When setting up LUKS, erase the cleartext device rather than the cryptotext one

That way the cryptotext device will be full of noise instead of
zeroes, that way not conveying that there isn't a lot of data on the
device.

Signed-off-by: David Zeuthen <zeuthen@gmail.com>

diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
index d0b490f..f4b9a5c 100644 (file)
--- a/src/udiskslinuxblock.c
+++ b/src/udiskslinuxblock.c
@@ -2052,8 +2052,11 @@ handle_format (UDisksBlock           *block,
       goto out;
     }
 
-  /* Erase the device, if requested */
-  if (erase_type != NULL)
+  /* Erase the device, if requested
+   *
+   * (but not if using encryption, we want to erase the cleartext device, see below)
+   */
+  if (erase_type != NULL && encrypt_passphrase == NULL)
     {
       if (!erase_device (block, object, daemon, caller_uid, erase_type, &error))
         {
@@ -2165,6 +2168,17 @@ handle_format (UDisksBlock           *block,
       block_to_mkfs = block;
     }
 
+  /* If using encryption, now erase the cleartext device (if requested) */
+  if (encrypt_passphrase != NULL && erase_type != NULL)
+    {
+      if (!erase_device (block_to_mkfs, object_to_mkfs, daemon, caller_uid, erase_type, &error))
+        {
+          g_prefix_error (&error, "Error erasing cleartext device: ");
+          g_dbus_method_invocation_take_error (invocation, error);
+          goto out;
+        }
+    }
+
   /* Set label, if needed */
   if (g_variant_lookup (options, "label", "&s", &label))
     {