|
#!/bin/bash |
|
. $(dirname "$BASH_SOURCE")/common.sh |
|
|
|
quiet() { |
|
local out="" rc="" |
|
out=$("$@" 2>&1) |
|
rc=$? |
|
[ $rc -eq 0 ] && return |
|
error "[$rc]: $*" |
|
error "$out" |
|
return $rc |
|
} |
|
|
|
wipe_blockdev() { |
|
# wipe_blockdev(device, num). zero the first and last num MiB of device. |
|
local dev="$1" zero_num="$2" sectors="" size_mb="" count="" leftover="" |
|
[ -b "$dev" ] || { error "$dev: not a block device"; return 1; } |
|
sectors=$(blockdev --getsz "${DEVPART}") |
|
size_mb=$((sectors/2048)) |
|
leftover=$((sectors-(size_mb*2048))) |
|
[ ${size_mb} -ge $zero_num ] && count=$zero_num || count=$size_mb |
|
info "zero-ing $dev first ${count}M" \ |
|
"(sectors=$sectors size=${size_mb}M num=$zero_num leftover=$leftover)" |
|
quiet dd if=/dev/zero of="$dev" bs=1M count=$count || { |
|
error "Failed to zero front of $dev sectors=$sectors" \ |
|
"size_mb=$size_mb count=$count" |
|
return 1 |
|
} |
|
if [ $size_mb -gt $zero_num ]; then |
|
info "zero-ing $dev last ${zero_num}M" |
|
local seek=$((size_mb-zero_num)) |
|
quiet dd if=/dev/zero of="$dev" bs=1M count=$zero_num seek=$seek || { |
|
error "Failed to zero end of $dev sectors=$sectors" \ |
|
"size_mb=$size_mb count=$count" |
|
return 1 |
|
} |
|
# if size was not even MB (likely) then we have to get to the end. |
|
if [ $leftover -ne 0 ]; then |
|
info "Finishing zero of $dev for $leftover sectors" |
|
quiet dd if=/dev/zero "of=$dev" bs=512 count=$leftover \ |
|
seek=$((sectors-leftover)) || { |
|
error "Failed to wipe remaining $leftover sectors on $dev" |
|
return 1 |
|
} |
|
fi |
|
fi |
|
} |
|
|
|
wipe_lvs() { |
|
info "Clearing all LVs and partitions off of all non-removable disks" |
|
info "Clearing all known LVs" |
|
for PV in $(lvm pvs --noheading -o pv_name); do |
|
info "finding all vgs in $PV" |
|
for VG in $(lvm vgs --noheading -o vg_name -S "pv_name=$PV"); do |
|
echo "finding all lvs in $VG" |
|
for LV in $(lvm lvs --noheading -o lv_name -S "vg_name=$VG"); do |
|
decrypted_dev=$(dmsetup info -c | awk "/${LV}.*LUKS/ {print \$1}") |
|
[ -n "$decrypted_dev" ] && { |
|
echo "$LV is encrypted and is open as $decrypted_dev. unmounting and closing it" |
|
umount -l /dev/mapper/$decrypted_dev || true |
|
cryptsetup luksClose $decrypted_dev || true |
|
} |
|
info "removing LV ${VG}/${LV}" |
|
umount "/dev/${VG}/${LV}" || true |
|
lvm lvchange -an "${VG}/${LV}" || true |
|
lvm lvremove -ff "${VG}/${LV}" || true |
|
done |
|
info "removing VG ${VG}" |
|
lvm vgchange -an "$VG" || true |
|
lvm vgremove -ff "$VG" || true |
|
done |
|
info "removing PV ${PV}" |
|
lvm pvremove -ff "$PV" || true |
|
done |
|
info "rescanning PVs to empty cache" |
|
lvm pvscan --cache || true |
|
|
|
usbinstalldev=$(mount | grep /run/install/repo | cut -f 1 -d ' ' | tr -d [:digit:] || true) |
|
DISKS=$(get-disks) |
|
info "Writing zeros to the start and end of all partitions on any non-removable media found in this list: $DISKS" |
|
for DEV in $DISKS ; do |
|
DEV=${DEV##*/} |
|
[ -d /sys/block/$DEV ] || continue |
|
|
|
# Skip removable disks (USB bootflash) |
|
REMOVABLE=$(</sys/block/$DEV/removable) |
|
if (( $REMOVABLE == 1 )); then |
|
info "Not zeroing removable device $DEV" |
|
continue |
|
fi |
|
if [ "$usbinstalldev" = "/dev/${DEV}" ]; then |
|
info "Not zeroing out USB install media $DEV" |
|
continue |
|
fi |
|
for DEVPART in $(ls /dev/${DEV}* | sort -r); do |
|
umount $DEVPART || : |
|
wipe_blockdev $DEVPART 4 |
|
done |
|
udevadm settle |
|
blockdev --rereadpt "/dev/$DEV" |
|
udevadm settle |
|
done |
|
lvm pvscan --cache || true |
|
} |
|
|
|
assert_root |
|
wipe_lvs |