define to -1 if not present, since we need to invoke both
fdatasync and fsync if both are present. All invokers of fdatasync
now try fdatasync, then fsync.
(MIXIN): New macro.
(isaac_seed): Use it to mix in values. Add uid, gid to mix.
Don't use gettimeofday, as it has too many porting problems.
(isaac_seedfd): Remove, since we no longer read the output files.
(sizefd): Remove; we now determine size by writing sequentially.
(dopass, wipename, wipefile, main): Clean up error messages.
(dopass): Keep track of offset relative to start of file, not
end, since we may not know how large the file is. If size is
negative, write until we fall off the end of the file.
(wipefd): Do not read output file.
Return 0 if successful, -1 if not; do not make a special case for
non-regular files, since our callers have that info now.
(wipename): Now static. Return errno if error.
(main): "-" now stands for standard output.
Do not shred append-only standard output.
(wipefile): Do not grant read permission to file when wiping it.
Use symbolic permission (S_IWUSR), not octal.
From Paul Eggert.
|
|
via sys2.h.
|
|
Include version-etc.h instead.
(PROGRAM_NAME, AUTHORS): Define.
[long_options]: Add entries for --help and --version.
Remove parse_long_options call.
(main) [getopt switch]: Add a case for each of --help and --version.
|