Directory reorganization
This commit re-organizes all the source distribution contents to present users with the simple script, while moving the rest in extras. Also autoconf/automake scripts were removed, back to minimalism. The rationale of this change is that Tomb really only consists of a script and users with no extra needs should just be presented with it with no need for anything else. Any other thing on top of the Tomb script is an extra and can be even distributed separately or integrated in distributions.
302
INSTALL
@ -1,302 +0,0 @@
|
|||||||
Installation Instructions
|
|
||||||
*************************
|
|
||||||
|
|
||||||
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
|
|
||||||
2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
This file is free documentation; the Free Software Foundation gives
|
|
||||||
unlimited permission to copy, distribute and modify it.
|
|
||||||
|
|
||||||
Basic Installation
|
|
||||||
==================
|
|
||||||
|
|
||||||
Briefly, the shell commands `./configure; make; make install' should
|
|
||||||
configure, build, and install this package. The following
|
|
||||||
more-detailed instructions are generic; see the `README' file for
|
|
||||||
instructions specific to this package.
|
|
||||||
|
|
||||||
The `configure' shell script attempts to guess correct values for
|
|
||||||
various system-dependent variables used during compilation. It uses
|
|
||||||
those values to create a `Makefile' in each directory of the package.
|
|
||||||
It may also create one or more `.h' files containing system-dependent
|
|
||||||
definitions. Finally, it creates a shell script `config.status' that
|
|
||||||
you can run in the future to recreate the current configuration, and a
|
|
||||||
file `config.log' containing compiler output (useful mainly for
|
|
||||||
debugging `configure').
|
|
||||||
|
|
||||||
It can also use an optional file (typically called `config.cache'
|
|
||||||
and enabled with `--cache-file=config.cache' or simply `-C') that saves
|
|
||||||
the results of its tests to speed up reconfiguring. Caching is
|
|
||||||
disabled by default to prevent problems with accidental use of stale
|
|
||||||
cache files.
|
|
||||||
|
|
||||||
If you need to do unusual things to compile the package, please try
|
|
||||||
to figure out how `configure' could check whether to do them, and mail
|
|
||||||
diffs or instructions to the address given in the `README' so they can
|
|
||||||
be considered for the next release. If you are using the cache, and at
|
|
||||||
some point `config.cache' contains results you don't want to keep, you
|
|
||||||
may remove or edit it.
|
|
||||||
|
|
||||||
The file `configure.ac' (or `configure.in') is used to create
|
|
||||||
`configure' by a program called `autoconf'. You need `configure.ac' if
|
|
||||||
you want to change it or regenerate `configure' using a newer version
|
|
||||||
of `autoconf'.
|
|
||||||
|
|
||||||
The simplest way to compile this package is:
|
|
||||||
|
|
||||||
1. `cd' to the directory containing the package's source code and type
|
|
||||||
`./configure' to configure the package for your system.
|
|
||||||
|
|
||||||
Running `configure' might take a while. While running, it prints
|
|
||||||
some messages telling which features it is checking for.
|
|
||||||
|
|
||||||
2. Type `make' to compile the package.
|
|
||||||
|
|
||||||
3. Optionally, type `make check' to run any self-tests that come with
|
|
||||||
the package.
|
|
||||||
|
|
||||||
4. Type `make install' to install the programs and any data files and
|
|
||||||
documentation.
|
|
||||||
|
|
||||||
5. You can remove the program binaries and object files from the
|
|
||||||
source code directory by typing `make clean'. To also remove the
|
|
||||||
files that `configure' created (so you can compile the package for
|
|
||||||
a different kind of computer), type `make distclean'. There is
|
|
||||||
also a `make maintainer-clean' target, but that is intended mainly
|
|
||||||
for the package's developers. If you use it, you may have to get
|
|
||||||
all sorts of other programs in order to regenerate files that came
|
|
||||||
with the distribution.
|
|
||||||
|
|
||||||
6. Often, you can also type `make uninstall' to remove the installed
|
|
||||||
files again.
|
|
||||||
|
|
||||||
Compilers and Options
|
|
||||||
=====================
|
|
||||||
|
|
||||||
Some systems require unusual options for compilation or linking that
|
|
||||||
the `configure' script does not know about. Run `./configure --help'
|
|
||||||
for details on some of the pertinent environment variables.
|
|
||||||
|
|
||||||
You can give `configure' initial values for configuration parameters
|
|
||||||
by setting variables in the command line or in the environment. Here
|
|
||||||
is an example:
|
|
||||||
|
|
||||||
./configure CC=c99 CFLAGS=-g LIBS=-lposix
|
|
||||||
|
|
||||||
*Note Defining Variables::, for more details.
|
|
||||||
|
|
||||||
Compiling For Multiple Architectures
|
|
||||||
====================================
|
|
||||||
|
|
||||||
You can compile the package for more than one kind of computer at the
|
|
||||||
same time, by placing the object files for each architecture in their
|
|
||||||
own directory. To do this, you can use GNU `make'. `cd' to the
|
|
||||||
directory where you want the object files and executables to go and run
|
|
||||||
the `configure' script. `configure' automatically checks for the
|
|
||||||
source code in the directory that `configure' is in and in `..'.
|
|
||||||
|
|
||||||
With a non-GNU `make', it is safer to compile the package for one
|
|
||||||
architecture at a time in the source code directory. After you have
|
|
||||||
installed the package for one architecture, use `make distclean' before
|
|
||||||
reconfiguring for another architecture.
|
|
||||||
|
|
||||||
On MacOS X 10.5 and later systems, you can create libraries and
|
|
||||||
executables that work on multiple system types--known as "fat" or
|
|
||||||
"universal" binaries--by specifying multiple `-arch' options to the
|
|
||||||
compiler but only a single `-arch' option to the preprocessor. Like
|
|
||||||
this:
|
|
||||||
|
|
||||||
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
|
||||||
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
|
||||||
CPP="gcc -E" CXXCPP="g++ -E"
|
|
||||||
|
|
||||||
This is not guaranteed to produce working output in all cases, you
|
|
||||||
may have to build one architecture at a time and combine the results
|
|
||||||
using the `lipo' tool if you have problems.
|
|
||||||
|
|
||||||
Installation Names
|
|
||||||
==================
|
|
||||||
|
|
||||||
By default, `make install' installs the package's commands under
|
|
||||||
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
|
||||||
can specify an installation prefix other than `/usr/local' by giving
|
|
||||||
`configure' the option `--prefix=PREFIX'.
|
|
||||||
|
|
||||||
You can specify separate installation prefixes for
|
|
||||||
architecture-specific files and architecture-independent files. If you
|
|
||||||
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
|
|
||||||
PREFIX as the prefix for installing programs and libraries.
|
|
||||||
Documentation and other data files still use the regular prefix.
|
|
||||||
|
|
||||||
In addition, if you use an unusual directory layout you can give
|
|
||||||
options like `--bindir=DIR' to specify different values for particular
|
|
||||||
kinds of files. Run `configure --help' for a list of the directories
|
|
||||||
you can set and what kinds of files go in them.
|
|
||||||
|
|
||||||
If the package supports it, you can cause programs to be installed
|
|
||||||
with an extra prefix or suffix on their names by giving `configure' the
|
|
||||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
|
||||||
|
|
||||||
Optional Features
|
|
||||||
=================
|
|
||||||
|
|
||||||
Some packages pay attention to `--enable-FEATURE' options to
|
|
||||||
`configure', where FEATURE indicates an optional part of the package.
|
|
||||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
|
||||||
is something like `gnu-as' or `x' (for the X Window System). The
|
|
||||||
`README' should mention any `--enable-' and `--with-' options that the
|
|
||||||
package recognizes.
|
|
||||||
|
|
||||||
For packages that use the X Window System, `configure' can usually
|
|
||||||
find the X include and library files automatically, but if it doesn't,
|
|
||||||
you can use the `configure' options `--x-includes=DIR' and
|
|
||||||
`--x-libraries=DIR' to specify their locations.
|
|
||||||
|
|
||||||
Particular systems
|
|
||||||
==================
|
|
||||||
|
|
||||||
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
|
|
||||||
CC is not installed, it is recommended to use the following options in
|
|
||||||
order to use an ANSI C compiler:
|
|
||||||
|
|
||||||
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
|
|
||||||
|
|
||||||
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
|
|
||||||
|
|
||||||
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
|
|
||||||
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
|
|
||||||
a workaround. If GNU CC is not installed, it is therefore recommended
|
|
||||||
to try
|
|
||||||
|
|
||||||
./configure CC="cc"
|
|
||||||
|
|
||||||
and if that doesn't work, try
|
|
||||||
|
|
||||||
./configure CC="cc -nodtk"
|
|
||||||
|
|
||||||
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
|
|
||||||
directory contains several dysfunctional programs; working variants of
|
|
||||||
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
|
|
||||||
in your `PATH', put it _after_ `/usr/bin'.
|
|
||||||
|
|
||||||
On Haiku, software installed for all users goes in `/boot/common',
|
|
||||||
not `/usr/local'. It is recommended to use the following options:
|
|
||||||
|
|
||||||
./configure --prefix=/boot/common
|
|
||||||
|
|
||||||
Specifying the System Type
|
|
||||||
==========================
|
|
||||||
|
|
||||||
There may be some features `configure' cannot figure out
|
|
||||||
automatically, but needs to determine by the type of machine the package
|
|
||||||
will run on. Usually, assuming the package is built to be run on the
|
|
||||||
_same_ architectures, `configure' can figure that out, but if it prints
|
|
||||||
a message saying it cannot guess the machine type, give it the
|
|
||||||
`--build=TYPE' option. TYPE can either be a short name for the system
|
|
||||||
type, such as `sun4', or a canonical name which has the form:
|
|
||||||
|
|
||||||
CPU-COMPANY-SYSTEM
|
|
||||||
|
|
||||||
where SYSTEM can have one of these forms:
|
|
||||||
|
|
||||||
OS
|
|
||||||
KERNEL-OS
|
|
||||||
|
|
||||||
See the file `config.sub' for the possible values of each field. If
|
|
||||||
`config.sub' isn't included in this package, then this package doesn't
|
|
||||||
need to know the machine type.
|
|
||||||
|
|
||||||
If you are _building_ compiler tools for cross-compiling, you should
|
|
||||||
use the option `--target=TYPE' to select the type of system they will
|
|
||||||
produce code for.
|
|
||||||
|
|
||||||
If you want to _use_ a cross compiler, that generates code for a
|
|
||||||
platform different from the build platform, you should specify the
|
|
||||||
"host" platform (i.e., that on which the generated programs will
|
|
||||||
eventually be run) with `--host=TYPE'.
|
|
||||||
|
|
||||||
Sharing Defaults
|
|
||||||
================
|
|
||||||
|
|
||||||
If you want to set default values for `configure' scripts to share,
|
|
||||||
you can create a site shell script called `config.site' that gives
|
|
||||||
default values for variables like `CC', `cache_file', and `prefix'.
|
|
||||||
`configure' looks for `PREFIX/share/config.site' if it exists, then
|
|
||||||
`PREFIX/etc/config.site' if it exists. Or, you can set the
|
|
||||||
`CONFIG_SITE' environment variable to the location of the site script.
|
|
||||||
A warning: not all `configure' scripts look for a site script.
|
|
||||||
|
|
||||||
Defining Variables
|
|
||||||
==================
|
|
||||||
|
|
||||||
Variables not defined in a site shell script can be set in the
|
|
||||||
environment passed to `configure'. However, some packages may run
|
|
||||||
configure again during the build, and the customized values of these
|
|
||||||
variables may be lost. In order to avoid this problem, you should set
|
|
||||||
them in the `configure' command line, using `VAR=value'. For example:
|
|
||||||
|
|
||||||
./configure CC=/usr/local2/bin/gcc
|
|
||||||
|
|
||||||
causes the specified `gcc' to be used as the C compiler (unless it is
|
|
||||||
overridden in the site shell script).
|
|
||||||
|
|
||||||
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
|
|
||||||
an Autoconf bug. Until the bug is fixed you can use this workaround:
|
|
||||||
|
|
||||||
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
|
|
||||||
|
|
||||||
`configure' Invocation
|
|
||||||
======================
|
|
||||||
|
|
||||||
`configure' recognizes the following options to control how it
|
|
||||||
operates.
|
|
||||||
|
|
||||||
`--help'
|
|
||||||
`-h'
|
|
||||||
Print a summary of all of the options to `configure', and exit.
|
|
||||||
|
|
||||||
`--help=short'
|
|
||||||
`--help=recursive'
|
|
||||||
Print a summary of the options unique to this package's
|
|
||||||
`configure', and exit. The `short' variant lists options used
|
|
||||||
only in the top level, while the `recursive' variant lists options
|
|
||||||
also present in any nested packages.
|
|
||||||
|
|
||||||
`--version'
|
|
||||||
`-V'
|
|
||||||
Print the version of Autoconf used to generate the `configure'
|
|
||||||
script, and exit.
|
|
||||||
|
|
||||||
`--cache-file=FILE'
|
|
||||||
Enable the cache: use and save the results of the tests in FILE,
|
|
||||||
traditionally `config.cache'. FILE defaults to `/dev/null' to
|
|
||||||
disable caching.
|
|
||||||
|
|
||||||
`--config-cache'
|
|
||||||
`-C'
|
|
||||||
Alias for `--cache-file=config.cache'.
|
|
||||||
|
|
||||||
`--quiet'
|
|
||||||
`--silent'
|
|
||||||
`-q'
|
|
||||||
Do not print messages saying which checks are being made. To
|
|
||||||
suppress all normal output, redirect it to `/dev/null' (any error
|
|
||||||
messages will still be shown).
|
|
||||||
|
|
||||||
`--srcdir=DIR'
|
|
||||||
Look for the package's source code in directory DIR. Usually
|
|
||||||
`configure' can determine that directory automatically.
|
|
||||||
|
|
||||||
`--prefix=DIR'
|
|
||||||
Use DIR as the installation prefix. *Note Installation Names::
|
|
||||||
for more details, including other options available for fine-tuning
|
|
||||||
the installation locations.
|
|
||||||
|
|
||||||
`--no-create'
|
|
||||||
`-n'
|
|
||||||
Run the configure checks, but stop before creating any output
|
|
||||||
files.
|
|
||||||
|
|
||||||
`configure' also accepts some other, not widely useful, options. Run
|
|
||||||
`configure --help' for more details.
|
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
SUBDIRS = src src/kdf share doc
|
|
14
NEWS
@ -1,14 +0,0 @@
|
|||||||
Critical bugfix
|
|
||||||
|
|
||||||
The previous version of Tomb had a critical bug: passwords containing
|
|
||||||
odd characters where badly interpreted and split at spaces. This means
|
|
||||||
that if you password was ‘I am 12!! perfectly 7^!@^#38123 secure' it
|
|
||||||
has been understood by tomb as simply ‘I’ being split at the first
|
|
||||||
“odd” character. So even if you thought you have a long pass-phrase,
|
|
||||||
instead it might have happened that you were using a single character
|
|
||||||
one.
|
|
||||||
|
|
||||||
Now this bug has been fixed. However, it won’t fix the password for
|
|
||||||
the tomb that you created and used so far: you need to change the
|
|
||||||
password using the new command 'tomb passwd'.
|
|
||||||
|
|
182
configure.ac
@ -1,182 +0,0 @@
|
|||||||
dnl ==============================================================
|
|
||||||
dnl Process this file with autoconf to produce a configure script.
|
|
||||||
dnl ==============================================================
|
|
||||||
|
|
||||||
AC_PREREQ([2.60])
|
|
||||||
|
|
||||||
AC_INIT([Tomb],[1.2],[jaromil@dyne.org],[Tomb])
|
|
||||||
AC_CONFIG_MACRO_DIR([m4])
|
|
||||||
|
|
||||||
AC_CANONICAL_HOST
|
|
||||||
|
|
||||||
dnl backwards compatibility for autoconf >= 2.64
|
|
||||||
dnl PACKAGE_URL should be the fifth argument of AC_INIT
|
|
||||||
m4_define([AC_PACKAGE_URL], [http://tomb.dyne.org])
|
|
||||||
dnl AC_DEFINE(PACKAGE_URL, "AC_PACKAGE_URL", [Package URL])
|
|
||||||
AC_SUBST(PACKAGE_URL, AC_PACKAGE_URL)
|
|
||||||
|
|
||||||
dnl ==============================================================
|
|
||||||
dnl Get the operating system and version number...
|
|
||||||
dnl ==============================================================
|
|
||||||
AC_MSG_CHECKING([for which platform we are setting up])
|
|
||||||
|
|
||||||
case "$host_os" in
|
|
||||||
*linux*)
|
|
||||||
AC_MSG_RESULT([Linux])
|
|
||||||
have_linux=yes
|
|
||||||
|
|
||||||
if test x$have_x86_64 = xyes; then
|
|
||||||
have_64bit=yes
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test x$have_x86_32 = xyes; then
|
|
||||||
have_32bit=yes
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
|
|
||||||
*darwin*)
|
|
||||||
AC_MSG_RESULT([Darwin/OSX])
|
|
||||||
have_darwin=yes
|
|
||||||
;;
|
|
||||||
|
|
||||||
*freebsd*)
|
|
||||||
AC_MSG_RESULT([FreeBSD])
|
|
||||||
have_freebsd=yes
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
AC_MSG_RESULT([$host_os?!])
|
|
||||||
AC_MSG_ERROR([[
|
|
||||||
[!] Your system architecture is not supported by Tomb.
|
|
||||||
]], 0)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
dnl ==============================================================
|
|
||||||
dnl Setup for automake
|
|
||||||
dnl ==============================================================
|
|
||||||
|
|
||||||
AM_INIT_AUTOMAKE([dist-bzip2 subdir-objects -Wno-portability])
|
|
||||||
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
|
||||||
|
|
||||||
AC_CONFIG_SRCDIR([src/tomb])
|
|
||||||
|
|
||||||
dnl Checks for reguired programs.
|
|
||||||
AC_PROG_CC
|
|
||||||
AC_PROG_INSTALL
|
|
||||||
|
|
||||||
dnl translation infrastructure
|
|
||||||
dnl waiting for translations..
|
|
||||||
dnl AM_GNU_GETTEXT
|
|
||||||
dnl AM_GNU_GETTEXT_VERSION(0.12)
|
|
||||||
|
|
||||||
dnl ---------------------------------------------------------------
|
|
||||||
dnl Checks for external programs.
|
|
||||||
|
|
||||||
dnl none of these will fail with error if missing since technically
|
|
||||||
dnl these are not *build* dependencies, but *runtime* dependencies.
|
|
||||||
|
|
||||||
dnl Mandatory
|
|
||||||
AC_CHECK_PROG(have_zsh,zsh,yes,no)
|
|
||||||
AC_CHECK_PROG(have_cryptsetup,cryptsetup,yes,no,[/sbin$PATH_SEPARATOR/usr/local/sbin$PATH_SEPARATOR$PATH])
|
|
||||||
AC_CHECK_PROG(have_pinentry,pinentry,yes,no)
|
|
||||||
AC_CHECK_PROG(have_sudo,sudo,yes,no)
|
|
||||||
dnl Optional
|
|
||||||
AC_CHECK_PROG(have_wipe,wipe,yes,no)
|
|
||||||
AC_CHECK_PROG(have_dcfldd,dcfldd,yes,no)
|
|
||||||
dnl ---------------------------------------------------------------
|
|
||||||
|
|
||||||
PKG_CHECK_MODULES(GTK2, [gtk+-2.0 >= 2.16], :,
|
|
||||||
AC_MSG_ERROR([*** Gtk+2 >=2.16 development files not found!]))
|
|
||||||
AC_ARG_WITH(gtk, "used for tomb-status[reccomended]", [], [with_gtk=check])
|
|
||||||
GTK_DETECTED=no
|
|
||||||
AS_IF([test "x$with_gtk" != xno],
|
|
||||||
[ PKG_CHECK_MODULES(GTK2, [gtk+-2.0 >= 2.16],
|
|
||||||
[GTK_DETECTED=yes],
|
|
||||||
[if test "x$with_gtk" != check; then
|
|
||||||
AC_MSG_ERROR([*** Gtk+2 >=2.16 development files not found!])
|
|
||||||
fi]
|
|
||||||
)
|
|
||||||
]
|
|
||||||
)
|
|
||||||
AM_CONDITIONAL([GTK], [test "x$GTK_DETECTED" = xyes])
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_WITH(gcrypt, "used for kdf=pbkdf2 [reccomended]", [], [with_gcrypt=check])
|
|
||||||
GCRYPT_DETECTED=no
|
|
||||||
AS_IF([test "x$with_gcrypt" != xno],
|
|
||||||
[ AM_PATH_LIBGCRYPT([1.5.0],
|
|
||||||
[GCRYPT_DETECTED=yes],
|
|
||||||
[if test "x$with_gcrypt" != check; then
|
|
||||||
AC_MSG_ERROR([gcrypt development files not found])
|
|
||||||
fi]) ]
|
|
||||||
)
|
|
||||||
AM_CONDITIONAL([GCRYPT], [test "x$GCRYPT_DETECTED" = xyes])
|
|
||||||
AC_SUBST([GTK2_CFLAGS])
|
|
||||||
AC_SUBST([GTK2_LIBS])
|
|
||||||
|
|
||||||
PKG_CHECK_MODULES(NOTIFY, libnotify, :,
|
|
||||||
AC_MSG_ERROR([*** libnotify development files not found!]))
|
|
||||||
AC_SUBST([NOTIFY_CFLAGS])
|
|
||||||
AC_SUBST([NOTIFY_LIBS])
|
|
||||||
REALCFLAGS="$CFLAGS"
|
|
||||||
REALLIBS="$LIBS"
|
|
||||||
CFLAGS="$NOTIFY_CFLAGS $CFLAGS"
|
|
||||||
LIBS="$NOTIFY_LIBS $LIBS"
|
|
||||||
AC_CHECK_FUNCS([notify_notification_new_with_status_icon])
|
|
||||||
CFLAGS="$REALCFLAGS"
|
|
||||||
LIBS="$REALLIBS"
|
|
||||||
|
|
||||||
dnl compile with full warnings and debugging symbols
|
|
||||||
AC_ARG_ENABLE(debug,
|
|
||||||
AS_HELP_STRING([--enable-debug],[compile with debug symbols (no)]),
|
|
||||||
[enable_debug=$enableval],
|
|
||||||
[enable_debug=no])
|
|
||||||
AC_MSG_CHECKING([if compiling with debug symbols])
|
|
||||||
if test x$enable_debug = xyes; then
|
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
CFLAGS="$CFLAGS -Wall -g -ggdb"
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
fi
|
|
||||||
AC_SUBST(CFLAGS)
|
|
||||||
|
|
||||||
|
|
||||||
PACKAGE_DATA_DIR='${prefix}/share/tomb'
|
|
||||||
AC_SUBST(PACKAGE_DATA_DIR)
|
|
||||||
# mime TODO see http://www.freedesktop.org/wiki/Specifications/AddingMIMETutor
|
|
||||||
XDG_DATA_DIR='${prefix}/share/mime/packages'
|
|
||||||
AC_SUBST(XDG_DATA_DIR)
|
|
||||||
|
|
||||||
|
|
||||||
dnl alphabetic order on dir/subdir, but Makefile sorts before everything
|
|
||||||
AC_CONFIG_FILES([
|
|
||||||
Makefile
|
|
||||||
src/Makefile
|
|
||||||
src/kdf/Makefile
|
|
||||||
doc/Makefile
|
|
||||||
share/Makefile
|
|
||||||
])
|
|
||||||
AC_OUTPUT
|
|
||||||
|
|
||||||
dnl function to print verbose configure options only if V=1 is passed to
|
|
||||||
dnl configure
|
|
||||||
AC_DEFUN([VRB],
|
|
||||||
AS_IF([test x"$V" == x1], INFO([$1])))
|
|
||||||
|
|
||||||
dnl autoconf < 2.63 compatibility
|
|
||||||
m4_ifndef([AS_VAR_APPEND],
|
|
||||||
AC_DEFUN([AS_VAR_APPEND], $1=$$1$2))
|
|
||||||
|
|
||||||
dnl convenience function so that INFO messages go to config.log and to stdout,
|
|
||||||
dnl useful when debugging user problems only config.log is needed
|
|
||||||
AC_DEFUN([INFO],
|
|
||||||
AS_ECHO(["$1"]) >&AS_MESSAGE_LOG_FD
|
|
||||||
AS_ECHO(["$1"]) >&AS_MESSAGE_FD)
|
|
||||||
|
|
||||||
dnl as above, but no newline at the end
|
|
||||||
AC_DEFUN([INFO_N],
|
|
||||||
AS_ECHO_N(["$1"]) >&AS_MESSAGE_LOG_FD
|
|
||||||
AS_ECHO_N(["$1"]) >&AS_MESSAGE_FD)
|
|
263
doc/tomb-open.1
@ -1,263 +0,0 @@
|
|||||||
.TH tomb 1 "Sept 26, 2011" "tomb"
|
|
||||||
|
|
||||||
.SH NAME
|
|
||||||
Tomb \- the Crypto Undertaker
|
|
||||||
|
|
||||||
.SH SYNOPSIS
|
|
||||||
.B
|
|
||||||
.IP "tomb [options] command [arguments]"
|
|
||||||
.B
|
|
||||||
.IP "tomb-open [file]"
|
|
||||||
.B
|
|
||||||
.IP "tomb-status mountpoint"
|
|
||||||
|
|
||||||
.SH DESCRIPTION
|
|
||||||
|
|
||||||
Tomb is an application to manage the creation and access of encrypted
|
|
||||||
storage files: it can be operated from commandline and it can
|
|
||||||
integrate with a user's graphical desktop.
|
|
||||||
|
|
||||||
Tomb generates encrypted storage files to be opened and closed using
|
|
||||||
their associated keys, which are also protected with a password chosen
|
|
||||||
by the user. To create, open and close tombs a user will need super
|
|
||||||
user rights to execute the tomb commandline utility.
|
|
||||||
|
|
||||||
A tomb is like a locked folder that can be safely transported and
|
|
||||||
hidden in a filesystem; it encourages users to keep their keys
|
|
||||||
separate from tombs, for instance keeping a tomb file on your computer
|
|
||||||
harddisk and its key file on a USB stick.
|
|
||||||
|
|
||||||
For simplified use, the command \fItomb-open\fR starts a wizard that
|
|
||||||
guides users in the creation of a new tomb or, if a tomb file is
|
|
||||||
specified as \fIargument\fR, it opens it and makes it accessible in a
|
|
||||||
default location under the /media folder, starting the status tray
|
|
||||||
applet (\fItomb-status\fR) if a desktop is present.
|
|
||||||
|
|
||||||
|
|
||||||
.SH COMMANDS
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "create"
|
|
||||||
Creates a new encrypted storage tomb and its key, named as specified
|
|
||||||
by the given \fIargument\fR.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "open"
|
|
||||||
Opens an existing tomb file specified in the \fIfirst argument\fR. If
|
|
||||||
a \fIsecond argument\fR is given it will indicate the \fImountpoint\fR
|
|
||||||
where the tomb should be made accessible, if not then the tomb is
|
|
||||||
mounted in a directory named after the filename and inside /media.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "list"
|
|
||||||
|
|
||||||
List all the tombs found open, including information about the time
|
|
||||||
they were opened and the hooks that they mounted. If the \fIfirst
|
|
||||||
argument\fR is present, then shows only the tomb named that way or
|
|
||||||
returns an error if its not found.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "close"
|
|
||||||
Closes a currently open tomb. When \fIan argument\fR is specified, it
|
|
||||||
should be the name of a mounted tomb; if not specified and only one
|
|
||||||
tomb is open then it will be closed; if multiple tombs are open, the
|
|
||||||
command will list them on the terminal. The special
|
|
||||||
\fIargument\fR 'all' will close all currently open tombs. This command
|
|
||||||
fails if the tomb is in use by running processes, the command
|
|
||||||
\fIslam\fR can be used to force close.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "passwd"
|
|
||||||
Changes the password of a tomb key file specified in the \fIfirst
|
|
||||||
argument\fR. It will need the old password to decode the key file, it
|
|
||||||
will then reencode it using the new password.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "slam"
|
|
||||||
Closes a tomb like the command \fIclose\fR does, but in case it is in
|
|
||||||
use looks for all the processes accessing its files and violently
|
|
||||||
kills them using \-9.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "bury"
|
|
||||||
Hides a tomb key (\fIfirst argument\fR) inside a jpeg image (\fIsecond
|
|
||||||
argument\fR) using steganography: the image will change in a way that
|
|
||||||
cannot be noticed by human eyes and the presence of the key inside it
|
|
||||||
isn't detectable without the right password. This option is useful to
|
|
||||||
backup tomb keys in unsuspected places; it uses steghide and the
|
|
||||||
serpent encryption algorithm.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "exhume"
|
|
||||||
Extracts a named tomb key (\fIfirst argument\fR) from a (jpeg) image file
|
|
||||||
(\fIsecond argument\fR) known to be containing it, if the right password is
|
|
||||||
given. This is used to recoved buried keys from unsuspected places.
|
|
||||||
|
|
||||||
.SH OPTIONS
|
|
||||||
.B
|
|
||||||
.B
|
|
||||||
.IP "-s \fI<MBytes>\fR"
|
|
||||||
When creating a tomb, this option MUST be used to specify the size of
|
|
||||||
the new \fIfile\fR to be created, in megabytes.
|
|
||||||
.B
|
|
||||||
.IP "-k \fI<keyfile>\fR"
|
|
||||||
When opening a tomb, this option can be used to specify the location
|
|
||||||
of the key to use. Keys are created with the same name of the tomb
|
|
||||||
file adding a '.gpg' suffix, but can be later renamed and transported
|
|
||||||
on other media. When a key is not found, the program asks to insert a
|
|
||||||
USB storage device and it will look for the key file inside it.
|
|
||||||
If \fI<keyfile>\fR is "-" (dash), it will read stdin
|
|
||||||
.IP
|
|
||||||
When creating a tomb, this option can be used to specify the name (and
|
|
||||||
location) of the key you are creating. For example, you could use
|
|
||||||
.EX
|
|
||||||
tomb create -s 100 tombname -k /media/usb/tombname
|
|
||||||
.EE
|
|
||||||
to put the key on a usb pendrive
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "-n"
|
|
||||||
Skip processing of post-hooks and bind-hooks if found inside the tomb.
|
|
||||||
See the \fIHOOKS\fR section in this manual for more information.
|
|
||||||
.B
|
|
||||||
.IP "-o"
|
|
||||||
Manually specify mount options to be used when opening a tomb instead
|
|
||||||
of the default \fIrw,noatime,nodev\fR. This option can be used to
|
|
||||||
mount a tomb read-only (ro) to prevent any modification of its data,
|
|
||||||
or to experiment with other settings (if you really know what you are
|
|
||||||
doing) see the mount(8) man page.
|
|
||||||
.B
|
|
||||||
.IP "--ignore-swap"
|
|
||||||
By default, Tomb will abort any create and open operation if swap is used (see
|
|
||||||
SWAP section for details). This flag will disable this behaviour. NOTE: it is
|
|
||||||
not secure to do so, unless you know that your swap is encrypted
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "-h"
|
|
||||||
Display a help text and quit
|
|
||||||
.B
|
|
||||||
.IP "-v"
|
|
||||||
Display version and quit
|
|
||||||
.B
|
|
||||||
.IP "-q"
|
|
||||||
Run more quietly
|
|
||||||
.B
|
|
||||||
.IP "-D"
|
|
||||||
Print more information while running, for debugging purposes
|
|
||||||
.B
|
|
||||||
.IP "--no-color"
|
|
||||||
Don't use colors; useful for old terminals or integration in other scripts
|
|
||||||
|
|
||||||
|
|
||||||
.SH HOOKS
|
|
||||||
|
|
||||||
Hooks are special files that can be placed inside the tomb and trigger
|
|
||||||
actions when it is opened and closed; there are two kinds of such
|
|
||||||
files: \fIbind-hooks\fR and \fIpost-hooks\fR can be placed in the
|
|
||||||
base root of the tomb.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "bind-hooks"
|
|
||||||
This hook file consists of a simple two column list of files or
|
|
||||||
directories inside the tomb to be made directly accessible inside the
|
|
||||||
current user's home directory. Tomb will use the "mount \-o bind"
|
|
||||||
command to bind locations inside the tomb to locations found in $HOME
|
|
||||||
so in the first column are indicated paths relative to the tomb and in
|
|
||||||
the second column are indicated paths relative to $HOME contents, for
|
|
||||||
example:
|
|
||||||
|
|
||||||
mail mail
|
|
||||||
.gnupg .gnupg
|
|
||||||
.fmrc .fetchmailrc
|
|
||||||
.mozilla .mozilla
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "post-hooks"
|
|
||||||
This hook file gets executed as user by tomb right after opening it;
|
|
||||||
it can consist of a shell script of a binary executable that performs
|
|
||||||
batch operations every time a tomb is opened.
|
|
||||||
|
|
||||||
.SH PRIVILEGE ESCALATION
|
|
||||||
|
|
||||||
The tomb commandline tool needs to acquire super user rights to
|
|
||||||
execute most of its operations: to do so it uses sudo(8), while
|
|
||||||
pinentry(1) is adopted to collect passwords from the user.
|
|
||||||
|
|
||||||
Tomb executes as super user only those commands requiring it, while it
|
|
||||||
executes desktop applications as processes owned by the user.
|
|
||||||
|
|
||||||
.SH SWAP
|
|
||||||
|
|
||||||
During "create" and "open" operation, swap will complain and \fIabort\fR if
|
|
||||||
your system has swap activated. This can be annoying, and you can disable this
|
|
||||||
behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
|
|
||||||
interested in knowing the risks of doing so:
|
|
||||||
.IP \(bu
|
|
||||||
During both creation and opening it could write your secret key on the disk
|
|
||||||
.IP \(bu
|
|
||||||
After having opened the tomb, an application you're using could swap file
|
|
||||||
contents. So you'll put file contents in clear on your disk
|
|
||||||
.P
|
|
||||||
|
|
||||||
If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
|
|
||||||
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
|
|
||||||
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
|
|
||||||
--ignore-swap at your own risk
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.SH BUGS
|
|
||||||
Please report bugs on the tracker at
|
|
||||||
.UR http://bugs.dyne.org
|
|
||||||
.UE
|
|
||||||
|
|
||||||
Get in touch with developers via mail using this
|
|
||||||
.UR http://dyne.org/contact
|
|
||||||
web page
|
|
||||||
.UE
|
|
||||||
or via chat on
|
|
||||||
.UR http://irc.dyne.org
|
|
||||||
.UE
|
|
||||||
|
|
||||||
.SH AUTHORS
|
|
||||||
|
|
||||||
Tomb is designed and written by Denis Roio aka Jaromil.
|
|
||||||
|
|
||||||
Tomb includes code by Anathema and Boyska.
|
|
||||||
|
|
||||||
Tomb's artwork is contributed by Jordi aka Mon Mort
|
|
||||||
|
|
||||||
Testing and reviews are contributed by Hellekin O. Wolf, Dreamer,
|
|
||||||
Shining, Mancausoft, Asbesto Molesto.
|
|
||||||
|
|
||||||
Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth
|
|
||||||
|
|
||||||
.SH COPYING
|
|
||||||
|
|
||||||
This manual is Copyleft (c) 2011 Denis Roio <\fIjaromil@dyne.org\fR>
|
|
||||||
|
|
||||||
It includes contributions by Boyska
|
|
||||||
|
|
||||||
Permission is granted to copy, distribute and/or modify this manual
|
|
||||||
under the terms of the GNU Free Documentation License, Version 1.1 or
|
|
||||||
any later version published by the Free Software Foundation.
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
|
||||||
manual page provided the above copyright notice and this permission
|
|
||||||
notice are preserved on all copies.
|
|
||||||
|
|
||||||
.SH AVAILABILITY
|
|
||||||
|
|
||||||
The most recent version of Tomb sourcecode and up to date
|
|
||||||
documentation is available for download from its website on
|
|
||||||
\fIhttp://tomb.dyne.org\fR.
|
|
||||||
|
|
||||||
.SH SEE ALSO
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP cryptsetup(8)
|
|
||||||
|
|
||||||
GnuPG website on http://www.gnupg.org
|
|
||||||
|
|
||||||
DM-Crypt website on http://www.saout.de/misc/dm-crypt
|
|
||||||
|
|
||||||
LUKS website, http://code.google.com/p/cryptsetup
|
|
@ -1,263 +0,0 @@
|
|||||||
.TH tomb 1 "Sept 26, 2011" "tomb"
|
|
||||||
|
|
||||||
.SH NAME
|
|
||||||
Tomb \- the Crypto Undertaker
|
|
||||||
|
|
||||||
.SH SYNOPSIS
|
|
||||||
.B
|
|
||||||
.IP "tomb [options] command [arguments]"
|
|
||||||
.B
|
|
||||||
.IP "tomb-open [file]"
|
|
||||||
.B
|
|
||||||
.IP "tomb-status mountpoint"
|
|
||||||
|
|
||||||
.SH DESCRIPTION
|
|
||||||
|
|
||||||
Tomb is an application to manage the creation and access of encrypted
|
|
||||||
storage files: it can be operated from commandline and it can
|
|
||||||
integrate with a user's graphical desktop.
|
|
||||||
|
|
||||||
Tomb generates encrypted storage files to be opened and closed using
|
|
||||||
their associated keys, which are also protected with a password chosen
|
|
||||||
by the user. To create, open and close tombs a user will need super
|
|
||||||
user rights to execute the tomb commandline utility.
|
|
||||||
|
|
||||||
A tomb is like a locked folder that can be safely transported and
|
|
||||||
hidden in a filesystem; it encourages users to keep their keys
|
|
||||||
separate from tombs, for instance keeping a tomb file on your computer
|
|
||||||
harddisk and its key file on a USB stick.
|
|
||||||
|
|
||||||
For simplified use, the command \fItomb-open\fR starts a wizard that
|
|
||||||
guides users in the creation of a new tomb or, if a tomb file is
|
|
||||||
specified as \fIargument\fR, it opens it and makes it accessible in a
|
|
||||||
default location under the /media folder, starting the status tray
|
|
||||||
applet (\fItomb-status\fR) if a desktop is present.
|
|
||||||
|
|
||||||
|
|
||||||
.SH COMMANDS
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "create"
|
|
||||||
Creates a new encrypted storage tomb and its key, named as specified
|
|
||||||
by the given \fIargument\fR.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "open"
|
|
||||||
Opens an existing tomb file specified in the \fIfirst argument\fR. If
|
|
||||||
a \fIsecond argument\fR is given it will indicate the \fImountpoint\fR
|
|
||||||
where the tomb should be made accessible, if not then the tomb is
|
|
||||||
mounted in a directory named after the filename and inside /media.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "list"
|
|
||||||
|
|
||||||
List all the tombs found open, including information about the time
|
|
||||||
they were opened and the hooks that they mounted. If the \fIfirst
|
|
||||||
argument\fR is present, then shows only the tomb named that way or
|
|
||||||
returns an error if its not found.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "close"
|
|
||||||
Closes a currently open tomb. When \fIan argument\fR is specified, it
|
|
||||||
should be the name of a mounted tomb; if not specified and only one
|
|
||||||
tomb is open then it will be closed; if multiple tombs are open, the
|
|
||||||
command will list them on the terminal. The special
|
|
||||||
\fIargument\fR 'all' will close all currently open tombs. This command
|
|
||||||
fails if the tomb is in use by running processes, the command
|
|
||||||
\fIslam\fR can be used to force close.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "passwd"
|
|
||||||
Changes the password of a tomb key file specified in the \fIfirst
|
|
||||||
argument\fR. It will need the old password to decode the key file, it
|
|
||||||
will then reencode it using the new password.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "slam"
|
|
||||||
Closes a tomb like the command \fIclose\fR does, but in case it is in
|
|
||||||
use looks for all the processes accessing its files and violently
|
|
||||||
kills them using \-9.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "bury"
|
|
||||||
Hides a tomb key (\fIfirst argument\fR) inside a jpeg image (\fIsecond
|
|
||||||
argument\fR) using steganography: the image will change in a way that
|
|
||||||
cannot be noticed by human eyes and the presence of the key inside it
|
|
||||||
isn't detectable without the right password. This option is useful to
|
|
||||||
backup tomb keys in unsuspected places; it uses steghide and the
|
|
||||||
serpent encryption algorithm.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "exhume"
|
|
||||||
Extracts a named tomb key (\fIfirst argument\fR) from a (jpeg) image file
|
|
||||||
(\fIsecond argument\fR) known to be containing it, if the right password is
|
|
||||||
given. This is used to recoved buried keys from unsuspected places.
|
|
||||||
|
|
||||||
.SH OPTIONS
|
|
||||||
.B
|
|
||||||
.B
|
|
||||||
.IP "-s \fI<MBytes>\fR"
|
|
||||||
When creating a tomb, this option MUST be used to specify the size of
|
|
||||||
the new \fIfile\fR to be created, in megabytes.
|
|
||||||
.B
|
|
||||||
.IP "-k \fI<keyfile>\fR"
|
|
||||||
When opening a tomb, this option can be used to specify the location
|
|
||||||
of the key to use. Keys are created with the same name of the tomb
|
|
||||||
file adding a '.gpg' suffix, but can be later renamed and transported
|
|
||||||
on other media. When a key is not found, the program asks to insert a
|
|
||||||
USB storage device and it will look for the key file inside it.
|
|
||||||
If \fI<keyfile>\fR is "-" (dash), it will read stdin
|
|
||||||
.IP
|
|
||||||
When creating a tomb, this option can be used to specify the name (and
|
|
||||||
location) of the key you are creating. For example, you could use
|
|
||||||
.EX
|
|
||||||
tomb create -s 100 tombname -k /media/usb/tombname
|
|
||||||
.EE
|
|
||||||
to put the key on a usb pendrive
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "-n"
|
|
||||||
Skip processing of post-hooks and bind-hooks if found inside the tomb.
|
|
||||||
See the \fIHOOKS\fR section in this manual for more information.
|
|
||||||
.B
|
|
||||||
.IP "-o"
|
|
||||||
Manually specify mount options to be used when opening a tomb instead
|
|
||||||
of the default \fIrw,noatime,nodev\fR. This option can be used to
|
|
||||||
mount a tomb read-only (ro) to prevent any modification of its data,
|
|
||||||
or to experiment with other settings (if you really know what you are
|
|
||||||
doing) see the mount(8) man page.
|
|
||||||
.B
|
|
||||||
.IP "--ignore-swap"
|
|
||||||
By default, Tomb will abort any create and open operation if swap is used (see
|
|
||||||
SWAP section for details). This flag will disable this behaviour. NOTE: it is
|
|
||||||
not secure to do so, unless you know that your swap is encrypted
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "-h"
|
|
||||||
Display a help text and quit
|
|
||||||
.B
|
|
||||||
.IP "-v"
|
|
||||||
Display version and quit
|
|
||||||
.B
|
|
||||||
.IP "-q"
|
|
||||||
Run more quietly
|
|
||||||
.B
|
|
||||||
.IP "-D"
|
|
||||||
Print more information while running, for debugging purposes
|
|
||||||
.B
|
|
||||||
.IP "--no-color"
|
|
||||||
Don't use colors; useful for old terminals or integration in other scripts
|
|
||||||
|
|
||||||
|
|
||||||
.SH HOOKS
|
|
||||||
|
|
||||||
Hooks are special files that can be placed inside the tomb and trigger
|
|
||||||
actions when it is opened and closed; there are two kinds of such
|
|
||||||
files: \fIbind-hooks\fR and \fIpost-hooks\fR can be placed in the
|
|
||||||
base root of the tomb.
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "bind-hooks"
|
|
||||||
This hook file consists of a simple two column list of files or
|
|
||||||
directories inside the tomb to be made directly accessible inside the
|
|
||||||
current user's home directory. Tomb will use the "mount \-o bind"
|
|
||||||
command to bind locations inside the tomb to locations found in $HOME
|
|
||||||
so in the first column are indicated paths relative to the tomb and in
|
|
||||||
the second column are indicated paths relative to $HOME contents, for
|
|
||||||
example:
|
|
||||||
|
|
||||||
mail mail
|
|
||||||
.gnupg .gnupg
|
|
||||||
.fmrc .fetchmailrc
|
|
||||||
.mozilla .mozilla
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP "post-hooks"
|
|
||||||
This hook file gets executed as user by tomb right after opening it;
|
|
||||||
it can consist of a shell script of a binary executable that performs
|
|
||||||
batch operations every time a tomb is opened.
|
|
||||||
|
|
||||||
.SH PRIVILEGE ESCALATION
|
|
||||||
|
|
||||||
The tomb commandline tool needs to acquire super user rights to
|
|
||||||
execute most of its operations: to do so it uses sudo(8), while
|
|
||||||
pinentry(1) is adopted to collect passwords from the user.
|
|
||||||
|
|
||||||
Tomb executes as super user only those commands requiring it, while it
|
|
||||||
executes desktop applications as processes owned by the user.
|
|
||||||
|
|
||||||
.SH SWAP
|
|
||||||
|
|
||||||
During "create" and "open" operation, swap will complain and \fIabort\fR if
|
|
||||||
your system has swap activated. This can be annoying, and you can disable this
|
|
||||||
behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
|
|
||||||
interested in knowing the risks of doing so:
|
|
||||||
.IP \(bu
|
|
||||||
During both creation and opening it could write your secret key on the disk
|
|
||||||
.IP \(bu
|
|
||||||
After having opened the tomb, an application you're using could swap file
|
|
||||||
contents. So you'll put file contents in clear on your disk
|
|
||||||
.P
|
|
||||||
|
|
||||||
If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
|
|
||||||
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
|
|
||||||
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
|
|
||||||
--ignore-swap at your own risk
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.SH BUGS
|
|
||||||
Please report bugs on the tracker at
|
|
||||||
.UR http://bugs.dyne.org
|
|
||||||
.UE
|
|
||||||
|
|
||||||
Get in touch with developers via mail using this
|
|
||||||
.UR http://dyne.org/contact
|
|
||||||
web page
|
|
||||||
.UE
|
|
||||||
or via chat on
|
|
||||||
.UR http://irc.dyne.org
|
|
||||||
.UE
|
|
||||||
|
|
||||||
.SH AUTHORS
|
|
||||||
|
|
||||||
Tomb is designed and written by Denis Roio aka Jaromil.
|
|
||||||
|
|
||||||
Tomb includes code by Anathema and Boyska.
|
|
||||||
|
|
||||||
Tomb's artwork is contributed by Jordi aka Mon Mort
|
|
||||||
|
|
||||||
Testing and reviews are contributed by Hellekin O. Wolf, Dreamer,
|
|
||||||
Shining, Mancausoft, Asbesto Molesto.
|
|
||||||
|
|
||||||
Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth
|
|
||||||
|
|
||||||
.SH COPYING
|
|
||||||
|
|
||||||
This manual is Copyleft (c) 2011 Denis Roio <\fIjaromil@dyne.org\fR>
|
|
||||||
|
|
||||||
It includes contributions by Boyska
|
|
||||||
|
|
||||||
Permission is granted to copy, distribute and/or modify this manual
|
|
||||||
under the terms of the GNU Free Documentation License, Version 1.1 or
|
|
||||||
any later version published by the Free Software Foundation.
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
|
||||||
manual page provided the above copyright notice and this permission
|
|
||||||
notice are preserved on all copies.
|
|
||||||
|
|
||||||
.SH AVAILABILITY
|
|
||||||
|
|
||||||
The most recent version of Tomb sourcecode and up to date
|
|
||||||
documentation is available for download from its website on
|
|
||||||
\fIhttp://tomb.dyne.org\fR.
|
|
||||||
|
|
||||||
.SH SEE ALSO
|
|
||||||
|
|
||||||
.B
|
|
||||||
.IP cryptsetup(8)
|
|
||||||
|
|
||||||
GnuPG website on http://www.gnupg.org
|
|
||||||
|
|
||||||
DM-Crypt website on http://www.saout.de/misc/dm-crypt
|
|
||||||
|
|
||||||
LUKS website, http://code.google.com/p/cryptsetup
|
|
@ -1,6 +0,0 @@
|
|||||||
|
|
||||||
Here use our git submodule dyne-web-tmpl-muse to build the webpage:
|
|
||||||
|
|
||||||
git submodule init
|
|
||||||
git submodule update
|
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
Subproject commit 3dac79f2a33ff4048f7684c4ddfe4f114ac0c06c
|
|
@ -1,6 +0,0 @@
|
|||||||
; simple website settings
|
|
||||||
(provide 'dyne-config)
|
|
||||||
|
|
||||||
(set 'name "Tomb")
|
|
||||||
|
|
||||||
(set 'url "http://tomb.dyne.org")
|
|
Before Width: | Height: | Size: 74 KiB |
Before Width: | Height: | Size: 14 KiB |
Before Width: | Height: | Size: 766 B |
Before Width: | Height: | Size: 76 KiB |
Before Width: | Height: | Size: 446 B |
Before Width: | Height: | Size: 48 KiB |
Before Width: | Height: | Size: 74 KiB |
@ -1,330 +0,0 @@
|
|||||||
#title Tomb - The Crypto Undertaker
|
|
||||||
#author Jaromil
|
|
||||||
|
|
||||||
<contents>
|
|
||||||
|
|
||||||
* Tomb - Crypto Undertaker
|
|
||||||
|
|
||||||
<class name="logo">
|
|
||||||
[[images/tomb_n_bats.png]]
|
|
||||||
</class>
|
|
||||||
|
|
||||||
Tomb is a simple tool to manage **encrypted storage** on GNU/Linux, from
|
|
||||||
the *hashes* of the [[http://dynebolic.org][dyne:bolic]] nesting mechanism.
|
|
||||||
|
|
||||||
Tomb aims to be an **100% free** and open source system for easy
|
|
||||||
encryption and backup of personal files, written in code that is easy
|
|
||||||
to review and links commonly shared components.
|
|
||||||
|
|
||||||
Tomb generates encrypted storage files to be opened and closed using
|
|
||||||
their associated keyfiles, which are also protected with a password
|
|
||||||
chosen by the user.
|
|
||||||
|
|
||||||
A tomb is like a locked folder that can be safely transported and
|
|
||||||
hidden in a filesystem; its keys can be kept separate, for instance
|
|
||||||
keeping the tomb file on your computer harddisk and the key files on a
|
|
||||||
USB stick.
|
|
||||||
|
|
||||||
** Documentation
|
|
||||||
|
|
||||||
"*All I know is what the words know, and dead things, and that makes
|
|
||||||
a handsome little sum, with a beginning and a middle and an end, as
|
|
||||||
in the well-built phrase and the long sonata of the dead.*"
|
|
||||||
Samuel Beckett
|
|
||||||
|
|
||||||
First of all the usual info you'd expect a software to provide:
|
|
||||||
|
|
||||||
- [[README]]
|
|
||||||
- [[ChangeLog]]
|
|
||||||
- [[TODO]]
|
|
||||||
- [[AUTHORS]]
|
|
||||||
|
|
||||||
And more below, read on...
|
|
||||||
|
|
||||||
*** How does it works
|
|
||||||
|
|
||||||
[[images/monmort.png]]
|
|
||||||
|
|
||||||
Tombs are operated from a normal file browser or from the commandline.
|
|
||||||
|
|
||||||
To open a tomb is sufficient to click on it, or use the command **tomb-open**
|
|
||||||
|
|
||||||
When a tomb is open your panel will have a little icon in the tray
|
|
||||||
reminding you that a tomb is open, offering to explore it or close it.
|
|
||||||
|
|
||||||
|
|
||||||
To make safety copies of your keys, tomb lets you "bury a key" inside
|
|
||||||
an image (using steganography techniques) and of course "exhume"
|
|
||||||
buried keys from pictures where they are hidden. Actually it is very
|
|
||||||
hard to guess when something is hidden inside a picture without
|
|
||||||
knowing the password used in steganography.
|
|
||||||
|
|
||||||
[[images/awesome-shot.png]]
|
|
||||||
|
|
||||||
See the [[manual.html][manpage]] for more information on how to operate Tomb from the
|
|
||||||
text terminal.
|
|
||||||
<example>
|
|
||||||
Tomb 1.1 - a strong and gentle undertaker for your secrets
|
|
||||||
|
|
||||||
Syntax: tomb [options] command [file] [place]
|
|
||||||
|
|
||||||
Commands:
|
|
||||||
|
|
||||||
create create a new tomb FILE and its keys
|
|
||||||
open open an existing tomb FILE on PLACE
|
|
||||||
list list all open tombs or the one called FILE
|
|
||||||
close close the open tomb called FILE (or all)
|
|
||||||
slam close tomb FILE and kill all pids using it
|
|
||||||
|
|
||||||
Options:
|
|
||||||
|
|
||||||
-s size of the tomb file when creating one (in MB)
|
|
||||||
-k path to the key to use for opening a tomb
|
|
||||||
-n don't process the hooks found in tomb
|
|
||||||
-o mount options used to open (default: rw,noatime,nodev)
|
|
||||||
|
|
||||||
-h print this help
|
|
||||||
-v version information for this tool
|
|
||||||
-q run quietly without printing informations
|
|
||||||
-D print debugging information at runtime
|
|
||||||
</example>
|
|
||||||
|
|
||||||
|
|
||||||
**** More sources of information
|
|
||||||
|
|
||||||
Tomb's documentation is being actively written as we speak, you will
|
|
||||||
find some more informations about it on the wiki found on
|
|
||||||
[[http://github.com/dyne/Tomb][github.com/dyne/Tomb]] as well on the one on [[http://crypto.is][crypto.is]].
|
|
||||||
|
|
||||||
|
|
||||||
*** Who needs Tomb
|
|
||||||
|
|
||||||
"*Democracy requires Privacy as much as Freedom of Expression.*" Anonymous
|
|
||||||
|
|
||||||
Our target community are desktop users with no time to click around,
|
|
||||||
sometimes using old or borrowed computers, operating in places
|
|
||||||
endangered by conflict where a leak of personal data can be a threat.
|
|
||||||
|
|
||||||
If you can't own a laptop then it's possible to go around with a USB
|
|
||||||
stick and borrow computers, still leaving no trace and keeping your
|
|
||||||
data safe during transports. Tomb aims to facilitate all this and to
|
|
||||||
be interoperable across popular GNU/Linux operating systems.
|
|
||||||
|
|
||||||
|
|
||||||
The internet offers plenty of free services, on the wave of the Web2.0
|
|
||||||
fuzz and the community boom, while all private informations are hosted
|
|
||||||
on servers owned by global corporations and monopolies.
|
|
||||||
|
|
||||||
It is important to keep in mind that no-one else better than *you* can
|
|
||||||
ensure the privacy of your personal data. Server hosted services and
|
|
||||||
web integrated technologies gather all data into huge information
|
|
||||||
pools that are made available to established economical and cultural
|
|
||||||
regimes.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
**This software urges you to reflect on the importance of your
|
|
||||||
privacy**. World is full of prevarication and political imprisonments,
|
|
||||||
war rages in several places and media is mainly used for propaganda by
|
|
||||||
the powers in charge. Some of us face the dangers of being tracked by
|
|
||||||
oppressors opposing our self definition, independent thinking and
|
|
||||||
resistance to omologation.
|
|
||||||
|
|
||||||
<verse>
|
|
||||||
|
|
||||||
"The distinction between what is public and what is private is
|
|
||||||
becoming more and more blurred with the increasing intrusiveness of
|
|
||||||
the media and advances in electronic technology. While this
|
|
||||||
distinction is always the outcome of continuous cultural
|
|
||||||
negotiation, it continues to be critical, for where nothing is
|
|
||||||
private, democracy becomes impossible."
|
|
||||||
|
|
||||||
(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]])
|
|
||||||
</verse>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
*** Aren't there enough encryption tools already?
|
|
||||||
|
|
||||||
[[images/foster_privacy.png]]
|
|
||||||
|
|
||||||
We've felt the urgency of publishing Tomb for other operating systems
|
|
||||||
than dyne:bolic since the current situation in personal desktop
|
|
||||||
encryption is far from optimal.
|
|
||||||
|
|
||||||
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
|
|
||||||
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
|
|
||||||
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
|
|
||||||
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
|
|
||||||
|
|
||||||
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
|
|
||||||
advantage consists in not needing root access on the machine it's
|
|
||||||
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
|
|
||||||
implements weaker encryption than dm-crypt and it doesn't promotes the
|
|
||||||
separated storage of keys.
|
|
||||||
|
|
||||||
At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian
|
|
||||||
and Ubuntu adopt encryption algorithms as strong as Tomb does, but
|
|
||||||
they need to be configured when the machine is installed, they cannot
|
|
||||||
be easily transported and again they don't promote separated storage
|
|
||||||
of keys.
|
|
||||||
|
|
||||||
With Tomb we try to overcome all these limitations providing strong
|
|
||||||
encryption, encouraging users to separate keys from data and letting
|
|
||||||
them transport tombs around easily. Also to facilitate auditing and
|
|
||||||
customization we intend to:
|
|
||||||
|
|
||||||
- write short and readable code, linking shared libs
|
|
||||||
- provide easy to use graphical interfaces and desktop integration
|
|
||||||
- keep the development process open and distributed using GIT
|
|
||||||
- distribute Tomb under the GNU General Public License v3
|
|
||||||
|
|
||||||
If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]].
|
|
||||||
|
|
||||||
*** Where do we learn more from
|
|
||||||
|
|
||||||
Here below some articles that are useful to understand Tomb more in
|
|
||||||
detail and to get in touch with the difficult job of a Crypto
|
|
||||||
Undertaker:
|
|
||||||
|
|
||||||
- [[TKS1-draft.pdf][TKS1 - An anti-forensic, two level, and iterated key setup scheme]]
|
|
||||||
- [[New_methods_in_HD_encryption.pdf][New Methods in Hard Disk Encryption]]
|
|
||||||
- [[Luks_on_disk_format.pdf][LUKS On-Disk Format Specification]]
|
|
||||||
- [[LinuxHDEncSettings.txt][Linux hard disk encryption settings]]
|
|
||||||
|
|
||||||
|
|
||||||
** Downloads
|
|
||||||
|
|
||||||
For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
|
|
||||||
|
|
||||||
Below a list of formats you can download this application: ready to be
|
|
||||||
run with some of the interfaces developed, as a library you can use to
|
|
||||||
build your own application and as source code you can study.
|
|
||||||
|
|
||||||
|
|
||||||
*** Debian and Ubuntu GNU/Linux
|
|
||||||
|
|
||||||
Visit our brand new [[http://apt.dyne.org][APT.dyne.org]] repository, there you can tune into
|
|
||||||
our software channel via an easy to use installer, so you can always
|
|
||||||
stay up to date with our **freshly brewed software, from the upstream
|
|
||||||
tap!**
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
*** Arch GNU/Linux and derivatives
|
|
||||||
|
|
||||||
Tomb is [[https://aur.archlinux.org/packages.php?ID=48257][packaged in AUR]], check it out !
|
|
||||||
|
|
||||||
|
|
||||||
*** Source Code
|
|
||||||
|
|
||||||
Latest stable release is 1.1 (May 2011), see the [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]].
|
|
||||||
|
|
||||||
Source releases are signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]] and MD5 hashes.
|
|
||||||
|
|
||||||
On [[http://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you can find all present and past Tomb releases,
|
|
||||||
plus binaries that are occasionally built for various architectures.
|
|
||||||
|
|
||||||
The bleeding edge version is developed on [[http://github.com/dyne/Tomb][GitHub/dyne/Tomb]]: you can
|
|
||||||
clone the repository free and anonymously, as well contribute to
|
|
||||||
development interacting with us via GitHub (fork, code and then
|
|
||||||
request a pull).
|
|
||||||
|
|
||||||
To compile fresh code out of Git you first have to generate the
|
|
||||||
auto-tools build environment giving the command:
|
|
||||||
|
|
||||||
<example>
|
|
||||||
autoreconf -i
|
|
||||||
</example>
|
|
||||||
|
|
||||||
and then you can proceed with the usual configure && make mantra, may
|
|
||||||
the source be with you.
|
|
||||||
|
|
||||||
|
|
||||||
*** App1e/O$X
|
|
||||||
|
|
||||||
There are several possibilities of porting Tomb to run on those
|
|
||||||
expensive and fancy-schmancy toys.
|
|
||||||
|
|
||||||
A good plan can be that of using TrueCrypt's version of cryptsetup
|
|
||||||
which seems to be already ported for the purpose, with a bit of
|
|
||||||
desktop integration and shell scripting it should be all set,
|
|
||||||
[[http://dyne.org/contact][let us know]] if you like to join our team on this task.
|
|
||||||
|
|
||||||
|
|
||||||
*** Win$loth
|
|
||||||
|
|
||||||
There are rumored plans to port Tomb on Win or at least make it
|
|
||||||
possible to open tomb files under Win: this could be possible
|
|
||||||
especially using [[http://www.freeotfe.org][FReeOTFE]] or adding compatibility in [[http://www.sdean12.org/SecureTrayUtil.htm][SecureTrayUtil]]
|
|
||||||
and contributions are welcome in those directions.
|
|
||||||
|
|
||||||
However we strongly **encourage people in need of strong encryption to
|
|
||||||
not use Winslows**, or at least to not generate encrypted partitions
|
|
||||||
with it, since it can contain backdoors in the random number
|
|
||||||
generation, as pointed by Bruce Schneier and Niels Ferguson in this
|
|
||||||
[[http://www.schneier.com/essay-198.html][short essay about the Dual_EC_DRBG]].
|
|
||||||
|
|
||||||
|
|
||||||
** Development
|
|
||||||
|
|
||||||
|
|
||||||
*** Stage of development
|
|
||||||
|
|
||||||
Tomb is an evolution of the 'mknest' tool developed for the [[http://dynebolic.org][dyne:bolic]]
|
|
||||||
GNU/Linux distribution, which is used by its 'nesting' mechanism to
|
|
||||||
encrypt the Home directory of users.
|
|
||||||
|
|
||||||
As such, it uses well tested and reviewed routines and its shell code
|
|
||||||
is pretty readable. The name transition from 'mknest' to 'tomb' is
|
|
||||||
marked by the adaptation of mknest to work on Debian based operating
|
|
||||||
systems.
|
|
||||||
|
|
||||||
At present time Tomb is easy to install and use, it mainly consists of
|
|
||||||
a Shell script and some auxiliary C code for desktop integration
|
|
||||||
(GTK), making use of GNU tools and the cryptographic API of the Linux
|
|
||||||
kernel.
|
|
||||||
|
|
||||||
*** People involved
|
|
||||||
|
|
||||||
[[images/tomb_crew_hkm11.jpg]]
|
|
||||||
|
|
||||||
Tomb is designed and written by [[http://jaromil.dyne.org][Jaromil]].
|
|
||||||
|
|
||||||
Tomb's artwork is contributed by [[http://monmort.blogspot.com][Món Mort]].
|
|
||||||
|
|
||||||
Tomb includes code by Anathema and Boyska.
|
|
||||||
|
|
||||||
Testing and reviews are contributed by Hellekin O. Wolf, Dreamer,
|
|
||||||
Shining, Mancausoft, Asbesto Molesto.
|
|
||||||
|
|
||||||
Most research we refer to is documented by Clemens Fruhwirth who also
|
|
||||||
developed Cryptsetup together with Christophe Saout.
|
|
||||||
|
|
||||||
Here below a cheerful picture of Tomb's developers meeting at the
|
|
||||||
[[http://http://hackmeeting.org][hackmeeting]] 2011 in Firenze...
|
|
||||||
|
|
||||||
|
|
||||||
*** How can you help
|
|
||||||
|
|
||||||
Code is pretty short and readable: start looking around it and the
|
|
||||||
materials found in doc/ which are good pointers at security measures
|
|
||||||
to be further implemented.
|
|
||||||
|
|
||||||
Have a look in the TODO file to see what our plans are.
|
|
||||||
|
|
||||||
At the moment we can use some good help in porting this tool on
|
|
||||||
M$/Windows and Apple/OSX, still keeping the minimal approach we all
|
|
||||||
love: write short code and make it readable.
|
|
||||||
|
|
||||||
Please report any issue you encounter on [[http://github.com/dyne/Tomb][github.com/dyne/Tomb]]
|
|
||||||
|
|
||||||
|
|
||||||
Get in touch with developers via mail using this web page
|
|
||||||
[[http://dyne.org/contact][dyne.org/contact]] or via chat on [[http://irc.dyne.org][irc.dyne.org]] channel #tomb
|
|
||||||
|
|
||||||
We do have a mailinglist too, but its in Italian language, just
|
|
||||||
contact us if you like to subscribe.
|
|
||||||
|
|
@ -1,348 +0,0 @@
|
|||||||
Content-type: text/html
|
|
||||||
|
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
||||||
<HTML><HEAD><TITLE>Man page of tomb</TITLE>
|
|
||||||
</HEAD><BODY>
|
|
||||||
<H1>tomb</H1>
|
|
||||||
Section: User Commands (1)<BR>Updated: Sept 26, 2011<BR><A HREF="#index">Index</A>
|
|
||||||
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAB"> </A>
|
|
||||||
<H2>NAME</H2>
|
|
||||||
|
|
||||||
Tomb - the Crypto Undertaker
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAC"> </A>
|
|
||||||
<H2>SYNOPSIS</H2>
|
|
||||||
|
|
||||||
<B><DL COMPACT>
|
|
||||||
<DT>tomb [options] command [arguments]<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
<B><DT>tomb-open [file]<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
<B><DT>tomb-status mountpoint<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
</DL>
|
|
||||||
<A NAME="lbAD"> </A>
|
|
||||||
<H2>DESCRIPTION</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
Tomb is an application to manage the creation and access of encrypted
|
|
||||||
storage files: it can be operated from commandline and it can
|
|
||||||
integrate with a user's graphical desktop.
|
|
||||||
<P>
|
|
||||||
Tomb generates encrypted storage files to be opened and closed using
|
|
||||||
their associated keys, which are also protected with a password chosen
|
|
||||||
by the user. To create, open and close tombs a user will need super
|
|
||||||
user rights to execute the tomb commandline utility.
|
|
||||||
<P>
|
|
||||||
A tomb is like a locked folder that can be safely transported and
|
|
||||||
hidden in a filesystem; it encourages users to keep their keys
|
|
||||||
separate from tombs, for instance keeping a tomb file on your computer
|
|
||||||
harddisk and its key file on a USB stick.
|
|
||||||
<P>
|
|
||||||
For simplified use, the command <I>tomb-open</I> starts a wizard that
|
|
||||||
guides users in the creation of a new tomb or, if a tomb file is
|
|
||||||
specified as <I>argument</I>, it opens it and makes it accessible in a
|
|
||||||
default location under the /media folder, starting the status tray
|
|
||||||
applet (<I>tomb-status</I>) if a desktop is present.
|
|
||||||
<P>
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAE"> </A>
|
|
||||||
<H2>COMMANDS</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<B><DL COMPACT>
|
|
||||||
<DT>create<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Creates a new encrypted storage tomb and its key, named as specified
|
|
||||||
by the given <I>argument</I>.
|
|
||||||
<P>
|
|
||||||
<B><DT>open<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Opens an existing tomb file specified in the <I>first argument</I>. If
|
|
||||||
a <I>second argument</I> is given it will indicate the <I>mountpoint</I>
|
|
||||||
where the tomb should be made accessible, if not then the tomb is
|
|
||||||
mounted in a directory named after the filename and inside /media.
|
|
||||||
<P>
|
|
||||||
<B><DT>list<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
List all the tombs found open, including information about the time
|
|
||||||
they were opened and the hooks that they mounted. If the <I>first
|
|
||||||
argument</I> is present, then shows only the tomb named that way or
|
|
||||||
returns an error if its not found.
|
|
||||||
<P>
|
|
||||||
<B><DT>close<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Closes a currently open tomb. When <I>an argument</I> is specified, it
|
|
||||||
should be the name of a mounted tomb; if not specified and only one
|
|
||||||
tomb is open then it will be closed; if multiple tombs are open, the
|
|
||||||
command will list them on the terminal. The special
|
|
||||||
<I>argument</I> 'all' will close all currently open tombs. This command
|
|
||||||
fails if the tomb is in use by running processes, the command
|
|
||||||
<I>slam</I> can be used to force close.
|
|
||||||
<P>
|
|
||||||
<B><DT>slam<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Closes a tomb like the command <I>close</I> does, but in case it is in
|
|
||||||
use looks for all the processes accessing its files and violently
|
|
||||||
kills them using -9.
|
|
||||||
<P>
|
|
||||||
<B><DT>bury<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Hides a tomb key (<I>first argument</I>) inside a jpeg image (<I>second
|
|
||||||
argument</I>) using steganography: the image will change in a way that
|
|
||||||
cannot be noticed by human eyes and the presence of the key inside it
|
|
||||||
isn't detectable without the right password. This option is useful to
|
|
||||||
backup tomb keys in unsuspected places; it uses steghide and the
|
|
||||||
serpent encryption algorithm.
|
|
||||||
<P>
|
|
||||||
<B><DT>exhume<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Extracts a named tomb key (<I>first argument</I>) from a (jpeg) image file
|
|
||||||
(<I>second argument</I>) known to be containing it, if the right password is
|
|
||||||
given. This is used to recoved buried keys from unsuspected places.
|
|
||||||
<P>
|
|
||||||
</DL>
|
|
||||||
<A NAME="lbAF"> </A>
|
|
||||||
<H2>OPTIONS</H2>
|
|
||||||
|
|
||||||
<B><DL COMPACT>
|
|
||||||
<DT>-s </B><I><MBytes></I><DD>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
When creating a tomb, this option MUST be used to specify the size of
|
|
||||||
the new <I>file</I> to be created, in megabytes.
|
|
||||||
<B><DT>-k </B><I><keyfile></I><DD>
|
|
||||||
|
|
||||||
|
|
||||||
When opening a tomb, this option can be used to specify the location
|
|
||||||
of the key to use. Keys are created with the same name of the tomb
|
|
||||||
file adding a '.gpg' suffix, but can be later renamed and transported
|
|
||||||
on other media. When a key is not found, the program asks to insert a
|
|
||||||
USB storage device and it will look for the key file inside it.
|
|
||||||
If <I><keyfile></I> is "-" (dash), it will read stdin
|
|
||||||
<DT><DD>
|
|
||||||
When creating a tomb, this option can be used to specify the name (and
|
|
||||||
location) of the key you are creating. For example, you could use
|
|
||||||
|
|
||||||
tomb create -s 100 tombname -k /media/usb/tombname
|
|
||||||
|
|
||||||
to put the key on a usb pendrive
|
|
||||||
<P>
|
|
||||||
<B><DT>-n<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Skip processing of post-hooks and bind-hooks if found inside the tomb.
|
|
||||||
See the <I>HOOKS</I> section in this manual for more information.
|
|
||||||
<B><DT>-o<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Manually specify mount options to be used when opening a tomb instead
|
|
||||||
of the default <I>rw,noatime,nodev</I>. This option can be used to
|
|
||||||
mount a tomb read-only (ro) to prevent any modification of its data,
|
|
||||||
or to experiment with other settings (if you really know what you are
|
|
||||||
doing) see the <A HREF="/cgi-bin/man/man2html?8+mount">mount</A>(8) man page.
|
|
||||||
<B><DT>--ignore-swap<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
By default, Tomb will abort any create and open operation if swap is used (see
|
|
||||||
SWAP section for details). This flag will disable this behaviour. NOTE: it is
|
|
||||||
not secure to do so, unless you know that your swap is encrypted
|
|
||||||
<P>
|
|
||||||
<B><DT>-h<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Display a help text and quit
|
|
||||||
<B><DT>-v<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Display version and quit
|
|
||||||
<B><DT>-q<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
Run more quietly
|
|
||||||
<DT>-D<DD>
|
|
||||||
Print more information while running, for debugging purposes
|
|
||||||
<P>
|
|
||||||
<P>
|
|
||||||
</DL>
|
|
||||||
<A NAME="lbAG"> </A>
|
|
||||||
<H2>HOOKS</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
Hooks are special files that can be placed inside the tomb and trigger
|
|
||||||
actions when it is opened and closed; there are two kinds of such
|
|
||||||
files: <I>bind-hooks</I> and <I>post-hooks</I> can be placed in the
|
|
||||||
base root of the tomb.
|
|
||||||
<P>
|
|
||||||
<B><DL COMPACT>
|
|
||||||
<DT>bind-hooks<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
This hook file consists of a simple two column list of files or
|
|
||||||
directories inside the tomb to be made directly accessible inside the
|
|
||||||
current user's home directory. Tomb will use the "mount -o bind"
|
|
||||||
command to bind locations inside the tomb to locations found in $HOME
|
|
||||||
so in the first column are indicated paths relative to the tomb and in
|
|
||||||
the second column are indicated paths relative to $HOME contents, for
|
|
||||||
example:
|
|
||||||
<P>
|
|
||||||
<BR> mail mail
|
|
||||||
<BR> .gnupg .gnupg
|
|
||||||
<BR> .fmrc .fetchmailrc
|
|
||||||
<BR> .mozilla .mozilla
|
|
||||||
<P>
|
|
||||||
<B><DT>post-hooks<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
This hook file gets executed as user by tomb right after opening it;
|
|
||||||
it can consist of a shell script of a binary executable that performs
|
|
||||||
batch operations every time a tomb is opened.
|
|
||||||
<P>
|
|
||||||
</DL>
|
|
||||||
<A NAME="lbAH"> </A>
|
|
||||||
<H2>PRIVILEGE ESCALATION</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
The tomb commandline tool needs to acquire super user rights to
|
|
||||||
execute most of its operations: to do so it uses <A HREF="/cgi-bin/man/man2html?8+sudo">sudo</A>(8), while
|
|
||||||
<A HREF="/cgi-bin/man/man2html?1+pinentry">pinentry</A>(1) is adopted to collect passwords from the user.
|
|
||||||
<P>
|
|
||||||
Tomb executes as super user only those commands requiring it, while it
|
|
||||||
executes desktop applications as processes owned by the user.
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAI"> </A>
|
|
||||||
<H2>SWAP</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
During "create" and "open" operation, swap will complain and <I>abort</I> if
|
|
||||||
your system has swap activated. This can be annoying, and you can disable this
|
|
||||||
behaviour using <I>--ignore-swap</I>. Before doing that, however, you may be
|
|
||||||
interested in knowing the risks of doing so:
|
|
||||||
<DL COMPACT>
|
|
||||||
<DT>•<DD>
|
|
||||||
During both creation and opening it could write your secret key on the disk
|
|
||||||
<DT>•<DD>
|
|
||||||
After having opened the tomb, an application you're using could swap file
|
|
||||||
contents. So you'll put file contents in clear on your disk
|
|
||||||
</DL>
|
|
||||||
<P>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
If you don't need swap, execute <I> swapoff -a</I>. If you really need it, you
|
|
||||||
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
|
|
||||||
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
|
|
||||||
--ignore-swap at your own risk
|
|
||||||
<P>
|
|
||||||
<P>
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAJ"> </A>
|
|
||||||
<H2>BUGS</H2>
|
|
||||||
|
|
||||||
Please report bugs on the tracker at
|
|
||||||
|
|
||||||
|
|
||||||
<P>
|
|
||||||
Get in touch with developers via mail using this
|
|
||||||
|
|
||||||
web page
|
|
||||||
|
|
||||||
or via chat on
|
|
||||||
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAK"> </A>
|
|
||||||
<H2>AUTHORS</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
Tomb is designed and written by Denis Roio aka Jaromil.
|
|
||||||
<P>
|
|
||||||
Tomb includes code by Hellekin O. Wolf, Anathema and Boyska.
|
|
||||||
<P>
|
|
||||||
Tomb's artwork is contributed by Jordi aka Mon Mort
|
|
||||||
<P>
|
|
||||||
Testing and reviews are contributed by Dreamer, Shining, Mancausoft,
|
|
||||||
Asbesto Molesto.
|
|
||||||
<P>
|
|
||||||
Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAL"> </A>
|
|
||||||
<H2>COPYING</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
This manual is Copyleft (c) 2011 Denis Roio <<I><A HREF="mailto:jaromil@dyne.org">jaromil@dyne.org</A></I>>
|
|
||||||
<P>
|
|
||||||
It includes contributions by Boyska
|
|
||||||
<P>
|
|
||||||
Permission is granted to copy, distribute and/or modify this manual
|
|
||||||
under the terms of the GNU Free Documentation License, Version 1.1 or
|
|
||||||
any later version published by the Free Software Foundation.
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
|
||||||
manual page provided the above copyright notice and this permission
|
|
||||||
notice are preserved on all copies.
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAM"> </A>
|
|
||||||
<H2>AVAILABILITY</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
The most recent version of Tomb sourcecode and up to date
|
|
||||||
documentation is available for download from its website on
|
|
||||||
<I><A HREF="http://tomb.dyne.org">http://tomb.dyne.org</A></I>.
|
|
||||||
<P>
|
|
||||||
<A NAME="lbAN"> </A>
|
|
||||||
<H2>SEE ALSO</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<B><DL COMPACT>
|
|
||||||
<DT><A HREF="/cgi-bin/man/man2html?8+cryptsetup">cryptsetup</A>(8)<DD>
|
|
||||||
</B>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
GnuPG website on <A HREF="http://www.gnupg.org">http://www.gnupg.org</A>
|
|
||||||
<P>
|
|
||||||
DM-Crypt website on <A HREF="http://www.saout.de/misc/dm-crypt">http://www.saout.de/misc/dm-crypt</A>
|
|
||||||
<P>
|
|
||||||
LUKS website, <A HREF="http://code.google.com/p/cryptsetup">http://code.google.com/p/cryptsetup</A>
|
|
||||||
<P>
|
|
||||||
</DL>
|
|
||||||
|
|
||||||
<HR>
|
|
||||||
<A NAME="index"> </A><H2>Index</H2>
|
|
||||||
<DL>
|
|
||||||
<DT><A HREF="#lbAB">NAME</A><DD>
|
|
||||||
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
||||||
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
||||||
<DT><A HREF="#lbAE">COMMANDS</A><DD>
|
|
||||||
<DT><A HREF="#lbAF">OPTIONS</A><DD>
|
|
||||||
<DT><A HREF="#lbAG">HOOKS</A><DD>
|
|
||||||
<DT><A HREF="#lbAH">PRIVILEGE ESCALATION</A><DD>
|
|
||||||
<DT><A HREF="#lbAI">SWAP</A><DD>
|
|
||||||
<DT><A HREF="#lbAJ">BUGS</A><DD>
|
|
||||||
<DT><A HREF="#lbAK">AUTHORS</A><DD>
|
|
||||||
<DT><A HREF="#lbAL">COPYING</A><DD>
|
|
||||||
<DT><A HREF="#lbAM">AVAILABILITY</A><DD>
|
|
||||||
<DT><A HREF="#lbAN">SEE ALSO</A><DD>
|
|
||||||
</DL>
|
|
||||||
<HR>
|
|
||||||
This document was created by
|
|
||||||
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
||||||
using the manual pages.<BR>
|
|
||||||
Time: 10:33:09 GMT, September 26, 2011
|
|
||||||
</BODY>
|
|
||||||
</HTML>
|
|
Before Width: | Height: | Size: 25 KiB After Width: | Height: | Size: 25 KiB |
Before Width: | Height: | Size: 446 B After Width: | Height: | Size: 446 B |
Before Width: | Height: | Size: 8.6 KiB After Width: | Height: | Size: 8.6 KiB |
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 187 KiB After Width: | Height: | Size: 187 KiB |
Before Width: | Height: | Size: 164 KiB After Width: | Height: | Size: 164 KiB |