mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 20:45:13 +00:00
messaging and debugging enhancements
Now checks for GnuPG and lists available ciphers Some more information about the tomb opened is retrieved via cryptsetup Also some duplicate strings were eliminated and year notices were updated
This commit is contained in:
parent
35e1afdceb
commit
1af4c42749
89
src/tomb
89
src/tomb
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
# a tool to easily operate file encryption of private and secret data
|
# a tool to easily operate file encryption of private and secret data
|
||||||
#
|
#
|
||||||
# {{{ Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
|
# {{{ Copyleft (C) 2007-2012 Denis Roio <jaromil@dyne.org>
|
||||||
|
|
||||||
#
|
#
|
||||||
# This source code is free software; you can redistribute it and/or
|
# This source code is free software; you can redistribute it and/or
|
||||||
@ -23,8 +23,8 @@
|
|||||||
|
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ GLOBAL VARIABLES
|
# {{{ GLOBAL VARIABLES
|
||||||
VERSION=1.2
|
VERSION=1.3
|
||||||
DATE=Nov/2011
|
DATE=Nov/2012
|
||||||
TOMBEXEC=$0
|
TOMBEXEC=$0
|
||||||
TOMBOPENEXEC="${TOMBEXEC}-open"
|
TOMBOPENEXEC="${TOMBEXEC}-open"
|
||||||
typeset -a OLDARGS
|
typeset -a OLDARGS
|
||||||
@ -63,13 +63,13 @@ function _msg() {
|
|||||||
pchars=" . "; pcolor="green"
|
pchars=" . "; pcolor="green"
|
||||||
;;
|
;;
|
||||||
verbose)
|
verbose)
|
||||||
pchars="[D]"; pcolor="yellow"
|
pchars="[D]"; pcolor="blue"
|
||||||
;;
|
;;
|
||||||
success)
|
success)
|
||||||
pchars="(*)"; pcolor="green"; message="%{%F{$pcolor}%}${2}%{%f%}"
|
pchars="(*)"; pcolor="green"; message="%{%F{$pcolor}%}${2}%{%f%}"
|
||||||
;;
|
;;
|
||||||
warning)
|
warning)
|
||||||
pchars="[W]"; pcolor="red"; message="%{%F{yellow}%}${2}%{%f%}"
|
pchars="[W]"; pcolor="yellow"; message="%{%F{$pcolor}%}${2}%{%f%}"
|
||||||
;;
|
;;
|
||||||
failure)
|
failure)
|
||||||
pchars="[E]"; pcolor="red"; message="%{%F{$pcolor}%}${2}%{%f%}"
|
pchars="[E]"; pcolor="red"; message="%{%F{$pcolor}%}${2}%{%f%}"
|
||||||
@ -119,7 +119,7 @@ function _failure die()
|
|||||||
|
|
||||||
check_bin() {
|
check_bin() {
|
||||||
# check for required programs
|
# check for required programs
|
||||||
for req in cryptsetup pinentry sudo; do
|
for req in cryptsetup pinentry sudo gpg; do
|
||||||
which $req >/dev/null || die "Cannot find $req. Please install it." 1
|
which $req >/dev/null || die "Cannot find $req. Please install it." 1
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -285,11 +285,6 @@ EOF
|
|||||||
# {{{ - TOMB USAGE
|
# {{{ - TOMB USAGE
|
||||||
usage() {
|
usage() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Tomb $VERSION - a strong and gentle undertaker for your secrets
|
|
||||||
|
|
||||||
Copyright (C) 2007-2011 Dyne.org Foundation, License GNU GPL v3+
|
|
||||||
This is free software: you are free to change and redistribute it
|
|
||||||
The latest Tomb sourcecode is published on <http://tomb.dyne.org>
|
|
||||||
|
|
||||||
Syntax: tomb [options] command [file] [place]
|
Syntax: tomb [options] command [file] [place]
|
||||||
|
|
||||||
@ -320,7 +315,7 @@ Options:
|
|||||||
-f force operation (i.e. even if swap is active)
|
-f force operation (i.e. even if swap is active)
|
||||||
|
|
||||||
-h print this help
|
-h print this help
|
||||||
-v version information for this tool
|
-v print version, license and list of available ciphers
|
||||||
-q run quietly without printing informations
|
-q run quietly without printing informations
|
||||||
-D print debugging information at runtime
|
-D print debugging information at runtime
|
||||||
|
|
||||||
@ -333,8 +328,8 @@ EOF
|
|||||||
generate_translatable_strings() {
|
generate_translatable_strings() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
# Tomb - The Crypto Undertaker.
|
# Tomb - The Crypto Undertaker.
|
||||||
# Copyright (C) 2007-2011 Dyne.org Foundation
|
# Copyright (C) 2007-2012 Dyne.org Foundation
|
||||||
# Denis Roio <jaromil@dyne.org>, 2011.
|
# Denis Roio <jaromil@dyne.org>, 2012.
|
||||||
#
|
#
|
||||||
#, fuzzy
|
#, fuzzy
|
||||||
msgid ""
|
msgid ""
|
||||||
@ -492,6 +487,22 @@ print "-----END PGP MESSAGE-----"
|
|||||||
|
|
||||||
return $res
|
return $res
|
||||||
}
|
}
|
||||||
|
|
||||||
|
list_gnupg_ciphers() {
|
||||||
|
# prints an array of ciphers available in gnupg (to encrypt keys)
|
||||||
|
# prints an error if GnuPG is not found
|
||||||
|
which gnupg > /dev/null || die "gpg (GnuPG) is not found, Tomb cannot function without it."
|
||||||
|
|
||||||
|
ciphers=(`gpg --version | awk '
|
||||||
|
BEGIN { ciphers=0 }
|
||||||
|
/^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
|
||||||
|
/^Hash:/ { ciphers=0 }
|
||||||
|
{ if(ciphers==0) { next } else { gsub(/,/,""); print; } }
|
||||||
|
'`)
|
||||||
|
echo " ${ciphers}"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
# }}}
|
# }}}
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ - HOOK HELPERS
|
# {{{ - HOOK HELPERS
|
||||||
@ -805,7 +816,7 @@ mount_tomb() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_success "mounting $tombfile on mountpoint $tombmount"
|
_success "Opening $tombfile on $tombmount"
|
||||||
|
|
||||||
# we need root from here on
|
# we need root from here on
|
||||||
mkdir -p $tombmount
|
mkdir -p $tombmount
|
||||||
@ -825,13 +836,21 @@ mount_tomb() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
tombdump=(`cryptsetup luksDump ${nstloop} | awk '
|
||||||
|
/^Cipher name/ {print $3}
|
||||||
|
/^Cipher mode/ {print $3}
|
||||||
|
/^Hash spec/ {print $3}'`)
|
||||||
|
say "cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
|
||||||
|
|
||||||
|
|
||||||
# save date of mount in minutes since 1970
|
# save date of mount in minutes since 1970
|
||||||
mapdate=`date +%s`
|
mapdate=`date +%s`
|
||||||
|
|
||||||
|
|
||||||
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
||||||
keyname=`basename $tombkey | cut -d. -f1`
|
keyname=`basename $tombkey | cut -d. -f1`
|
||||||
|
|
||||||
_success "Password is required for key ${keyname}"
|
_warning "Password is required for key ${keyname}"
|
||||||
for c in 1 2 3; do
|
for c in 1 2 3; do
|
||||||
if [ $c = 1 ]; then
|
if [ $c = 1 ]; then
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
|
||||||
@ -855,13 +874,20 @@ mount_tomb() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if ! [ -r /dev/mapper/${mapper} ]; then
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
||||||
_warning "failure mounting the encrypted file"
|
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
$norm || rmdir ${tombmount} 2>/dev/null
|
$norm || rmdir ${tombmount} 2>/dev/null
|
||||||
return 1
|
die "failure mounting the encrypted file"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_message "encrypted storage filesystem check"
|
# array: [ cipher, keysize, loopdevice ]
|
||||||
|
tombstat=(`cryptsetup status ${mapper} | awk '
|
||||||
|
/cipher:/ {print $2}
|
||||||
|
/keysize:/ {print $2}
|
||||||
|
/device:/ {print $2}'`)
|
||||||
|
yes "Success unlocking tomb $tombname"
|
||||||
|
xxx "key size is $tombstat[2] for cipher $tombstat[1]"
|
||||||
|
|
||||||
|
_message "checking filesystem via $tombstat[3]"
|
||||||
fsck -p -C0 /dev/mapper/${mapper}
|
fsck -p -C0 /dev/mapper/${mapper}
|
||||||
xxx "tomb engraved as $tombname"
|
xxx "tomb engraved as $tombname"
|
||||||
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
|
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
|
||||||
@ -873,7 +899,7 @@ mount_tomb() {
|
|||||||
chmod 0750 ${tombmount}
|
chmod 0750 ${tombmount}
|
||||||
chown $(id -u $ME):$(id -g $ME) ${tombmount}
|
chown $(id -u $ME):$(id -g $ME) ${tombmount}
|
||||||
|
|
||||||
_success "encrypted storage $tombfile succesfully mounted on $tombmount"
|
_success "Success opening $tombfile on $tombmount"
|
||||||
if ! option_is_set -n ; then
|
if ! option_is_set -n ; then
|
||||||
exec_safe_bind_hooks ${tombmount}
|
exec_safe_bind_hooks ${tombmount}
|
||||||
exec_safe_post_hooks ${tombmount} open
|
exec_safe_post_hooks ${tombmount} open
|
||||||
@ -1327,6 +1353,11 @@ list_tombs() {
|
|||||||
print -n "$fg_no_bold[white] using "
|
print -n "$fg_no_bold[white] using "
|
||||||
print "$fg_bold[white]$tombfs $tombfsopts"
|
print "$fg_bold[white]$tombfs $tombfsopts"
|
||||||
|
|
||||||
|
print -n "$fg_no_bold[green]$tombname"
|
||||||
|
print -n "$fg_no_bold[white] cipher ${tombstat}"
|
||||||
|
print -n "keysize $tombstat[1]"
|
||||||
|
print "mounted via $tombstat[2]"
|
||||||
|
|
||||||
print -n "$fg_no_bold[green]$tombname"
|
print -n "$fg_no_bold[green]$tombname"
|
||||||
print -n "$fg_no_bold[white] open since "
|
print -n "$fg_no_bold[white] open since "
|
||||||
print "$fg_bold[white]$tombsince$fg_no_bold[white]"
|
print "$fg_bold[white]$tombsince$fg_no_bold[white]"
|
||||||
@ -1368,7 +1399,7 @@ launch_status() {
|
|||||||
|
|
||||||
which tomb-status > /dev/null
|
which tomb-status > /dev/null
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
_warning "Cannot find tomb-status binary, operation aborted."
|
die "Cannot find tomb-status binary, operation aborted."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -1703,11 +1734,19 @@ main() {
|
|||||||
mktemp) safe_dir ${CMD2} ;;
|
mktemp) safe_dir ${CMD2} ;;
|
||||||
translate) generate_translatable_strings ;;
|
translate) generate_translatable_strings ;;
|
||||||
__default)
|
__default)
|
||||||
if option_is_set -v; then
|
cat <<EOF
|
||||||
echo Tomb - $VERSION
|
Tomb $VERSION - a strong and gentle undertaker for your secrets
|
||||||
else
|
|
||||||
|
Copyright (C) 2007-2012 Dyne.org Foundation, License GNU GPL v3+
|
||||||
|
This is free software: you are free to change and redistribute it
|
||||||
|
The latest Tomb sourcecode is published on <http://tomb.dyne.org>
|
||||||
|
|
||||||
|
GnuPG available ciphers:
|
||||||
|
`list_gnupg_ciphers`
|
||||||
|
EOF
|
||||||
|
option_is_set -v && return 0
|
||||||
|
|
||||||
usage
|
usage
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
_warning "command \"$CMD\" not recognized"
|
_warning "command \"$CMD\" not recognized"
|
||||||
|
Loading…
Reference in New Issue
Block a user