coffin

tomb (93885B)

---

 #!/bin/zsh
 #
 # Tomb, the Crypto Undertaker
 #
 # A commandline tool to easily operate encryption of secret data
 #
 
 # {{{ License
 
 # Copyright (C) 2007-2016 Dyne.org Foundation
 #
 # Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
 #
 # With contributions by Anathema, Boyska, Hellekin O. Wolf and GDrooid
 #
 # Gettext internationalization and Spanish translation is contributed by
 # GDrooid, French translation by Hellekin, Russian translation by fsLeg,
 # German translation by x3nu.
 #
 # Testing, reviews and documentation are contributed by Dreamer, Shining
 # the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
 # Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
 # Linux Action Show!
 #
 # Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
 #
 # Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
 
 # This source code is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
 #
 # This source code is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  Please refer
 # to the GNU Public License for more details.
 #
 # You should have received a copy of the GNU Public License along with
 # this source code; if not, write to: Free Software Foundation, Inc.,
 # 675 Mass Ave, Cambridge, MA 02139, USA.
 
 # }}} - License
 
 # {{{ Global variables
 
 typeset VERSION="2.2"
 typeset DATE="Dec/2015"
 typeset TOMBEXEC=$0
 typeset TMPPREFIX=${TMPPREFIX:-/tmp}
 export PATH="/usr/local/share/coffin/bin:$PATH"
 # TODO: configure which tmp dir to use from a cli flag
 
 # Tomb is using some global variables set by the shell:
 # TMPPREFIX, UID, GID, PATH, TTY, USERNAME
 # You can grep 'global variable' to see where they are used.
 
 # Keep a reference of the original command line arguments
 typeset -a OLDARGS
 for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done
 
 # Special command requirements
 typeset -a DD WIPE PINENTRY
 DD=(dd)
 WIPE=(rm -f)
 PINENTRY=(pinentry)
 
 # load zsh regex module
 zmodload zsh/regex
 zmodload zsh/mapfile
 zmodload -F zsh/stat b:zstat
 
 # make sure variables aren't exported
 unsetopt allexport
 
 # Flag optional commands if available (see _ensure_dependencies())
 typeset -i KDF=1
 typeset -i STEGHIDE=1
 typeset -i RESIZER=1
 typeset -i SWISH=1
 typeset -i QRENCODE=1
 
 # Default mount options
 typeset      MOUNTOPTS="rw,noatime,nodev"
 
 # Makes glob matching case insensitive
 unsetopt CASE_MATCH
 
 typeset -AH OPTS              # Command line options (see main())
 
 # Command context (see _whoami())
 typeset -H  _USER             # Running username
 typeset -Hi _UID              # Running user identifier
 typeset -Hi _GID              # Running user group identifier
 typeset -H  _TTY              # Connected input terminal
 
 # Tomb context (see _plot())
 typeset -H TOMBPATH           # Full path to the tomb
 typeset -H TOMBDIR            # Directory where the tomb is
 typeset -H TOMBFILE           # File name of the tomb
 typeset -H TOMBNAME           # Name of the tomb
 
 # Tomb secrets
 typeset -H TOMBKEY            # Encrypted key contents (see forge_key(), recover_key())
 typeset -H TOMBKEYFILE        # Key file               (ditto)
 typeset -H TOMBSECRET         # Raw deciphered key     (see forge_key(), gpg_decrypt())
 typeset -H TOMBPASSWORD       # Raw tomb passphrase    (see gen_key(), ask_key_password())
 typeset -H TOMBTMP            # Filename of secure temp just created (see _tmp_create())
 
 typeset -aH TOMBTMPFILES      # Keep track of temporary files
 typeset -aH TOMBLOOPDEVS      # Keep track of used loop devices
 
 # Make sure sbin is in PATH (man zshparam)
 path+=( /sbin /usr/sbin )
 
 # For gettext
 export TEXTDOMAIN=tomb
 
 # }}}
 
 # {{{ Safety functions
 
 # Wrap sudo with a more visible message
 _sudo() {
     local sudo_eng="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
     local msg="$(gettext -s "$sudo_eng")"
     msg=${(S)msg//::1*::/$USER}
     sudo -p "
 $msg
 
 " ${@}
 }
 
 # Cleanup anything sensitive before exiting.
 _endgame() {
 
     # Prepare some random material to overwrite vars
     local rr="$RANDOM"
     while [[ ${#rr} -lt 500 ]]; do
         rr+="$RANDOM"
     done
 
     # Ensure no information is left in unallocated memory
     TOMBPATH="$rr";      unset TOMBPATH
     TOMBDIR="$rr";       unset TOMBDIR
     TOMBFILE="$rr";      unset TOMBFILE
     TOMBNAME="$rr";      unset TOMBNAME
     TOMBKEY="$rr";       unset TOMBKEY
     TOMBKEYFILE="$rr";   unset TOMBKEYFILE
     TOMBSECRET="$rr";    unset TOMBSECRET
     TOMBPASSWORD="$rr";  unset TOMBPASSWORD
 
     # Clear temporary files
     for f in $TOMBTMPFILES; do
         ${=WIPE} "$f"
     done
     unset TOMBTMPFILES
 
     # Detach loop devices
     for l in $TOMBLOOPDEVS; do
         _sudo losetup -d "$l"
     done
     unset TOMBLOOPDEVS
 
 }
 
 # Trap functions for the _endgame event
 TRAPINT()  { _endgame INT   }
 TRAPEXIT() { _endgame EXIT  }
 TRAPHUP()  { _endgame HUP   }
 TRAPQUIT() { _endgame QUIT  }
 TRAPABRT() { _endgame ABORT }
 TRAPKILL() { _endgame KILL  }
 TRAPPIPE() { _endgame PIPE  }
 TRAPTERM() { _endgame TERM  }
 TRAPSTOP() { _endgame STOP  }
 
 _cat() { local -a _arr;
     # read file using mapfile, newline fix
     _arr=("${(f@)${mapfile[${1}]%$’\n’}}"); print "$_arr"
 }
 
 _is_found() {
     # returns 0 if binary is found in path
     [[ "$1" = "" ]] && return 1
     command -v "$1" 1>/dev/null 2>/dev/null
     return $?
 }
 
 # Identify the running user
 # Set global variables _UID, _GID, _TTY, and _USER, either from the
 # command line, -U, -G, -T, respectively, or from the environment.
 # Also update USERNAME and HOME to maintain consistency.
 _whoami() {
 
     # Set username from UID or environment
     _USER=$SUDO_USER
     [[ "$_USER" = "" ]] && { _USER=$USERNAME }
     [[ "$_USER" = "" ]] && { _USER=$(id -u)  }
     [[ "$_USER" = "" ]] && {
         _failure "Failing to identify the user who is calling us" }
 
     # Get GID from option -G or the environment
     option_is_set -G \
         && _GID=$(option_value -G) || _GID=$(id -g $_USER)
 
     # Get UID from option -U or the environment
     option_is_set -U \
         && _UID=$(option_value -U) || _UID=$(id -u $_USER)
 
     _verbose "Identified caller: ::1 username:: (::2 UID:::::3  GID::)" $_USER $_UID $_GID
 
     # Update USERNAME accordingly if possible
     [[ $EUID == 0 && $_USER != $USERNAME ]] && {
         _verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER
         USERNAME=$_USER
     }
 
     # Force HOME to _USER's HOME if necessary
     local home=$(awk -F: "/^$_USER:/ { print \$6 }" /etc/passwd 2>/dev/null)
     [[ $home == $HOME ]] || {
         _verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \
             $home $HOME
         HOME=$home }
 
     # Get connecting TTY from option -T or the environment
     option_is_set -T && _TTY=$(option_value -T)
     [[ -z $_TTY ]]   && _TTY=$TTY
 
 }
 
 # Define sepulture's plot (setup tomb-related arguments)
 # Synopsis: _plot /path/to/the.tomb
 # Set TOMB{PATH,DIR,FILE,NAME}
 _plot() {
 
     # We set global variables
     typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME
 
     TOMBPATH="$1"
 
     TOMBDIR=$(dirname $TOMBPATH)
 
     TOMBFILE=$(basename $TOMBPATH)
 
     # The tomb name is TOMBFILE without an extension.
     # It can start with dots: ..foo.tomb -> ..foo
     TOMBNAME="${TOMBFILE%\.[^\.]*}"
     [[ -z $TOMBNAME ]] && {
         _failure "Tomb won't work without a TOMBNAME." }
 
 }
 
 # Provide a random filename in shared memory
 _tmp_create() {
     [[ -d "$TMPPREFIX" ]] || {
         # we create the tempdir with the sticky bit on
         _sudo mkdir -m 1777 "$TMPPREFIX"
         [[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
     }
 
     # We're going to add one more $RANDOM for each time someone complains
     # about this being too weak of a random.
     tfile="${TMPPREFIX}/$RANDOM$RANDOM$RANDOM$RANDOM"   # Temporary file
     umask 066
     [[ $? == 0 ]] || {
         _failure "Fatal error setting the permission umask for temporary files" }
 
     [[ -r "$tfile" ]] && {
         _failure "Someone is messing up with us trying to hijack temporary files." }
 
     touch "$tfile"
     [[ $? == 0 ]] || {
         _failure "Fatal error creating a temporary file: ::1 temp file::" "$tfile" }
 
     _verbose "Created tempfile: ::1 temp file::" "$tfile"
     TOMBTMP="$tfile"
     TOMBTMPFILES+=("$tfile")
 
     return 0
 }
 
 # Check if a *block* device is encrypted
 # Synopsis: _is_encrypted_block /path/to/block/device
 # Return 0 if it is an encrypted block device
 _is_encrypted_block() {
     local    b=$1 # Path to a block device
     local    s="" # lsblk option -s (if available)
 
     # Issue #163
     # lsblk --inverse appeared in util-linux 2.22
     # but --version is not consistent...
     lsblk --help | grep -Fq -- --inverse
     [[ $? -eq 0 ]] && s="--inverse"
 
     sudo lsblk $s -o type -n $b 2>/dev/null \
         | egrep -q '^crypt$'
 
     return $?
 }
 
 # Check if swap is activated
 # Return 0 if NO swap is used, 1 if swap is used.
 # Return 1 if any of the swaps is not encrypted.
 # Return 2 if swap(s) is(are) used, but ALL encrypted.
 # Use _check_swap in functions. It will call this function and
 # exit if unsafe swap is present.
 _ensure_safe_swap() {
 
     local -i r=1    # Return code: 0 no swap, 1 unsafe swap, 2 encrypted
     local -a swaps  # List of swap partitions
     local    bone is_crypt
 
     swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
     [[ -z "$swaps" ]] && return 0 # No swap partition is active
 
     _message "An active swap partition is detected..."
     for s in $=swaps; do
         { _is_encrypted_block $s } && { r=2 } || {
             # We're dealing with unencrypted stuff.
             # Maybe it lives on an encrypted filesystem anyway.
             # @todo: verify it's actually on an encrypted FS (see #163 and !189)
             # Well, no: bail out.
             r=1; break
         }
     done
 
     if [[ $r -eq 2 ]]; then
         _success "All your swaps are belong to crypt. Good."
     else
         _warning "This poses a security risk."
         _warning "You can deactivate all swap partitions using the command:"
         _warning " swapoff -a"
         _warning "[#163] I may not detect plain swaps on an encrypted volume."
         _warning "But if you want to proceed like this, use the -f (force) flag."
     fi
     return $r
 
 }
 
 # Wrapper to allow encrypted swap and remind the user about possible
 # data leaks to disk if swap is on, which shouldn't be ignored. It could
 # be run once in main(), but as swap evolves, it's better to run it
 # whenever swap may be needed.
 # Exit if unencrypted swap is active on the system.
 _check_swap() {
     if ! option_is_set -f && ! option_is_set --ignore-swap; then
         _ensure_safe_swap
         case $? in
             0|2)     # No, or encrypted swap
                 return 0
                 ;;
             *)       # Unencrypted swap
                 _failure "Operation aborted."
                 ;;
         esac
     fi
 }
 
 # Ask user for a password
 # Wraps around the pinentry command, from the GnuPG project, as it
 # provides better security and conveniently use the right toolkit.
 ask_password() {
 
     local description="$1"
     local title="${2:-Enter tomb password.}"
     local output
     local password
     local gtkrc
     local theme
 
     # Distributions have broken wrappers for pinentry: they do
     # implement fallback, but they disrupt the output somehow.  We are
     # better off relying on less intermediaries, so we implement our
     # own fallback mechanisms. Pinentry supported: curses, gtk-2, qt4
     # and x11.
 
     # make sure LANG is set, default to C
     LANG=${LANG:-C}
 
     _verbose "asking password with tty=$TTY lc-ctype=$LANG"
 
     if [[ "$DISPLAY" = "" ]]; then
 
         if _is_found "pinentry-curses"; then
             _verbose "using pinentry-curses"
             output=`cat <<EOF | pinentry-curses
 OPTION ttyname=$TTY
 OPTION lc-ctype=$LANG
 SETTITLE $title
 SETDESC $description
 SETPROMPT Password:
 GETPIN
 EOF`
         else
             _failure "Cannot find pinentry-curses and no DISPLAY detected."
         fi
 
     else # a DISPLAY is found to be active
 
         # customized gtk2 dialog with a skull (if extras are installed)
         if _is_found "pinentry-gtk-2"; then
             _verbose "using pinentry-gtk2"
 
             gtkrc=""
             theme=/share/themes/tomb/gtk-2.0-key/gtkrc
             for i in /usr/local /usr; do
                 [[ -r $i/$theme ]] && {
                     gtkrc="$i/$theme"
                     break
                 }
             done
             [[ "$gtkrc" = "" ]] || {
                 gtkrc_old="$GTK2_RC_FILES"
                 export GTK2_RC_FILES="$gtkrc"
             }
             output=`cat <<EOF | pinentry-gtk-2
 OPTION ttyname=$TTY
 OPTION lc-ctype=$LANG
 SETTITLE $title
 SETDESC $description
 SETPROMPT Password:
 GETPIN
 EOF`
             [[ "$gtkrc" = "" ]] || export GTK2_RC_FILES="$gtkrc_old"
 
             # TODO QT4 customization of dialog
         elif _is_found "pinentry-qt4"; then
             _verbose "using pinentry-qt4"
 
             output=`cat <<EOF | pinentry-qt4
 OPTION ttyname=$TTY
 OPTION lc-ctype=$LANG
 SETTITLE $title
 SETDESC $description
 SETPROMPT Password:
 GETPIN
 EOF`
 
             # TODO X11 customization of dialog
         elif _is_found "pinentry-x11"; then
             _verbose "using pinentry-x11"
 
             output=`cat <<EOF | pinentry-x11
 OPTION ttyname=$TTY
 OPTION lc-ctype=$LANG
 SETTITLE $title
 SETDESC $description
 SETPROMPT Password:
 GETPIN
 EOF`
 
         else
 
             if _is_found "pinentry-curses"; then
                 _verbose "using pinentry-curses"
 
                 _warning "Detected DISPLAY, but only pinentry-curses is found."
                 output=`cat <<EOF | pinentry-curses
 OPTION ttyname=$TTY
 OPTION lc-ctype=$LANG
 SETTITLE $title
 SETDESC $description
 SETPROMPT Password:
 GETPIN
 EOF`
             else
                 _failure "Cannot find any pinentry: impossible to ask for password."
             fi
 
         fi
 
     fi # end of DISPLAY block
 
     # parse the pinentry output
     for i in ${(f)output}; do
         [[ "$i" =~ "^ERR.*" ]] && {
             _warning "Pinentry error: ::1 error::" ${i[(w)3]}
             print "canceled"
             return 1 }
 
         # here the password is found
         [[ "$i" =~ "^D .*" ]] && password="${i##D }"
     done
 
     [[ "$password" = "" ]] && {
         _warning "Empty password"
         print "empty"
         return 1 }
 
     print "$password"
     return 0
 }
 
 
 
 # Check if a filename is a valid tomb
 is_valid_tomb() {
     _verbose "is_valid_tomb ::1 tomb file::" $1
 
     # First argument must be the path to a tomb
     [[ -z "$1" ]] && {
         _failure "Tomb file is missing from arguments." }
 
     _fail=0
     # Tomb file must be a readable, writable, non-empty regular file.
     [[ ! -w "$1" ]] && {
         _warning "Tomb file is not writable: ::1 tomb file::" $1
         _fail=1
     }
     [[ ! -f "$1" ]] && {
         _warning "Tomb file is not a regular file: ::1 tomb file::" $1
         _fail=1
     }
     [[ ! -s "$1" ]] && {
         _warning "Tomb file is empty (zero length): ::1 tomb file::" $1
         _fail=1
     }
 
     _uid="`zstat +uid $1`"
     [[ "$_uid"  = "$UID" ]] || {
         _user="`zstat -s +uid $1`"
         _warning "Tomb file is owned by another user: ::1 tomb owner::" $_user
     }
     [[ $_fail = 1 ]] && {
         _failure "Tomb command failed: ::1 command name::" $subcommand
     }
 
     # TODO: split the rest of that function out.
     # We already have a valid tomb, now we're checking
     # whether we can alter it.
 
     # Tomb file may be a LUKS FS (or we are creating it)
     [[ "`file $1`" =~ "luks encrypted file" ]] || {
         _warning "File is not yet a tomb: ::1 tomb file::" $1 }
 
     _plot $1     # Set TOMB{PATH,DIR,FILE,NAME}
 
     # Tomb already mounted (or we cannot alter it)
     [[ "`mount -l`" -regex-match "${TOMBFILE}.*\[$TOMBNAME\]$" ]] && {
         _failure "Tomb is currently in use: ::1 tomb name::" $TOMBNAME
     }
 
     _message "Valid tomb file found: ::1 tomb path::" $TOMBPATH
 
     return 0
 }
 
 # $1 is the tomb file to be lomounted
 lo_mount() {
     tpath="$1"
 
     # check if we have support for loop mounting
     _nstloop=`_sudo losetup -f`
     [[ $? = 0 ]] || {
         _warning "Loop mount of volumes is not possible on this machine, this error"
         _warning "often occurs on VPS and kernels that don't provide the loop module."
         _warning "It is impossible to use Tomb on this machine at this conditions."
         _failure "Operation aborted."
     }
 
     _sudo losetup -f "$tpath" # allocates the next loopback for our file
 
     TOMBLOOPDEVS+=("$_nstloop") # add to array of lodevs used
 
     return 0
 }
 
 # print out latest loopback mounted
 lo_new() { print - "${TOMBLOOPDEVS[${#TOMBLOOPDEVS}]}" }
 
 # $1 is the path to the lodev to be preserved after quit
 lo_preserve() {
     _verbose "lo_preserve on ::1 path::" $1
     # remove the lodev from the tomb_lodevs array
     TOMBLOOPDEVS=("${(@)TOMBLOOPDEVS:#$1}")
 }
 
 # eventually used for debugging
 dump_secrets() {
     print "TOMBPATH: $TOMBPATH"
     print "TOMBNAME: $TOMBNAME"
 
     print "TOMBKEY len: ${#TOMBKEY}"
     print "TOMBKEYFILE: $TOMBKEYFILE"
     print "TOMBSECRET len: ${#TOMBSECRET}"
     print "TOMBPASSWORD: $TOMBPASSWORD"
 
     print "TOMBTMPFILES: ${(@)TOMBTMPFILES}"
     print "TOMBLOOPDEVS: ${(@)TOMBLOOPDEVS}"
 }
 
 # }}}
 
 # {{{ Commandline interaction
 
 usage() {
     _print "Syntax: tomb [options] command [arguments]"
     _print "\000"
     _print "Commands:"
     _print "\000"
     _print " // Creation:"
     _print " dig     create a new empty TOMB file of size -s in MiB"
     _print " forge   create a new KEY file and set its password"
     _print " lock    installs a lock on a TOMB to use it with KEY"
     _print "\000"
     _print " // Operations on tombs:"
     _print " open    open an existing TOMB (-k KEY file or - for stdin)"
     _print " index   update the search indexes of tombs"
     _print " search  looks for filenames matching text patterns"
     _print " list    list of open TOMBs and information on them"
     _print " close   close a specific TOMB (or 'all')"
     _print " slam    slam a TOMB killing all programs using it"
     [[ $RESIZER == 1 ]] && {
         _print " resize  resize a TOMB to a new size -s (can only grow)"
     }
     _print "\000"
     _print " // Operations on keys:"
     _print " passwd  change the password of a KEY (needs old pass)"
     _print " setkey  change the KEY locking a TOMB (needs old key and pass)"
     _print "\000"
     [[ $QRENCODE == 1 ]] && {
         _print " // Backup on paper:"
         _print " engrave makes a QR code of a KEY to be saved on paper"
     }
     _print "\000"
     [[ $STEGHIDE == 1 ]] && {
         _print " // Steganography:"
         _print " bury    hide a KEY inside a JPEG image (for use with -k)"
         _print " exhume  extract a KEY from a JPEG image (prints to stdout)"
     }
     _print "\000"
     _print "Options:"
     _print "\000"
     _print " -s     size of the tomb file when creating/resizing one (in MiB)"
     _print " -k     path to the key to be used ('-k -' to read from stdin)"
     _print " -n     don't process the hooks found in tomb"
     _print " -o     options passed to commands: open, lock, forge (see man)"
     _print " -f     force operation (i.e. even if swap is active)"
     [[ $KDF == 1 ]] && {
         _print " --kdf  forge keys armored against dictionary attacks"
     }
 
     _print "\000"
     _print " -h     print this help"
     _print " -v     print version, license and list of available ciphers"
     _print " -q     run quietly without printing informations"
     _print " -D     print debugging information at runtime"
     _print "\000"
     _print "For more informations on Tomb read the manual: man tomb"
     _print "Please report bugs on <http://github.com/dyne/tomb/issues>."
 }
 
 
 # Check whether a commandline option is set.
 #
 # Synopsis: option_is_set -flag [out]
 #
 # First argument is the commandline flag (e.g., "-s").
 # If the second argument is present and set to 'out', print out the
 # result: either 'set' or 'unset' (useful for if conditions).
 #
 # Return 0 if is set, 1 otherwise
 option_is_set() {
     local -i r   # the return code (0 = set, 1 = unset)
 
     [[ -n ${(k)OPTS[$1]} ]];
     r=$?
 
     [[ $2 == "out" ]] && {
         [[ $r == 0 ]] && { print 'set' } || { print 'unset' }
     }
 
     return $r;
 }
 
 # Print the option value matching the given flag
 # Unique argument is the commandline flag (e.g., "-s").
 option_value() {
     print -n - "${OPTS[$1]}"
 }
 
 # Messaging function with pretty coloring
 function _msg() {
     local msg="$2"
     command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$2")"
     for i in $(seq 3 ${#});
     do
         msg=${(S)msg//::$(($i - 2))*::/$*[$i]}
     done
 
     local command="print -P"
     local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color"
     local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color"
     local -i returncode
 
     case "$1" in
         inline)
             command+=" -n"; pchars=" > "; pcolor="yellow"
             ;;
         message)
             pchars=" . "; pcolor="white"; message="$fg_no_bold[$pcolor]$msg$reset_color"
             ;;
         verbose)
             pchars="[D]"; pcolor="blue"
             ;;
         success)
             pchars="(*)"; pcolor="green"; message="$fg_no_bold[$pcolor]$msg$reset_color"
             ;;
         warning)
             pchars="[W]"; pcolor="yellow"; message="$fg_no_bold[$pcolor]$msg$reset_color"
             ;;
         failure)
             pchars="[E]"; pcolor="red"; message="$fg_no_bold[$pcolor]$msg$reset_color"
             returncode=1
             ;;
         print)
             progname=""
             ;;
         *)
             pchars="[F]"; pcolor="red"
             message="Developer oops!  Usage: _msg MESSAGE_TYPE \"MESSAGE_CONTENT\""
             returncode=127
             ;;
     esac
     ${=command} "${progname} $fg_bold[$pcolor]$pchars$reset_color ${message}$color[reset_color]" >&2
     return $returncode
 }
 
 function _message say() {
     local notice="message"
     [[ "$1" = "-n" ]] && shift && notice="inline"
     option_is_set -q || _msg "$notice" $@
     return 0
 }
 
 function _verbose xxx() {
     option_is_set -D && _msg verbose $@
     return 0
 }
 
 function _success yes() {
     option_is_set -q || _msg success $@
     return 0
 }
 
 function _warning  no() {
     option_is_set -q || _msg warning $@
     return 1
 }
 
 function _failure die() {
     typeset -i exitcode=${exitv:-1}
     option_is_set -q || _msg failure $@
     # be sure we forget the secrets we were told
     exit $exitcode
 }
 
 function _print() {
     option_is_set -q || _msg print $@
     return 0
 }
 
 _list_optional_tools() {
     typeset -a _deps
     _deps=(gettext dcfldd wipe steghide)
     _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
     for d in $_deps; do
         _print "`which $d`"
     done
     return 0
 }
 
 
 # Check program dependencies
 #
 # Tomb depends on system utilities that must be present, and other
 # functionality that can be provided by various programs according to
 # what's available on the system.  If some required commands are
 # missing, bail out.
 _ensure_dependencies() {
 
     # Check for required programs
     for req in cryptsetup pinentry sudo gpg mkfs.ext4 e2fsck; do
         command -v $req 1>/dev/null 2>/dev/null || {
             _failure "Missing required dependency ::1 command::.  Please install it." $req }
     done
 
     # Ensure system binaries are available in the PATH
     path+=(/sbin /usr/sbin) # zsh magic
 
     # Which dd command to use
     command -v dcfldd 1>/dev/null 2>/dev/null && DD=(dcfldd statusinterval=1)
 
     # Which wipe command to use
     command -v wipe 1>/dev/null 2>/dev/null && WIPE=(wipe -f -s)
 
     # Check for steghide
     command -v steghide 1>/dev/null 2>/dev/null || STEGHIDE=0
     # Check for resize
     command -v resize2fs 1>/dev/null 2>/dev/null || RESIZER=0
     # Check for KDF auxiliary tools
     command -v tomb-kdb-pbkdf2 1>/dev/null 2>/dev/null || KDF=0
     # Check for Swish-E file content indexer
     command -v swish-e 1>/dev/null 2>/dev/null || SWISH=0
     # Check for QREncode for paper backups of keys
     command -v qrencode 1>/dev/null 2>/dev/null || QRENCODE=0
 }
 
 # }}} - Commandline interaction
 
 # {{{ Key operations
 
 # $1 is the encrypted key contents we are checking
 is_valid_key() {
     local key="$1"       # Unique argument is an encrypted key to test
 
     _verbose "is_valid_key"
 
     [[ -z $key ]] && key=$TOMBKEY
     [[ "$key" = "cleartext" ]] && {
         { option_is_set --unsafe } || {
             _warning "cleartext key from stdin selected: this is unsafe."
             exitv=127 _failure "please use --unsafe if you really want to do this."
         }
         _warning "received key in cleartext from stdin (unsafe mode)"
         return 0 }
 
     [[ -z $key ]] && {
         _warning "is_valid_key() called without an argument."
         return 1
     }
 
     # If the key file is an image don't check file header
     [[ -r $TOMBKEYFILE ]] \
         && [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \
         && {
         _message "Key is an image, it might be valid."
         return 0 }
 
     [[ $key =~ "BEGIN PGP" ]] && {
         _message "Key is valid."
         return 0 }
 
     return 1
 }
 
 # $1 is a string containing an encrypted key
 _tomb_key_recover recover_key() {
     local key="${1}"    # Unique argument is an encrypted key
 
     _warning "Attempting key recovery."
 
     _head="${key[(f)1]}" # take the first line
 
     TOMBKEY=""        # Reset global variable
 
     [[ $_head =~ "^_KDF_" ]] && TOMBKEY+="$_head\n"
 
     TOMBKEY+="-----BEGIN PGP MESSAGE-----\n"
     TOMBKEY+="$key\n"
     TOMBKEY+="-----END PGP MESSAGE-----\n"
 
     return 0
 }
 
 # Retrieve the tomb key from the file specified from the command line,
 # or from stdin if -k - was selected.  Run validity checks on the
 # file.  On success, return 0 and print out the full path of the key.
 # Set global variables TOMBKEY and TOMBKEYFILE.
 _load_key() {
     local keyfile="$1"    # Unique argument is an optional keyfile
 
     [[ -z $keyfile ]] && keyfile=$(option_value -k)
     [[ -z $keyfile ]] && {
         _failure "This operation requires a key file to be specified using the -k option." }
 
     if [[ $keyfile == "-" ]]; then
         _verbose "load_key reading from stdin."
         _message "Waiting for the key to be piped from stdin... "
         TOMBKEYFILE=stdin
         TOMBKEY=$(cat)
     elif [[ $keyfile == "cleartext" ]]; then
         _verbose "load_key reading SECRET from stdin"
         _message "Waiting for the key to be piped from stdin... "
         TOMBKEYFILE=cleartext
         TOMBKEY=cleartext
         TOMBSECRET=$(cat)
     else
         _verbose "load_key argument: ::1 key file::" $keyfile
         [[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
         TOMBKEYFILE=$keyfile
         TOMBKEY="${mapfile[$TOMBKEYFILE]}"
     fi
 
     _verbose "load_key: ::1 key::" $TOMBKEYFILE
 
     [[ "$TOMBKEY" = "" ]] && {
         # something went wrong, there is no key to load
         # this occurs especially when piping from stdin and aborted
         _failure "Key not found, specify one using -k."
     }
 
     is_valid_key $TOMBKEY || {
         _warning "The key seems invalid or its format is not known by this version of Tomb."
         _tomb_key_recover $TOMBKEY
     }
 
     # Declared TOMBKEYFILE (path)
     # Declared TOMBKEY (contents)
 
     return 0
 }
 
 # takes two args just like get_lukskey
 # prints out the decrypted content
 # contains tweaks for different gpg versions
 gpg_decrypt() {
     # fix for gpg 1.4.11 where the --status-* options don't work ;^/
     local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}')
     local gpgpass="$1\n$TOMBKEY"
     local gpgstatus
 
     [[ $gpgver == "1.4.11" ]] && {
         _verbose "GnuPG is version 1.4.11 - adopting status fix."
 
         TOMBSECRET=`print - "$gpgpass" | \
             gpg --batch --passphrase-fd 0 --no-tty --no-options`
         ret=$?
         unset gpgpass
 
     } || { # using status-file in gpg != 1.4.11
 
         TOMBSECRET=`print - "$gpgpass" | \
             gpg --batch --passphrase-fd 0 --no-tty --no-options \
             --status-fd 2 --no-mdc-warning --no-permission-warning \
             --no-secmem-warning` |& grep GNUPG: \
             | read -r -d'\n' gpgstatus
 
         unset gpgpass
 
         ret=1
 
         [[ "${gpgstatus}" =~ "DECRYPTION_OKAY" ]] && { ret=0 }
 
 
     }
     return $ret
 
 }
 
 
 # Gets a key file and a password, prints out the decoded contents to
 # be used directly by Luks as a cryptographic key
 get_lukskey() {
     # $1 is the password
     _verbose "get_lukskey"
 
     _password="$1"
 
 
     firstline="${TOMBKEY[(f)1]}"
 
     # key is KDF encoded
     if [[ $firstline =~ '^_KDF_' ]]; then
         kdf_hash="${firstline[(ws:_:)2]}"
         _verbose "KDF: ::1 kdf::" "$kdf_hash"
         case "$kdf_hash" in
             "pbkdf2sha1")
                 kdf_salt="${firstline[(ws:_:)3]}"
                 kdf_ic="${firstline[(ws:_:)4]}"
                 kdf_len="${firstline[(ws:_:)5]}"
                 _message "Unlocking KDF key protection ($kdf_hash)"
                 _verbose "KDF salt: $kdf_salt"
                 _verbose "KDF ic: $kdf_ic"
                 _verbose "KDF len: $kdf_len"
                 _password=$(tomb-kdb-pbkdf2 $kdf_salt $kdf_ic $kdf_len 2>/dev/null <<<$_password)
                 ;;
             *)
                 _failure "No suitable program for KDF ::1 program::." $pbkdf_hash
                 unset _password
                 return 1
                 ;;
         esac
 
         # key needs to be exhumed from an image
     elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
 
         exhume_key $TOMBKEYFILE "$_password"
 
     fi
 
     gpg_decrypt "$_password" # Save decrypted contents into $TOMBSECRET
 
     ret="$?"
 
     _verbose "get_lukskey returns ::1::" $ret
     return $ret
 }
 
 # This function asks the user for the password to use the key it tests
 # it against the return code of gpg on success returns 0 and saves
 # the password in the global variable $TOMBPASSWORD
 ask_key_password() {
     [[ -z "$TOMBKEYFILE" ]] && {
         _failure "Internal error: ask_key_password() called before _load_key()." }
 
     [[ "$TOMBKEYFILE" = "cleartext" ]] && {
         _verbose "no password needed, using secret bytes from stdin"
         return 0 }
 
     _message "A password is required to use key ::1 key::" $TOMBKEYFILE
     passok=0
     tombpass=""
     if [[ "$1" = "" ]]; then
 
         for c in 1 2 3; do
             if [[ $c == 1 ]]; then
                 tombpass=$(ask_password "Insert password to: $TOMBKEYFILE")
             else
                 tombpass=$(ask_password "Insert password to: $TOMBKEYFILE (attempt $c)")
             fi
             [[ $? = 0 ]] || {
                 _warning "User aborted password dialog."
                 return 1
             }
 
             get_lukskey "$tombpass"
 
             [[ $? = 0 ]] && {
                 passok=1; _message "Password OK."
                 break;
             }
         done
 
     else
         # if a second argument is present then the password is already known
         tombpass="$1"
         _verbose "ask_key_password with tombpass: ::1 tomb pass::" $tombpass
 
         get_lukskey "$tombpass"
 
         [[ $? = 0 ]] && {
             passok=1; _message "Password OK."
         }
 
     fi
     [[ $passok == 1 ]] || return 1
 
     TOMBPASSWORD=$tombpass
     return 0
 }
 
 # call cryptsetup with arguments using the currently known secret
 # echo flags eliminate newline and disable escape (BSD_ECHO)
 _cryptsetup() {
     print -R -n - "$TOMBSECRET" | _sudo cryptsetup --key-file - ${=@}
     return $?
 }
 
 # change tomb key password
 change_passwd() {
     local tmpnewkey lukskey c tombpass tombpasstmp
 
     _check_swap  # Ensure swap is secure, if any
     _load_key    # Try loading key from option -k and set TOMBKEYFILE
 
     _message "Commanded to change password for tomb key ::1 key::" $TOMBKEYFILE
 
     _tmp_create
     tmpnewkey=$TOMBTMP
 
     if option_is_set --tomb-old-pwd; then
         local tomboldpwd="`option_value --tomb-old-pwd`"
         _verbose "tomb-old-pwd = ::1 old pass::" $tomboldpwd
         ask_key_password "$tomboldpwd"
     else
         ask_key_password
     fi
     [[ $? == 0 ]] || _failure "No valid password supplied."
 
     _success "Changing password for ::1 key file::" $TOMBKEYFILE
 
     # Here $TOMBSECRET contains the key material in clear
 
     { option_is_set --tomb-pwd } && {
         local tombpwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 new pass::" $tombpwd
         gen_key "$tombpwd" >> "$tmpnewkey"
     } || {
         gen_key >> "$tmpnewkey"
     }
 
     { is_valid_key "${mapfile[$tmpnewkey]}" } || {
         _failure "Error: the newly generated keyfile does not seem valid." }
 
     # Copy the new key as the original keyfile name
     cp -f "${tmpnewkey}" $TOMBKEYFILE
     _success "Your passphrase was successfully updated."
 
     return 0
 }
 
 
 # takes care to encrypt a key
 # honored options: --kdf  --tomb-pwd -o
 gen_key() {
     # $1 the password to use; if not set ask user
     # -o is the --cipher-algo to use (string taken by GnuPG)
     local algopt="`option_value -o`"
     local algo="${algopt:-AES256}"
     # here user is prompted for key password
     tombpass=""
     tombpasstmp=""
 
     if [ "$1" = "" ]; then
         while true; do
             # 3 tries to write two times a matching password
             tombpass=`ask_password "Type the new password to secure your key"`
             if [[ $? != 0 ]]; then
                 _failure "User aborted."
             fi
             if [ -z $tombpass ]; then
                 _failure "You set empty password, which is not possible."
             fi
             tombpasstmp=$tombpass
             tombpass=`ask_password "Type the new password to secure your key (again)"`
             if [[ $? != 0 ]]; then
                 _failure "User aborted."
             fi
             if [ "$tombpasstmp" = "$tombpass" ]; then
                 break;
             fi
             unset tombpasstmp
             unset tombpass
         done
     else
         tombpass="$1"
         _verbose "gen_key takes tombpass from CLI argument: ::1 tomb pass::" $tombpass
     fi
 
     header=""
     [[ $KDF == 1 ]] && {
         { option_is_set --kdf } && {
             # KDF is a new key strenghtening technique against brute forcing
             # see: https://github.com/dyne/Tomb/issues/82
             itertime="`option_value --kdf`"
             # removing support of floating points because they can't be type checked well
             if [[ "$itertime" != <-> ]]; then
                 unset tombpass
                 unset tombpasstmp
                 _error "Wrong argument for --kdf: must be an integer number (iteration seconds)."
                 _error "Depending on the speed of machines using this tomb, use 1 to 10, or more"
                 return 1
             fi
             # --kdf takes one parameter: iter time (on present machine) in seconds
             local -i microseconds
             microseconds=$(( itertime * 1000000 ))
             _success "Using KDF, iteration time: ::1 microseconds::" $microseconds
             _message "generating salt"
             pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
             _message "calculating iterations"
             pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
             _message "encoding the password"
             # We use a length of 64bytes = 512bits (more than needed!?)
             tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
 
             header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
         }
     }
 
 
     print $header
 
     # TODO: check result of gpg operation
     cat <<EOF | gpg --openpgp --force-mdc --cipher-algo ${algo} \
         --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
         -o - -c -a
 ${tombpass}
 $TOMBSECRET
 EOF
     # print -n "${tombpass}" \
     #     | gpg --openpgp --force-mdc --cipher-algo ${algo} \
     #     --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
     #     -o - -c -a ${lukskey}
 
     TOMBPASSWORD="$tombpass"    # Set global variable
     unset tombpass
     unset tombpasstmp
 }
 
 # prints an array of ciphers available in gnupg (to encrypt keys)
 list_gnupg_ciphers() {
     # prints an error if GnuPG is not found
     which gpg 2>/dev/null || _failure "gpg (GnuPG) is not found, Tomb cannot function without it."
 
     ciphers=(`gpg --version | awk '
 BEGIN { ciphers=0 }
 /^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
 /^Hash:/ { ciphers=0 }
 { if(ciphers==0) { next } else { gsub(/,/,""); print; } }
 '`)
     print " ${ciphers}"
     return 1
 }
 
 # Steganographic function to bury a key inside an image.
 # Requires steghide(1) to be installed
 bury_key() {
 
     _load_key    # Try loading key from option -k and set TOMBKEY
 
     imagefile=$PARAM
 
     [[ "`file $imagefile`" =~ "JPEG" ]] || {
         _warning "Encode failed: ::1 image file:: is not a jpeg image." $imagefile
         return 1
     }
 
     _success "Encoding key ::1 tomb key:: inside image ::2 image file::" $TOMBKEY $imagefile
     _message "Please confirm the key password for the encoding"
     # We ask the password and test if it is the same encoding the
     # base key, to insure that the same password is used for the
     # encryption and the steganography. This is a standard enforced
     # by Tomb, but it isn't strictly necessary (and having different
     # password would enhance security). Nevertheless here we prefer
     # usability.
 
     { option_is_set --tomb-pwd } && {
         local tombpwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 tomb pass::" $tombpwd
         ask_key_password "$tombpwd"
     } || {
         ask_key_password
     }
     [[ $? != 0 ]] && {
         _warning "Wrong password supplied."
         _failure "You shall not bury a key whose password is unknown to you." }
 
     # We omit armor strings since having them as constants can give
     # ground to effective attacks on steganography
     print - "$TOMBKEY" | awk '
 /^-----/ {next}
 /^Version/ {next}
 {print $0}' \
     | steghide embed --embedfile - --coverfile ${imagefile} \
     -p $TOMBPASSWORD -z 9 -e serpent cbc
     if [ $? != 0 ]; then
         _warning "Encoding error: steghide reports problems."
         res=1
     else
         _success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
         res=0
     fi
 
     return $res
 }
 
 # mandatory 1st arg: the image file where key is supposed to be
 # optional 2nd arg: the password to use (same as key, internal use)
 # optional 3rd arg: the key where to save the result (- for stdout)
 exhume_key() {
     [[ "$1" = "" ]] && {
         _failure "Exhume failed, no image specified" }
 
     local imagefile="$1"  # The image file where to look for the key
     local tombpass="$2"   # (Optional) the password to use (internal use)
     local destkey="$3"    # (Optional) the key file where to save the
     # result (- for stdout)
     local r=1             # Return code (default: fail)
 
     # Ensure the image file is a readable JPEG
     [[ ! -r $imagefile ]] && {
         _failure "Exhume failed, image file not found: ::1 image file::" "${imagefile:-none}" }
     [[ ! $(file "$imagefile") =~ "JP.G" ]] && {
         _failure "Exhume failed: ::1 image file:: is not a jpeg image." $imagefile }
 
     # When a password is passed as argument then always print out
     # the exhumed key on stdout without further checks (internal use)
     [[ -n "$tombpass" ]] && {
         TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -)
         [[ $? != 0 ]] && {
             _failure "Wrong password or no steganographic key found" }
 
         recover_key $TOMBKEY
 
         return 0
     }
 
     # Ensure we have a valid destination for the key
     [[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k)
     [[ -z $destkey ]] && {
         destkey="-" # No key was specified: fallback to stdout
         _message "printing exhumed key on stdout" }
 
     # Bail out if destination exists, unless -f (force) was passed
     [[ $destkey != "-" && -s $destkey ]] && {
         _warning "File exists: ::1 tomb key::" $destkey
         { option_is_set -f } && {
             _warning "Use of --force selected: overwriting."
             rm -f $destkey
         } || {
             _warning "Make explicit use of --force to overwrite."
             _failure "Refusing to overwrite file. Operation aborted." }
     }
 
     _message "Trying to exhume a key out of image ::1 image file::" $imagefile
     { option_is_set --tomb-pwd } && {
         tombpass=$(option_value --tomb-pwd)
         _verbose "tomb-pwd = ::1 tomb pass::" $tombpass
     } || {
         [[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
     } || {
         tombpass=$(ask_password "Insert password to exhume key from $imagefile")
         [[ $? != 0 ]] && {
             _warning "User aborted password dialog."
             return 1
         }
     }
 
     # Extract the key from the image
     steghide extract -sf $imagefile -p ${tombpass} -xf $destkey
     r=$?
 
     # Report to the user
     [[ "$destkey" = "-" ]] && destkey="stdout"
     [[ $r == 0 ]] && {
         _success "Key succesfully exhumed to ::1 key::." $destkey
     } || {
         _warning "Nothing found in ::1 image file::" $imagefile
     }
 
     return $r
 }
 
 # Produces a printable image of the key contents so a backup on paper
 # can be made and hidden in books etc.
 engrave_key() {
 
     _load_key    # Try loading key from option -k and set TOMBKEYFILE
 
     local keyname=$(basename $TOMBKEYFILE)
     local pngname="$keyname.qr.png"
 
     _success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
     # we omit armor strings to save space
     awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \
         | qrencode --size 4 --level H --casesensitive -o $pngname
     [[ $? != 0 ]] && {
         _failure "QREncode reported an error." }
 
     _success "Operation successful:"
     # TODO: only if verbose and/or not silent
     ls -lh $pngname
     file $pngname
 }
 
 # }}} - Key handling
 
 # {{{ Create
 
 # Since version 1.5.3, tomb creation is a three-step process that replaces create_tomb():
 #
 # * dig a .tomb (the large file) using /dev/urandom (takes some minutes at least)
 #
 # * forge a .key (the small file) using /dev/random (good entropy needed)
 #
 # * lock the .tomb file with the key, binding the key to the tomb (requires dm_crypt format)
 
 # Step one - Dig a tomb
 #
 # Synopsis: dig_tomb /path/to/tomb -s sizemebibytes
 #
 # It will create an empty file to be formatted as a loopback
 # filesystem.  Initially the file is filled with random data taken
 # from /dev/urandom to improve overall tomb's security and prevent
 # some attacks aiming at detecting how much data is in the tomb, or
 # which blocks in the filesystem contain that data.
 
 dig_tomb() {
     local    tombpath="$1"    # Path to tomb
     # Require the specification of the size of the tomb (-s) in MiB
     local -i tombsize=$(option_value -s)
 
     _message "Commanded to dig tomb ::1 tomb path::" $tombpath
 
     [[ -n "$tombpath"   ]] || _failure "Missing path to tomb"
     [[ -n "$tombsize"   ]] || _failure "Size argument missing, use -s"
     [[ $tombsize == <-> ]] || _failure "Size must be an integer (mebibytes)"
     [[ $tombsize -ge 10 ]] || _failure "Tombs can't be smaller than 10 mebibytes"
 
     _plot $tombpath          # Set TOMB{PATH,DIR,FILE,NAME}
 
     [[ -e $TOMBPATH ]] && {
         _warning "A tomb exists already. I'm not digging here:"
         ls -lh $TOMBPATH
         return 1
     }
 
     _success "Creating a new tomb in ::1 tomb path::" $TOMBPATH
 
     _message "Generating ::1 tomb file:: of ::2 size::MiB" $TOMBFILE $tombsize
 
     # Ensure that file permissions are safe even if interrupted
     touch $TOMBPATH
     [[ $? = 0 ]] || {
         _warning "Error creating the tomb ::1 tomb path::" $TOMBPATH
         _failure "Operation aborted."
     }
     chmod 0600 $TOMBPATH
 
     _verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
     ${=DD} if=/dev/urandom bs=1048576 count=$tombsize of=$TOMBPATH
 
     [[ $? == 0 && -e $TOMBPATH ]] && {
         ls -lh $TOMBPATH
     } || {
         _warning "Error creating the tomb ::1 tomb path::" $TOMBPATH
         _failure "Operation aborted."
     }
 
     _success "Done digging ::1 tomb name::" $TOMBNAME
     _message "Your tomb is not yet ready, you need to forge a key and lock it:"
     _message "tomb forge ::1 tomb path::.key" $TOMBPATH
     _message "tomb lock ::1 tomb path:: -k ::1 tomb path::.key" $TOMBPATH
 
     return 0
 }
 
 # Step two -- Create a detached key to lock a tomb with
 #
 # Synopsis: forge_key [destkey|-k destkey] [-o cipher]
 #
 # Arguments:
 # -k                path to destination keyfile
 # -o                Use an alternate algorithm
 #
 forge_key() {
     # can be specified both as simple argument or using -k
     local destkey="$1"
     { option_is_set -k } && { destkey=$(option_value -k) }
 
     local algo="AES256"  # Default encryption algorithm
 
     [[ -z "$destkey" ]] && {
         _failure "A filename needs to be specified using -k to forge a new key." }
 
 #    _message "Commanded to forge key ::1 key::" $destkey
 
     _check_swap # Ensure the available memory is safe to use
 
     # Ensure GnuPG won't exit with an error before first run
     [[ -r $HOME/.gnupg/pubring.gpg ]] || {
         mkdir -m 0700 $HOME/.gnupg
         touch $HOME/.gnupg/pubring.gpg }
 
     # Do not overwrite any files accidentally
     [[ -r "$destkey" ]] && {
         ls -lh $destkey
         _failure "Forging this key would overwrite an existing file. Operation aborted." }
 
     touch $destkey
     [[ $? == 0 ]] || {
         _warning "Cannot generate encryption key."
         _failure "Operation aborted." }
     chmod 0600 $destkey
 
     # Update algorithm if it was passed on the command line with -o
     { option_is_set -o } && algopt="$(option_value -o)"
     [[ -n "$algopt" ]] && algo=$algopt
 
     _message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
         $destkey $algo
 
     [[ $KDF == 1 ]] && {
         _message "Using KDF to protect the key password (`option_value --kdf` rounds)"
     }
 
     TOMBKEYFILE="$destkey"    # Set global variable
 
     _warning "This operation takes time, keep using this computer on other tasks,"
     _warning "once done you will be asked to choose a password for your tomb."
     _warning "To make it faster you can move the mouse around."
     _warning "If you are on a server, you can use an Entropy Generation Daemon."
 
     # Use /dev/random as the entropy source, unless --use-urandom is specified
     local random_source=/dev/random
     { option_is_set --use-urandom } && random_source=/dev/urandom
 
     _verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
     TOMBSECRET=$(${=DD} bs=1 count=256 if=$random_source)
     [[ $? == 0 ]] || {
         _warning "Cannot generate encryption key."
         _failure "Operation aborted." }
 
     # Here the global variable TOMBSECRET contains the naked secret
 
     _success "Choose the  password of your key: ::1 tomb key::" $TOMBKEYFILE
     _message "(You can also change it later using 'tomb passwd'.)"
     # _user_file $TOMBKEYFILE
 
     tombname="$TOMBKEYFILE" # XXX ???
     # the gen_key() function takes care of the new key's encryption
     { option_is_set --tomb-pwd } && {
         local tombpwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 new pass::" $tombpwd
         gen_key "$tombpwd" >> $TOMBKEYFILE
     } || {
         gen_key >> $TOMBKEYFILE
     }
 
     # load the key contents (set global variable)
     TOMBKEY="${mapfile[$TOMBKEYFILE]}"
 
     # this does a check on the file header
     is_valid_key $TOMBKEY || {
         _warning "The key does not seem to be valid."
         _warning "Dumping contents to screen:"
         print "${mapfile[$TOMBKEY]}"
         _warning "--"
         _sudo umount ${keytmp}
         rm -r $keytmp
         _failure "Operation aborted."
     }
 
     _message "Done forging ::1 key file::" $TOMBKEYFILE
     _success "Your key is ready:"
     ls -lh $TOMBKEYFILE
 }
 
 # Step three -- Lock tomb
 #
 # Synopsis: tomb_lock file.tomb file.tomb.key [-o cipher]
 #
 # Lock the given tomb with the given key file, in fact formatting the
 # loopback volume as a LUKS device.
 # Default cipher 'aes-xts-plain64:sha256'can be overridden with -o
 lock_tomb_with_key() {
     # old default was aes-cbc-essiv:sha256
     # Override with -o
     # for more alternatives refer to cryptsetup(8)
     local cipher="aes-xts-plain64:sha256"
 
     local tombpath="$1"      # First argument is the path to the tomb
 
     [[ -n $tombpath ]] || {
         _warning "No tomb specified for locking."
         _warning "Usage: tomb lock file.tomb file.tomb.key"
         return 1
     }
 
     _plot $tombpath
 
     _message "Commanded to lock tomb ::1 tomb file::" $TOMBFILE
 
     [[ -f $TOMBPATH ]] || {
         _failure "There is no tomb here. You have to dig it first." }
 
     _verbose "Tomb found: ::1 tomb path::" $TOMBPATH
 
     lo_mount $TOMBPATH
     nstloop=`lo_new`
 
     _verbose "Loop mounted on ::1 mount point::" $nstloop
 
     _message "Checking if the tomb is empty (we never step on somebody else's bones)."
     _sudo cryptsetup isLuks ${nstloop}
     if [ $? = 0 ]; then
         # is it a LUKS encrypted nest? then bail out and avoid reformatting it
         _warning "The tomb was already locked with another key."
         _failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
     else
         _message "Fine, this tomb seems empty."
     fi
 
     _load_key    # Try loading key from option -k and set TOMBKEYFILE
 
     # the encryption cipher for a tomb can be set when locking using -c
     { option_is_set -o } && algopt="$(option_value -o)"
     [[ -n "$algopt" ]] && cipher=$algopt
     _message "Locking using cipher: ::1 cipher::" $cipher
 
     # get the pass from the user and check it
     if option_is_set --tomb-pwd; then
         tomb_pwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
         ask_key_password "$tomb_pwd"
     else
         ask_key_password
     fi
     [[ $? == 0 ]] || _failure "No valid password supplied."
 
     _success "Locking ::1 tomb file:: with ::2 tomb key file::" $TOMBFILE $TOMBKEYFILE
 
     _message "Formatting Luks mapped device."
     _cryptsetup --batch-mode \
         --cipher ${cipher} --key-size 256 --key-slot 0 \
         luksFormat ${nstloop}
     [[ $? == 0 ]] || {
         _warning "cryptsetup luksFormat returned an error."
         _failure "Operation aborted." }
 
     _cryptsetup --cipher ${cipher} luksOpen ${nstloop} tomb.tmp
     [[ $? == 0 ]] || {
         _warning "cryptsetup luksOpen returned an error."
         _failure "Operation aborted." }
 
     _message "Formatting your Tomb with Ext3/Ext4 filesystem."
     _sudo mkfs.ext4 -q -F -j -L $TOMBNAME /dev/mapper/tomb.tmp
 
     [[ $? == 0 ]] || {
         _warning "Tomb format returned an error."
         _warning "Your tomb ::1 tomb file:: may be corrupted." $TOMBFILE }
 
     # Sync
     _sudo cryptsetup luksClose tomb.tmp
 
     _message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
     _success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
         $TOMBPATH $TOMBKEYFILE
 
 }
 
 # This function changes the key that locks a tomb
 change_tomb_key() {
     local tombkey="$1"      # Path to the tomb's key file
     local tombpath="$2"     # Path to the tomb
 
     _message "Commanded to reset key for tomb ::1 tomb path::" $tombpath
 
     [[ -z "$tombpath" ]] && {
         _warning "Command 'setkey' needs two arguments: the old key file and the tomb."
         _warning "I.e:  tomb -k new.tomb.key old.tomb.key secret.tomb"
         _failure "Execution aborted."
     }
 
     _check_swap
 
     # this also calls _plot()
     is_valid_tomb $tombpath
 
     lo_mount $TOMBPATH
     nstloop=`lo_new`
     _sudo cryptsetup isLuks ${nstloop}
     # is it a LUKS encrypted nest? we check one more time
     [[ $? == 0 ]] || {
         _failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
 
     _load_key $tombkey    # Try loading given key and set TOMBKEY and
     # TOMBKEYFILE
     local oldkey=$TOMBKEY
     local oldkeyfile=$TOMBKEYFILE
 
     # we have everything, prepare to mount
     _success "Changing lock on tomb ::1 tomb name::" $TOMBNAME
     _message "Old key: ::1 old key::" $oldkeyfile
 
     # render the mapper
     mapdate=`date +%s`
     # save date of mount in minutes since 1970
     mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
 
     # load the old key
     if option_is_set --tomb-old-pwd; then
         tomb_old_pwd="`option_value --tomb-old-pwd`"
         _verbose "tomb-old-pwd = ::1 old pass::" $tomb_old_pwd
         ask_key_password "$tomb_old_pwd"
     else
         ask_key_password
     fi
     [[ $? == 0 ]] || {
         _failure "No valid password supplied for the old key." }
     old_secret=$TOMBSECRET
 
     # luksOpen the tomb (not really mounting, just on the loopback)
     print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \
         luksOpen ${nstloop} ${mapper}
     [[ $? == 0 ]] || _failure "Unexpected error in luksOpen."
 
     _load_key # Try loading new key from option -k and set TOMBKEYFILE
 
     _message "New key: ::1 key file::" $TOMBKEYFILE
 
     if option_is_set --tomb-pwd; then
         tomb_new_pwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 tomb pass::" $tomb_new_pwd
         ask_key_password "$tomb_new_pwd"
     else
         ask_key_password
     fi
     [[ $? == 0 ]] || {
         _failure "No valid password supplied for the new key." }
 
     _tmp_create
     tmpnewkey=$TOMBTMP
     print -R -n - "$TOMBSECRET" >> $tmpnewkey
 
     print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \
         luksChangeKey "$nstloop" "$tmpnewkey"
 
     [[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey."
 
     _sudo cryptsetup luksClose "${mapper}" || _failure "Unexpected error in luksClose."
 
     _success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE
     _message "The new key is: ::1 new key::" $TOMBKEYFILE
 
     return 0
 }
 
 # }}} - Creation
 
 # {{{ Open
 
 # $1 = tombfile $2(optional) = mountpoint
 mount_tomb() {
     local tombpath="$1"    # First argument is the path to the tomb
     [[ -n "$tombpath" ]] || _failure "No tomb name specified for opening."
 
     _message "Commanded to open tomb ::1 tomb name::" $tombpath
 
     _check_swap
 
     # this also calls _plot()
     is_valid_tomb $tombpath
 
     _load_key # Try loading new key from option -k and set TOMBKEYFILE
 
     tombmount="$2"
     [[ "$tombmount" = "" ]] && {
         tombmount=/media/$TOMBNAME
         [[ -d /media ]] || { # no /media found, adopting /run/media/$USER (udisks2 compat)
             tombmount=/run/media/$_USER/$TOMBNAME
         }
         _message "Mountpoint not specified, using default: ::1 mount point::" $tombmount
     }
 
     _success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount
 
     lo_mount $TOMBPATH
     nstloop=`lo_new`
 
     _sudo cryptsetup isLuks ${nstloop} || {
         # is it a LUKS encrypted nest? see cryptsetup(1)
         _failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
 
     _message "This tomb is a valid LUKS encrypted device."
 
     luksdump="`_sudo cryptsetup luksDump ${nstloop}`"
     tombdump=(`print $luksdump | awk '
         /^Cipher name/ {print $3}
         /^Cipher mode/ {print $3}
         /^Hash spec/   {print $3}'`)
     _message "Cipher is \"::1 cipher::\" mode \"::2 mode::\" hash \"::3 hash::\"" $tombdump[1] $tombdump[2] $tombdump[3]
 
     slotwarn=`print $luksdump | awk '
         BEGIN { zero=0 }
         /^Key slot 0/ { zero=1 }
         /^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
     [[ "$slotwarn" == "WARN" ]] && {
         _warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
 
     # save date of mount in minutes since 1970
     mapdate=`date +%s`
 
     mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
 
     _verbose "dev mapper device: ::1 mapper::" $mapper
     _verbose "Tomb key: ::1 key file::" $TOMBKEYFILE
 
     # take the name only, strip extensions
     _verbose "Tomb name: ::1 tomb name:: (to be engraved)" $TOMBNAME
 
     { option_is_set --tomb-pwd } && {
         tomb_pwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
         ask_key_password "$tomb_pwd"
     } || {
         ask_key_password
     }
     [[ $? == 0 ]] || _failure "No valid password supplied."
 
     _cryptsetup luksOpen ${nstloop} ${mapper}
     [[ $? = 0 ]] || {
         _failure "Failure mounting the encrypted file." }
 
     # preserve the loopdev after exit
     lo_preserve "$nstloop"
 
     # array: [ cipher, keysize, loopdevice ]
     tombstat=(`_sudo cryptsetup status ${mapper} | awk '
     /cipher:/  {print $2}
     /keysize:/ {print $2}
     /device:/  {print $2}'`)
     _success "Success unlocking tomb ::1 tomb name::" $TOMBNAME
     _verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1]
 
     _message "Checking filesystem via ::1::" $tombstat[3]
     _sudo fsck -p -C0 /dev/mapper/${mapper}
     _verbose "Tomb engraved as ::1 tomb name::" $TOMBNAME
     _sudo tune2fs -L $TOMBNAME /dev/mapper/${mapper} > /dev/null
 
     # we need root from here on
     _sudo mkdir -p $tombmount
 
     # Default mount options are overridden with the -o switch
     { option_is_set -o } && {
         local oldmountopts=$MOUNTOPTS
         MOUNTOPTS="$(option_value -o)" }
 
     # TODO: safety check MOUNTOPTS
     # safe_mount_options && \
     _sudo mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
     # Clean up if the mount failed
     [[ $? == 0 ]] || {
         _warning "Error mounting ::1 mapper:: on ::2 tombmount::" $mapper $tombmount
         [[ $oldmountopts != $MOUNTOPTS ]] && \
           _warning "Are mount options '::1 mount options::' valid?" $MOUNTOPTS
         # TODO: move cleanup to _endgame()
         [[ -d $tombmount ]] && _sudo rmdir $tombmount
         [[ -e /dev/mapper/$mapper ]] && _sudo cryptsetup luksClose $mapper
         # The loop is taken care of in _endgame()
         _failure "Cannot mount ::1 tomb name::" $TOMBNAME
     }
 
     _sudo chown $UID:$GID ${tombmount}
     _sudo chmod 0711 ${tombmount}
 
     _success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
 
     local tombtty tombhost tombuid tombuser
 
     # print out when it was opened the last time, by whom and where
     [[ -r ${tombmount}/.last ]] && {
         tombsince=$(_cat ${tombmount}/.last)
         tombsince=$(date --date=@$tombsince +%c)
         tombtty=$(_cat ${tombmount}/.tty)
         tombhost=$(_cat ${tombmount}/.host)
         tomblast=$(_cat ${tombmount}/.last)
         tombuid=$(_cat ${tombmount}/.uid | tr -d ' ')
 
         tombuser=$(getent passwd $tombuid)
         tombuser=${tombuser[(ws@:@)1]}
 
         _message "Last visit by ::1 user::(::2 tomb build::) from ::3 tty:: on ::4 host::" $tombuser $tombuid $tombtty $tombhost
         _message "on date ::1 date::" $tombsince
     }
     # write down the UID and TTY that opened the tomb
     rm -f ${tombmount}/.uid
     print $_UID > ${tombmount}/.uid
     rm -f ${tombmount}/.tty
     print $_TTY > ${tombmount}/.tty
     # also the hostname
     rm -f ${tombmount}/.host
     hostname > ${tombmount}/.host
     # and the "last time opened" information
     # in minutes since 1970, this is printed at next open
     rm -f ${tombmount}/.last
     date +%s > ${tombmount}/.last
     # human readable: date --date=@"`cat .last`" +%c
 
 
     # process bind-hooks (mount -o bind of directories)
     # and post-hooks (execute on open)
     { option_is_set -n } || {
         exec_safe_bind_hooks ${tombmount}
         exec_safe_post_hooks ${tombmount} open }
 
     return 0
 }
 
 ## HOOKS EXECUTION
 #
 # Execution of code inside a tomb may present a security risk, e.g.,
 # if the tomb is shared or compromised, an attacker could embed
 # malicious code.  When in doubt, open the tomb with the -n switch in
 # order to skip this feature and verify the files mount-hooks and
 # bind-hooks inside the tomb yourself before letting them run.
 
 # Mount files and directories from the tomb to the current user's HOME.
 #
 # Synopsis: exec_safe_bind_hooks /path/to/mounted/tomb
 #
 # This can be a security risk if you share tombs with untrusted people.
 # In that case, use the -n switch to turn off this feature.
 exec_safe_bind_hooks() {
     local mnt="$1"   # First argument is the mount point of the tomb
 
     # Default mount options are overridden with the -o switch
     [[ -n ${(k)OPTS[-o]} ]] && MOUNTOPTS=${OPTS[-o]}
 
     # No HOME set? Note: this should never happen again.
     [[ -z $HOME ]] && {
         _warning "How pitiful!  A tomb, and no HOME."
         return 1 }
 
     [[ -z $mnt || ! -d $mnt ]] && {
         _warning "Cannot exec bind hooks without a mounted tomb."
         return 1 }
 
     [[ -r "$mnt/bind-hooks" ]] || {
         _verbose "bind-hooks not found in ::1 mount point::" $mnt
         return 1 }
 
     typeset -Al maps        # Maps of files and directories to mount
     typeset -al mounted     # Track already mounted files and directories
 
     # better parsing for bind hooks checks for two separated words on
     # each line, using zsh word separator array subscript
     _bindhooks="${mapfile[${mnt}/bind-hooks]}"
     for h in ${(f)_bindhooks}; do
         s="${h[(w)1]}"
         d="${h[(w)2]}"
         [[ "$s" = "" ]] && { _warning "bind-hooks file is broken"; return 1 }
         [[ "$d" = "" ]] && { _warning "bind-hooks file is broken"; return 1 }
         maps+=($s $d)
         _verbose "bind-hook found: $s -> $d"
     done
     unset _bindhooks
 
     for dir in ${(k)maps}; do
         [[ "${dir[1]}" == "/" || "${dir[1,2]}" == ".." ]] && {
             _warning "bind-hooks map format: local/to/tomb local/to/\$HOME"
             continue }
 
         [[ "${${maps[$dir]}[1]}" == "/" || "${${maps[$dir]}[1,2]}" == ".." ]] && {
             _warning "bind-hooks map format: local/to/tomb local/to/\$HOME.  Rolling back"
             for dir in ${mounted}; do _sudo umount $dir; done
             return 1 }
 
         if [[ ! -r "$HOME/${maps[$dir]}" ]]; then
             _warning "bind-hook target not existent, skipping ::1 home::/::2 subdir::" $HOME ${maps[$dir]}
         elif [[ ! -r "$mnt/$dir" ]]; then
             _warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
         else
             _sudo mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
                 && mounted+=("$HOME/${maps[$dir]}")
         fi
     done
 }
 
 # Execute automated actions configured in the tomb.
 #
 # Synopsis: exec_safe_post_hooks /path/to/mounted/tomb [open|close]
 #
 # If an executable file named 'post-hooks' is found inside the tomb,
 # run it as a user.  This might need a dialog for security on what is
 # being run, however we expect you know well what is inside your tomb.
 # If you're mounting an untrusted tomb, be safe and use the -n switch
 # to verify what it would run if you let it.  This feature opens the
 # possibility to make encrypted executables.
 exec_safe_post_hooks() {
     local mnt=$1     # First argument is where the tomb is mounted
     local act=$2     # Either 'open' or 'close'
 
     # Only run if post-hooks has the executable bit set
     [[ -x $mnt/post-hooks ]] || return
 
     # If the file starts with a shebang, run it.
     cat $mnt/post-hooks | head -n1 | grep '^#!\s*/' &> /dev/null
     [[ $? == 0 ]] && {
         _success "Post hooks found, executing as user ::1 user name::." $USERNAME
         $mnt/post-hooks $act $mnt
     }
 }
 
 # }}} - Tomb open
 
 # {{{ List
 
 # list all tombs mounted in a readable format
 # $1 is optional, to specify a tomb
 list_tombs() {
 
     local tombname tombmount tombfs tombfsopts tombloop
     local ts tombtot tombused tombavail tombpercent tombp tombsince
     local tombtty tombhost tombuid tombuser
     # list all open tombs
     mounted_tombs=(`list_tomb_mounts $1`)
     [[ ${#mounted_tombs} == 0 ]] && {
         _failure "I can't see any ::1 status:: tomb, may they all rest in peace." ${1:-open} }
 
     for t in ${mounted_tombs}; do
         mapper=`basename ${t[(ws:;:)1]}`
         tombname=${t[(ws:;:)5]}
         tombmount=${t[(ws:;:)2]}
         tombfs=${t[(ws:;:)3]}
         tombfsopts=${t[(ws:;:)4]}
         tombloop=${mapper[(ws:.:)4]}
 
         # calculate tomb size
         ts=`df -hP /dev/mapper/$mapper |
 awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'`
         tombtot=${ts[(ws:;:)1]}
         tombused=${ts[(ws:;:)2]}
         tombavail=${ts[(ws:;:)3]}
         tombpercent=${ts[(ws:;:)4]}
         tombp=${tombpercent%%%}
 
         # obsolete way to get the last open date from /dev/mapper
         # which doesn't work when tomb filename contain dots
         # tombsince=`date --date=@${mapper[(ws:.:)3]} +%c`
 
         # find out who opens it from where
         [[ -r ${tombmount}/.tty ]] && {
             tombsince=$(_cat ${tombmount}/.last)
             tombsince=$(date --date=@$tombsince +%c)
             tombtty=$(_cat ${tombmount}/.tty)
             tombhost=$(_cat ${tombmount}/.host)
             tombuid=$(_cat ${tombmount}/.uid | tr -d ' ')
 
             tombuser=$(getent passwd $tombuid)
             tombuser=${tombuser[(ws@:@)1]}
         }
 
         { option_is_set --get-mountpoint } && { print $tombmount; continue }
 
         _message "::1 tombname:: open on ::2 tombmount:: using ::3 tombfsopts::" \
             $tombname $tombmount $tombfsopts
 
         _verbose "::1 tombname:: /dev/::2 tombloop:: device mounted (detach with losetup -d)" $tombname $tombloop
 
         _message "::1 tombname:: open since ::2 tombsince::" $tombname $tombsince
 
         [[ -z "$tombtty" ]] || {
             _message "::1 tombname:: open by ::2 tombuser:: from ::3 tombtty:: on ::4 tombhost::" \
                 $tombname $tombuser $tombtty $tombhost
         }
 
         _message "::1 tombname:: size ::2 tombtot:: of which ::3 tombused:: (::5 tombpercent::%) is used: ::4 tombavail:: free " \
             $tombname $tombtot $tombused $tombavail $tombpercent
 
         [[ ${tombp} -ge 90 ]] && {
             _warning "::1 tombname:: warning: your tomb is almost full!" $tombname
         }
 
         # Now check hooks
         mounted_hooks=(`list_tomb_binds $tombname $tombmount`)
         for h in ${mounted_hooks}; do
             _message "::1 tombname:: hooks ::2 hookname:: on ::3 hookdest::" \
                 $tombname "`basename ${h[(ws:;:)1]}`" ${h[(ws:;:)2]}
         done
     done
 }
 
 
 # Print out an array of mounted tombs (internal use)
 # Format is semi-colon separated list of attributes
 # if 1st arg is supplied, then list only that tomb
 #
 # String positions in the semicolon separated array:
 #
 # 1. full mapper path
 #
 # 2. mountpoint
 #
 # 3. filesystem type
 #
 # 4. mount options
 #
 # 5. tomb name
 list_tomb_mounts() {
     [[ -z "$1" ]] && {
         # list all open tombs
         mount -l \
             | awk '
 BEGIN { main="" }
 /^\/dev\/mapper\/tomb/ {
   if(main==$1) next;
   print $1 ";" $3 ";" $5 ";" $6 ";" $7
   main=$1
 }
 '
     } || {
         # list a specific tomb
         mount -l \
             | awk -vtomb="[$1]" '
 BEGIN { main="" }
 /^\/dev\/mapper\/tomb/ {
   if($7!=tomb) next;
   if(main==$1) next;
   print $1 ";" $3 ";" $5 ";" $6 ";" $7
   main=$1
 }
 '
     }
 }
 
 # list_tomb_binds
 # print out an array of mounted bind hooks (internal use)
 # format is semi-colon separated list of attributes
 # needs two arguments: name of tomb whose hooks belong
 #                      mount tomb
 list_tomb_binds() {
     [[ -z "$2" ]] && {
         _failure "Internal error: list_tomb_binds called without argument." }
 
     # OK well, prepare for some insanity: parsing the mount table on GNU/Linux
     # is like combing a Wookie while he is riding a speedbike down a valley.
 
     typeset -A tombs
     typeset -a binds
     for t in "${(f)$(mount -l | grep '/dev/mapper/tomb.*]$')}"; do
         len="${(w)#t}"
         [[ "${t[(w)$len]}" = "$1" ]] || continue
         tombs+=( ${t[(w)1]} ${t[(w)$len]} )
 
     done
 
     for m in ${(k)tombs}; do
         for p in "${(f)$(cat /proc/mounts):s/\\040(deleted)/}"; do
             # Debian's kernel appends a '\040(deleted)' to the mountpoint in /proc/mounts
             # so if we parse the string as-is then this will break the parsing. How nice of them!
             # Some bugs related to this are more than 10yrs old. Such Debian! Much stable! Very parsing!
             # Bug #711183  umount parser for /proc/mounts broken on stale nfs mount (gets renamed to "/mnt/point (deleted)")
             # Bug #711184  mount should not stat mountpoints on mount
             # Bug #711187  linux-image-3.2.0-4-amd64: kernel should not rename mountpoint if nfs server is dead/unreachable
             [[ "${p[(w)1]}" = "$m" ]] && {
                 [[ "${(q)p[(w)2]}" != "${(q)2}" ]] && {
                     # Our output format:
                     # mapper;mountpoint;fs;flags;name
                     binds+=("$m;${(q)p[(w)2]};${p[(w)3]};${p[(w)4]};${tombs[$m]}") }
             }
         done
     done
 
     # print the results out line by line
     for b in $binds; do print - "$b"; done
 }
 
 # }}} - Tomb list
 
 # {{{ Index and search
 
 # index files in all tombs for search
 # $1 is optional, to specify a tomb
 index_tombs() {
     { command -v updatedb 1>/dev/null 2>/dev/null } || {
         _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
 
     updatedbver=`updatedb --version | grep '^updatedb'`
     [[ "$updatedbver" =~ "GNU findutils" ]] && {
         _warning "Cannot use GNU findutils for index/search commands." }
     [[ "$updatedbver" =~ "mlocate" ]] || {
         _failure "Index command needs 'mlocate' to be installed." }
 
     _verbose "$updatedbver"
 
     mounted_tombs=(`list_tomb_mounts $1`)
     [[ ${#mounted_tombs} == 0 ]] && {
         # Considering one tomb
         [[ -n "$1" ]] && {
             _failure "There seems to be no open tomb engraved as [::1::]" $1 }
         # Or more
         _failure "I can't see any open tomb, may they all rest in peace." }
 
     _success "Creating and updating search indexes."
 
     # start the LibreOffice document converter if installed
     { command -v unoconv 1>/dev/null 2>/dev/null } && {
         unoconv -l 2>/dev/null &
         _verbose "unoconv listener launched."
         sleep 1 }
 
     for t in ${mounted_tombs}; do
         mapper=`basename ${t[(ws:;:)1]}`
         tombname=${t[(ws:;:)5]}
         tombmount=${t[(ws:;:)2]}
         [[ -r ${tombmount}/.noindex ]] && {
             _message "Skipping ::1 tomb name:: (.noindex found)." $tombname
             continue }
         _message "Indexing ::1 tomb name:: filenames..." $tombname
         updatedb -l 0 -o ${tombmount}/.updatedb -U ${tombmount}
 
         # here we use swish to index file contents
         [[ $SWISH == 1 ]] && {
             _message "Indexing ::1 tomb name:: contents..." $tombname
             rm -f ${tombmount}/.swishrc
             _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc
             cat <<EOF > ${tombmount}/.swishrc
 # index directives
 DefaultContents TXT*
 IndexDir $tombmount
 IndexFile $tombmount/.swish
 # exclude images
 FileRules filename regex /\.jp.?g/i
 FileRules filename regex /\.png/i
 FileRules filename regex /\.gif/i
 FileRules filename regex /\.tiff/i
 FileRules filename regex /\.svg/i
 FileRules filename regex /\.xcf/i
 FileRules filename regex /\.eps/i
 FileRules filename regex /\.ttf/i
 # exclude audio
 FileRules filename regex /\.mp3/i
 FileRules filename regex /\.ogg/i
 FileRules filename regex /\.wav/i
 FileRules filename regex /\.mod/i
 FileRules filename regex /\.xm/i
 # exclude video
 FileRules filename regex /\.mp4/i
 FileRules filename regex /\.avi/i
 FileRules filename regex /\.ogv/i
 FileRules filename regex /\.ogm/i
 FileRules filename regex /\.mkv/i
 FileRules filename regex /\.mov/i
 FileRules filename regex /\.flv/i
 FileRules filename regex /\.webm/i
 # exclude system
 FileRules filename is ok
 FileRules filename is lock
 FileRules filename is control
 FileRules filename is status
 FileRules filename is proc
 FileRules filename is sys
 FileRules filename is supervise
 FileRules filename regex /\.asc$/i
 FileRules filename regex /\.gpg$/i
 # pdf and postscript
 FileFilter .pdf pdftotext "'%p' -"
 FileFilter .ps  ps2txt "'%p' -"
 # compressed files
 FileFilterMatch lesspipe "%p" /\.tgz$/i
 FileFilterMatch lesspipe "%p" /\.zip$/i
 FileFilterMatch lesspipe "%p" /\.gz$/i
 FileFilterMatch lesspipe "%p" /\.bz2$/i
 FileFilterMatch lesspipe "%p" /\.Z$/
 # spreadsheets
 FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xls.*/i
 FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xlt.*/i
 FileFilter .ods unoconv "-d spreadsheet -f csv --stdout %P"
 FileFilter .ots unoconv "-d spreadsheet -f csv --stdout %P"
 FileFilter .dbf unoconv "-d spreadsheet -f csv --stdout %P"
 FileFilter .dif unoconv "-d spreadsheet -f csv --stdout %P"
 FileFilter .uos unoconv "-d spreadsheet -f csv --stdout %P"
 FileFilter .sxc unoconv "-d spreadsheet -f csv --stdout %P"
 # word documents
 FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.doc.*/i
 FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.odt.*/i
 FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.rtf.*/i
 FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
 # native html support
 IndexContents HTML* .htm .html .shtml
 IndexContents XML*  .xml
 EOF
 
             swish-e -c ${tombmount}/.swishrc -S fs -v3
         }
         _message "Search index updated."
     done
 }
 
 search_tombs() {
     { command -v locate 1>/dev/null 2>/dev/null } || {
         _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
 
     updatedbver=`updatedb --version | grep '^updatedb'`
     [[ "$updatedbver" =~ "GNU findutils" ]] && {
         _warning "Cannot use GNU findutils for index/search commands." }
     [[ "$updatedbver" =~ "mlocate" ]] || {
         _failure "Index command needs 'mlocate' to be installed." }
 
     _verbose "$updatedbver"
 
     # list all open tombs
     mounted_tombs=(`list_tomb_mounts`)
     [[ ${#mounted_tombs} == 0 ]] && {
         _failure "I can't see any open tomb, may they all rest in peace." }
 
     _success "Searching for: ::1::" ${(f)@}
     for t in ${mounted_tombs}; do
         _verbose "Checking for index: ::1::" ${t}
         mapper=`basename ${t[(ws:;:)1]}`
         tombname=${t[(ws:;:)5]}
         tombmount=${t[(ws:;:)2]}
         [[ -r ${tombmount}/.updatedb ]] && {
             # Use mlocate to search hits on filenames
             _message "Searching filenames in tomb ::1 tomb name::" $tombname
             locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
             _message "Matches found: ::1 matches::" \
                 $(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
 
             # Use swish-e to search over contents
             [[ $SWISH == 1 && -r $tombmount/.swish ]] && {
                 _message "Searching contents in tomb ::1 tomb name::" $tombname
                 swish-e -w ${=@} -f $tombmount/.swish -H0 }
         } || {
             _warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
             _warning "Run 'tomb index' to create indexes." }
     done
     _message "Search completed."
 }
 
 # }}} - Index and search
 
 # {{{ Resize
 
 # resize tomb file size
 resize_tomb() {
     local tombpath="$1"    # First argument is the path to the tomb
 
     _message "Commanded to resize tomb ::1 tomb name:: to ::2 size:: mebibytes." $1 $OPTS[-s]
 
     [[ -z "$tombpath" ]] && _failure "No tomb name specified for resizing."
     [[ ! -r $tombpath ]] && _failure "Cannot find ::1::" $tombpath
 
     newtombsize="`option_value -s`"
     [[ -z "$newtombsize" ]] && {
         _failure "Aborting operations: new size was not specified, use -s" }
 
     # this also calls _plot()
     is_valid_tomb $tombpath
 
     _load_key # Try loading new key from option -k and set TOMBKEYFILE
 
     local oldtombsize=$(( `stat -c %s "$TOMBPATH" 2>/dev/null` / 1048576 ))
     local mounted_tomb=`mount -l |
         awk -vtomb="[$TOMBNAME]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
 
     # Tomb must not be open
     [[ -z "$mounted_tomb" ]] || {
         _failure "Please close the tomb ::1 tomb name:: before trying to resize it." $TOMBNAME }
     # New tomb size must be specified
     [[ -n "$newtombsize" ]] || {
         _failure "You must specify the new size of ::1 tomb name::" $TOMBNAME }
     # New tomb size must be an integer
     [[ $newtombsize == <-> ]] || _failure "Size is not an integer."
 
     # Tombs can only grow in size
     if [[ "$newtombsize" -gt "$oldtombsize" ]]; then
 
         delta="$(( $newtombsize - $oldtombsize ))"
 
         _message "Generating ::1 tomb file:: of ::2 size::MiB" $TOMBFILE $newtombsize
 
         _verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
         ${=DD} if=/dev/urandom bs=1048576 count=${delta} >> $TOMBPATH
         [[ $? == 0 ]] || {
             _failure "Error creating the extra resize ::1 size::, operation aborted." \
                      $tmp_resize }
 
     # If same size this allows to re-launch resize if pinentry expires
     # so that it will continue resizing without appending more space.
     # Resizing the partition to the file size cannot harm data anyway.
     elif [[ "$newtombsize" = "$oldtombsize" ]]; then
         _message "Tomb seems resized already, operating filesystem stretch"
     else
         _failure "The new size must be greater then old tomb size."
     fi
 
     { option_is_set --tomb-pwd } && {
         tomb_pwd="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
         ask_key_password "$tomb_pwd"
     } || {
         ask_key_password
     }
     [[ $? == 0 ]] || _failure "No valid password supplied."
 
     lo_mount "$TOMBPATH"
     nstloop=`lo_new`
 
     mapdate=`date +%s`
     mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
 
     _message "opening tomb"
     _cryptsetup luksOpen ${nstloop} ${mapper} || {
         _failure "Failure mounting the encrypted file." }
 
     _sudo cryptsetup resize "${mapper}" || {
         _failure "cryptsetup failed to resize ::1 mapper::" $mapper }
 
     _sudo e2fsck -p -f /dev/mapper/${mapper} || {
         _failure "e2fsck failed to check ::1 mapper::" $mapper }
 
     _sudo resize2fs /dev/mapper/${mapper} || {
         _failure "resize2fs failed to resize ::1 mapper::" $mapper }
 
     # close and free the loop device
     _sudo cryptsetup luksClose "${mapper}"
 
     return 0
 }
 
 # }}}
 
 # {{{ Close
 
 umount_tomb() {
     local tombs how_many_tombs
     local pathmap mapper tombname tombmount loopdev
     local ans pidk pname
 
     if [ "$1" = "all" ]; then
         mounted_tombs=(`list_tomb_mounts`)
     else
         mounted_tombs=(`list_tomb_mounts $1`)
     fi
 
     [[ ${#mounted_tombs} == 0 ]] && {
         _failure "There is no open tomb to be closed." }
 
     [[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && {
         _warning "Too many tombs mounted, please specify one (see tomb list)"
         _warning "or issue the command 'tomb close all' to close them all."
         _failure "Operation aborted." }
 
     for t in ${mounted_tombs}; do
         mapper=`basename ${t[(ws:;:)1]}`
 
         # strip square parens from tombname
         tombname=${t[(ws:;:)5]}
         tombmount=${t[(ws:;:)2]}
         tombfs=${t[(ws:;:)3]}
         tombfsopts=${t[(ws:;:)4]}
         tombloop=${mapper[(ws:.:)4]}
 
         _verbose "Name: ::1 tomb name::" $tombname
         _verbose "Mount: ::1 mount point::" $tombmount
         _verbose "Mapper: ::1 mapper::" $mapper
 
         [[ -e "$mapper" ]] && {
             _warning "Tomb not found: ::1 tomb file::" $1
             _warning "Please specify an existing tomb."
             return 0 }
 
         [[ -n $SLAM ]] && {
             _success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
                 $tombname $tombmount
             _message "Kill all processes busy inside the tomb."
             { slam_tomb "$tombmount" } || {
                 _failure "Cannot slam the tomb ::1 tomb name::" $tombname }
         } || {
             _message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \
                 $tombname $tombmount }
 
         # check if there are binded dirs and close them
         bind_tombs=(`list_tomb_binds $tombname $tombmount`)
         for b in ${bind_tombs}; do
             bind_mapper="${b[(ws:;:)1]}"
             bind_mount="${b[(ws:;:)2]}"
             _message "Closing tomb bind hook: ::1 hook::" $bind_mount
             _sudo umount "`print - ${bind_mount}`" || {
                 [[ -n $SLAM ]] && {
                     _success "Slamming tomb: killing all processes using this hook."
                     slam_tomb "`print - ${bind_mount}`" || _failure "Cannot slam the bind hook ::1 hook::" $bind_mount
                     umount "`print - ${bind_mount}`" || _failure "Cannot slam the bind hook ::1 hook::" $bind_mount
                 } || {
                     _failure "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount
                 }
             }
         done
 
         # Execute post-hooks for eventual cleanup
         { option_is_set -n } || {
             exec_safe_post_hooks ${tombmount%%/} close }
 
         _verbose "Performing umount of ::1 mount point::" $tombmount
         _sudo umount ${tombmount}
         [[ $? = 0 ]] || { _failure "Tomb is busy, cannot umount!" }
 
         # If we used a default mountpoint and is now empty, delete it
         tombname_regex=${tombname//\[/}
         tombname_regex=${tombname_regex//\]/}
 
         [[ "$tombmount" -regex-match "[/run]?/media[/$_USER]?/$tombname_regex" ]] && {
             _sudo rmdir $tombmount }
 
         _sudo cryptsetup luksClose $mapper
         [[ $? == 0 ]] || {
             _failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
 
         # Normally the loopback device is detached when unused
         [[ -e "/dev/$tombloop" ]] && _sudo losetup -d "/dev/$tombloop"
         [[ $? = 0 ]] || {
             _verbose "/dev/$tombloop was already closed." }
 
         _success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname
 
     done # loop across mounted tombs
 
     return 0
 }
 
 # Kill all processes using the tomb
 slam_tomb() {
     # $1 = tomb mount point
     if [[ -z `fuser -m "$1" 2>/dev/null` ]]; then
         return 0
     fi
     #Note: shells are NOT killed by INT or TERM, but they are killed by HUP
     for s in TERM HUP KILL; do
         _verbose "Sending ::1:: to processes inside the tomb:" $s
         if option_is_set -D; then
             ps -fp `fuser -m /media/a.tomb 2>/dev/null`|
             while read line; do
                 _verbose $line
             done
         fi
         fuser -s -m "$1" -k -M -$s
         if [[ -z `fuser -m "$1" 2>/dev/null` ]]; then
             return 0
         fi
         if ! option_is_set -f; then
             sleep 3
         fi
     done
     return 1
 }
 
 # }}} - Tomb close
 
 # {{{ Main routine
 
 main() {
 
     _ensure_dependencies  # Check dependencies are present or bail out
 
     local -A subcommands_opts
     ### Options configuration
     #
     # Hi, dear developer!  Are you trying to add a new subcommand, or
     # to add some options?  Well, keep in mind that option names are
     # global: they cannot bear a different meaning or behaviour across
     # subcommands.  The only exception is "-o" which means: "options
     # passed to the local subcommand", and thus can bear a different
     # meaning for different subcommands.
     #
     # For example, "-s" means "size" and accepts one argument. If you
     # are tempted to add an alternate option "-s" (e.g., to mean
     # "silent", and that doesn't accept any argument) DON'T DO IT!
     #
     # There are two reasons for that:
     #    I. Usability; users expect that "-s" is "size"
     #   II. Option parsing WILL EXPLODE if you do this kind of bad
     #       things (it will complain: "option defined more than once")
     #
     # If you want to use the same option in multiple commands then you
     # can only use the non-abbreviated long-option version like:
     # -force and NOT -f
     #
     main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe)
     subcommands_opts[__default]=""
     # -o in open and mount is used to pass alternate mount options
     subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: "
     subcommands_opts[mount]=${subcommands_opts[open]}
 
     subcommands_opts[create]="" # deprecated, will issue warning
 
     # -o in forge and lock is used to pass an alternate cipher.
     subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom "
     subcommands_opts[dig]="-ignore-swap s: -size=s "
     subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: "
     subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
     subcommands_opts[engrave]="k: "
 
     subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
     subcommands_opts[close]=""
     subcommands_opts[help]=""
     subcommands_opts[slam]=""
     subcommands_opts[list]="-get-mountpoint "
 
     subcommands_opts[index]=""
     subcommands_opts[search]=""
 
     subcommands_opts[help]=""
     subcommands_opts[bury]="k: -tomb-pwd: "
     subcommands_opts[exhume]="k: -tomb-pwd: "
     # subcommands_opts[decompose]=""
     # subcommands_opts[recompose]=""
     # subcommands_opts[install]=""
     subcommands_opts[askpass]=""
     subcommands_opts[source]=""
     subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: "
     subcommands_opts[check]="-ignore-swap "
     #    subcommands_opts[translate]=""
 
     ### Detect subcommand
     local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
     for optspec in $subcommands_opts$main_opts; do
         for opt in ${=optspec}; do
             every_opts+=${opt}
         done
     done
     local -a oldstar
     oldstar=("${(@)argv}")
     #### detect early: useful for --option-parsing
     zparseopts -M -D -Adiscardme ${every_opts}
     if [[ -n ${(k)discardme[--option-parsing]} ]]; then
         print $1
         if [[ -n "$1" ]]; then
             return 1
         fi
         return 0
     fi
     unset discardme
     if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
         _failure "Error parsing."
         return 127
     fi
     unset discardme
     subcommand=$1
     if [[ -z $subcommand ]]; then
         subcommand="__default"
     fi
 
     if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
         _warning "There's no such command \"::1 subcommand::\"." $subcommand
         exitv=127 _failure "Please try -h for help."
     fi
     argv=("${(@)oldstar}")
     unset oldstar
 
     ### Parsing global + command-specific options
     # zsh magic: ${=string} will split to multiple arguments when spaces occur
     set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]}
     # if there is no option, we don't need parsing
     if [[ -n $cmd_opts ]]; then
         zparseopts -M -E -D -AOPTS ${cmd_opts}
         if [[ $? != 0 ]]; then
             _warning "Some error occurred during option processing."
             exitv=127 _failure "See \"tomb help\" for more info."
         fi
     fi
     #build PARAM (array of arguments) and check if there are unrecognized options
     ok=0
     PARAM=()
     for arg in $*; do
         if [[ $arg == '--' || $arg == '-' ]]; then
             ok=1
             continue #it shouldn't be appended to PARAM
         elif [[ $arg[1] == '-'  ]]; then
             if [[ $ok == 0 ]]; then
                 exitv=127 _failure "Unrecognized option ::1 arg:: for subcommand ::2 subcommand::" $arg $subcommand
             fi
         fi
         PARAM+=$arg
     done
     # First parameter actually is the subcommand: delete it and shift
     [[ $subcommand != '__default' ]] && { PARAM[1]=(); shift }
 
     ### End parsing command-specific options
 
     # Use colors unless told not to
     { ! option_is_set --no-color } && { autoload -Uz colors && colors }
     # Some options are only available during insecure mode
     { ! option_is_set --unsafe } && {
         for opt in --tomb-pwd --use-urandom --tomb-old-pwd; do
             { option_is_set $opt } && {
                 exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
         done
     }
     # read -t or --tmp flags to set a custom temporary directory
     option_is_set --tmp && TMPPREFIX=$(option_value --tmp)
 
 
     # When we run as root, we remember the original uid:gid to set
     # permissions for the calling user and drop privileges
     _whoami # Reset _UID, _GID, _TTY
 
     [[ "$PARAM" == "" ]] && {
         _verbose "Tomb command: ::1 subcommand::" $subcommand
     } || {
         _verbose "Tomb command: ::1 subcommand:: ::2 param::" $subcommand $PARAM
     }
 
     [[ -z $_UID ]] || {
         _verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \
             $_UID $_GID $_TTY
     }
 
     _verbose "Temporary directory: $TMPPREFIX"
 
     # Process subcommand
     case "$subcommand" in
 
         # USAGE
         help)
             usage
             ;;
 
         # DEPRECATION notice (leave here as 'create' is still present in old docs)
         create)
             _warning "The create command is deprecated, please use dig, forge and lock instead."
             _warning "For more informations see Tomb's manual page (man tomb)."
             _failure "Operation aborted."
             ;;
 
         # CREATE Step 1: dig -s NN file.tomb
         dig)
             dig_tomb ${=PARAM}
             ;;
 
         # CREATE Step 2: forge file.tomb.key
         forge)
             forge_key ${=PARAM}
             ;;
 
         # CREATE Step 2: lock -k file.tomb.key file.tomb
         lock)
             lock_tomb_with_key ${=PARAM}
             ;;
 
         # Open the tomb
         mount|open)
             mount_tomb ${=PARAM}
             ;;
 
         # Close the tomb
         # `slam` is used to force closing.
         umount|close|slam)
             [[ "$subcommand" ==  "slam" ]] && SLAM=1
             umount_tomb $PARAM[1]
             ;;
 
         # Grow tomb's size
         resize)
             [[ $RESIZER == 0 ]] && {
                 _failure "Resize2fs not installed: cannot resize tombs." }
             resize_tomb $PARAM[1]
             ;;
 
         ## Contents manipulation
 
         # Index tomb contents
         index)
             index_tombs $PARAM[1]
             ;;
 
         # List tombs
         list)
             list_tombs $PARAM[1]
             ;;
 
         # Search tomb contents
         search)
             search_tombs ${=PARAM}
             ;;
 
         ## Locking operations
 
         # Export key to QR Code
         engrave)
             [[ $QRENCODE == 0 ]] && {
                 _failure "QREncode not installed: cannot engrave keys on paper." }
             engrave_key ${=PARAM}
             ;;
 
         # Change password on existing key
         passwd)
             change_passwd $PARAM[1]
             ;;
 
         # Change tomb key
         setkey)
             change_tomb_key ${=PARAM}
             ;;
 
         # STEGANOGRAPHY: hide key inside an image
         bury)
             [[ $STEGHIDE == 0 ]] && {
                 _failure "Steghide not installed: cannot bury keys into images." }
             bury_key $PARAM[1]
             ;;
 
         # STEGANOGRAPHY: read key hidden in an image
         exhume)
             [[ $STEGHIDE == 0 ]] && {
                 _failure "Steghide not installed: cannot exhume keys from images." }
             exhume_key $PARAM[1]
             ;;
 
         ## Internal commands useful to developers
 
         # Make tomb functions available to the calling shell or script
         'source')   return 0 ;;
 
         # Ask user for a password interactively
         askpass)    ask_password $PARAM[1] $PARAM[2] ;;
 
         # Default operation: presentation, or version information with -v
         __default)
             _print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
             _print "\000"
             _print " Copyright (C) 2007-2015 Dyne.org Foundation, License GNU GPL v3+"
             _print " This is free software: you are free to change and redistribute it"
             _print " For the latest sourcecode go to <http://dyne.org/software/tomb>"
             _print "\000"
             option_is_set -v && {
                 local langwas=$LANG
                 LANG=en
                 _print " This source code is distributed in the hope that it will be useful,"
                 _print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
                 _print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
                 LANG=$langwas
                 _print " When in need please refer to <http://dyne.org/support>."
                 _print "\000"
                 _print "System utils:"
                 _print "\000"
                 cat <<EOF
   `sudo -V | head -n1`
   `cryptsetup --version`
   `pinentry --version`
   `gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
   `list_gnupg_ciphers`
 EOF
                 _print "\000"
                 _print "Optional utils:"
                 _print "\000"
                 _list_optional_tools version
                 return 0
             }
             usage
             ;;
 
         # Reject unknown command and suggest help
         *)
             _warning "Command \"::1 subcommand::\" not recognized." $subcommand
             _message "Try -h for help."
             return 1
             ;;
     esac
     return $?
 }
 
 # }}}
 
 # {{{ Run
 
 main "$@" || exit $?   # Prevent `source tomb source` from exiting
 
 # }}}
 
 # -*- tab-width: 4; indent-tabs-mode:nil; -*-
 # vim: set shiftwidth=4 expandtab: