assures that even when modebuf has the trailing `+' and there are more
than 99 hard links to a file, the permissions string and the link count
will be separated.
to allow standalone compilation.
(wipefile): Added support for emulating /dev/fd/# files even if
the OS doesn't support them. From Paul Eggert.
(main, usage): Changed --device short option to -D.
(wipefd, do_wipefd): Renamed function to do_wipefd and added
separate wipefd that performs sanity checks on externally-opened file
descriptors, such as not append-only. From Paul Eggert.
(do_wipefd, isaac_seedfd): Do not read file for any reason.
if the file is low-entropy, it's a security hole.
(wipefile) Changed to open O_WRONLY and chmod to write-only when
forcing.
(isaac_seedfd) Function deleted as unnecessary.
From Paul Eggert.
(dopass): Dynamically fall back to fsync() if fdatasync() fails,
since POSIX, in their infinitesimal wisdom, encourage implementations
that return constant -1, making compile-time testing useless.
From Paul Eggert.
(dopass): Changed to support a size of -1 to mean "unknown".
This entailed changing to a counting-up offset rather than couting-down
cursize for the central state variable. Also changed size argument to
be call-by-reference so that it can be passed back once known.
(sizer) Function deleted as unnecessary.
(wipefd): Changed to match. From Paul Eggert
(dopass): Try to skip over bad blocks in destination files.
Also added ftruncate() for more complete destruction of metadata.
(main, usage): Changed "-" to stand for standard output.
(wipefd): Added error message to detect conflict with -v.
(dopass): Added periodic fsync() calls to keep the pass progress
display in sync with reality. Hopefully they're sufficiently far spaced
that throughput isn't affected. It might be a good thing to do even in
non-verbose mode, to avoid filling up the kernel caches with dirty data.
Also added ftruncate() for more complete destruction of metadata.
(quotearg_colon): New function to print
pathological filenames properly.
[!HAVE_CONFIG_H] (quotearg_colon_buf) New internal helper function
that does most of the work.
(wipefd, do_wipefd, dopass) Now take a qname (pre-quoted name) argument.
(wipename, wipefile, main) Changed diagnostics to use quotearg_colon.
Error messages are also in a more uniform format.
From Paul Eggert.
(struct Options, main, do_wipefd): Added -s/--size=N flag.
(xstrtoul): Added support for valid_suffixes to help this.
(usage) Documented it.
(error): Changed some arguments from N_() to _(), since error()
does not translate its argument. I think this is a bug.
(struct Options do_wipefd, wipefd, wipefile, main): moved passes
argument into the Options structure as n_iterations, which is now a
size_t. From Paul Eggert.
(isaac_seed_start, isaac_seed_data, isaac_seed_finish): New functions
to manage seeding of RNG with arbitrary-sized data.
(isaac_init): commented out as dead code.
(isaac_seed): changed to use new functions to prevent any possibility of
a buffer overflow.
(isaac_seed): Added support for Solaris' gethrtime()
configure.in: Corresponding feature test. From Paul Eggert.
(wipename): Change remove() to unlink() for speed & portability.
Use lstat() instead of access() to see if a filename is taken. This
works even on dangling symlinks and avoids the suid problems of
access(2). From Paul Eggert.
(isaac_seed_machdep): New function for reading cycle counters
Remove options -dp. Do not read output files.
(long_opts, usage, main, wipefile): Adjust to new options.
("human.h", "quotearg.h"): New includes.
(struct Options): New members contents, links, n_iterations.
Remove allow_devices, remove_file. Change n_iterations to size_t.
All uses changed.
(output_block_size): New var.
(usage): Declare __noreturn__ attribute.
(fdatasync): Define to -1 if not present, since we need to invoke both
fdatasync and fsync if both are present. All invokers of fdatasync
now try fdatasync, then fsync.
(MIXIN): New macro.
(isaac_seed): Use it to mix in values. Add uid, gid to mix.
Don't use gettimeofday, as it has too many porting problems.
(isaac_seedfd): Remove, since we no longer read the output files.
(sizefd): Remove; we now determine size by writing sequentially.
(dopass, wipename, wipefile, main): Clean up error messages.
(dopass): Keep track of offset relative to start of file, not
end, since we may not know how large the file is. If size is
negative, write until we fall off the end of the file.
(wipefd): Do not read output file.
Return 0 if successful, -1 if not; do not make a special case for
non-regular files, since our callers have that info now.
(wipename): Now static. Return errno if error.
(main): "-" now stands for standard output.
Do not shred append-only standard output.
(wipefile): Do not grant read permission to file when wiping it.
Use symbolic permission (S_IWUSR), not octal.
From Paul Eggert.
(touch): Rewrite not to use `creat' and to eliminate a race
condition that could make touch truncate a nonempty file.
Report and suggestions from Andrew Tridgell.
[long_options]: Add entries for --help and --version.
Remove parse_long_options call.
(main) [getopt switch]: Add a case for each of --help and --version.
(mode_append_entry): Likewise.
(mode_compile): When none of [ugoa] is specified in an `=OP' change
mode request, insert a `=0' entry into the linked list so that all
bits are cleared first. Use the new functions.
