diff --git a/AUTHORS.md b/AUTHORS.md index 3a9d012..1b73dd7 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -7,7 +7,7 @@ Tomb is written and maintained since 2007 by Denis Roio Tomb includes code and advices by Anathema, Boyska, Hellekin O. Wolf, Daniel Rodriguez, Parazyd and Alexandre Pujol. -The 'gtomb' minimal GUI is being written by Parazyd. +The 'gtomb' GUI based on Zenity is written by Parazyd. The Qt5 desktop tray GUI is written by Gianluca Montecchi. diff --git a/ChangeLog.md b/ChangeLog.md index d7db232..3048147 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,5 +1,26 @@ # Tomb ChangeLog +## 2.5 +### January 2018 + +This is mostly a bugfix release, including two internal +refactorings. An important change is the re-introduction (since v2.3) +of ownership change of all files inside tombs, to facilitate single +user usage, which is now default and can be prevented using the '-p' +flag on 'open' commands. The first refactoring concerns the test +units, now using the 'sharness' framework. The other refactoring +concerns 'post-hooks' now renamed to 'exec-hooks' and launched on +'open' and 'close' commands with a defined set of arguments. Another +internal change concerns the use of 'findmnt' instead of parsing the +output of 'mount -l', which grants compatibility with more recent +versions of util-linux. A fix was made to the 'slam' command for a +better process detection and the introduction of a new 'ps' command to +just list processes using tombs. Another fix was made to support tomb +hidden filenames (starting with a dot) without any extension. Some +more minor fixes were made to messaging and translations, plus all the +documentation is updated. + + ## 2.4 ### April 2017 diff --git a/README.md b/README.md index c49fab9..4278b2d 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ Get the stable .tar.gz signed release for production use! Download it from https://files.dyne.org/tomb +For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md). + ![tomb's logo](https://github.com/dyne/Tomb/blob/master/extras/images/monmort.png) [![Build Status](https://travis-ci.org/dyne/Tomb.svg?branch=master)](https://travis-ci.org/dyne/Tomb) @@ -44,6 +46,8 @@ output to facilitate its use inside graphical applications. # How does it work? +![tomb and bats](https://github.com/dyne/Tomb/blob/master/extras/images/tomb_and_bats.png) + To create a Tomb, do: ``` $ tomb dig -s 100 secret.tomb @@ -63,8 +67,6 @@ or if you are in a hurry $ tomb slam all ``` -For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md). - ``` Syntax: tomb [options] command [arguments] @@ -198,6 +200,8 @@ some are developed by Dyne.org, but some also by third parties. - [qt-tray](extras/qt-tray) is a graphical tray icon for QT panels - [tomber](extras/tomber) is a wrapper to use Tomb in Python scripts +![skulls and pythons](https://github.com/dyne/Tomb/blob/master/extras/images/python_for_tomb.png) + ### External applications - [Secrets](https://secrets.dyne.org) is a software that can be operated on-line and on-site to split a Tomb key in shares to be distributed to peers: some of them have to agree to combine back the shares in order to retrieve the key. @@ -255,6 +259,8 @@ So be warned: do not use the latest Git version in production environments, but use a stable release versioned and packed as tarball on https://files.dyne.org/tomb +![Day of the dead](https://github.com/dyne/Tomb/blob/master/extras/images/DayOfTheDead.jpg) + # How can you help Donations are very welcome, please go to https://www.dyne.org/donate diff --git a/doc/TODO.org b/doc/TODO.org index 8495ecc..b5606a4 100644 --- a/doc/TODO.org +++ b/doc/TODO.org @@ -9,8 +9,14 @@ Roadmap notes: * Release 3.0 +*** [#A] integrate the zenroom for custom crypto functions + https://decodeproject.github.io/lua-zenroom + +*** [#A] study cryptsetup 2.0 and integrate it + + In particular kernel keystore functionalities + *** [#A] support BtrFS and snapshots -*** [#A] system to split passwords in parts (ssss) *** [#B] modular encryption system support to go beyond dm-crypt/cryptsetup @@ -21,13 +27,21 @@ Roadmap notes: *** [#B] udev rules to avoid usb automount of keyplug in gnome *** [#B] sign and verify tomb script integrity -*** [#B] make a graphical tomb undertaker (gnome-druid in glade?) *** [#B] analyse and show tomb entropy using libdisorder *** [#B] use inotify on tomb inotify can also count when was the last time tomb was used and unmount it automatically after a timeout, see how much free space is left and warn when the space is almost finished +*** DONE [#A] system to split passwords in parts + CLOSED: [2018-01-03 Wed 19:48] + + solved with secrets.dyne.org +*** DONE [#B] make a graphical tomb undertaker (gnome-druid in glade?) + CLOSED: [2018-01-03 Wed 19:49] + + solved by gtomb and qtomb + ** Notes from #CybRes diff --git a/doc/tomb.1 b/doc/tomb.1 index 556e160..7a1a45b 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -301,12 +301,14 @@ base root of the tomb. .B .IP "bind-hooks" -This hook file consists of a simple two column list of files or -directories inside the tomb to be made directly accessible inside the -current user's home directory. Tomb will use the "mount \-o bind" -command to bind locations inside the tomb to locations found in $HOME -so in the first column are indicated paths relative to the tomb and in -the second column are indicated paths relative to $HOME contents, for +This hook file consists of a simple text file named \fIbind-hooks\fR +containing a two column list of paths to files or directories inside +the tomb. The files and directories will be be made directly +accessible by the tomb \fIopen\fR command inside the current user's +home directory. Tomb uses internally the "mount \-o bind" command to +bind locations inside the tomb to locations found in $HOME. In the +first column are indicated paths relative to the tomb and in the +second column are indicated paths relative to $HOME contents, for example: .EX mail mail @@ -318,12 +320,12 @@ example: .B .IP "exec-hooks" This hook file gets executed as user by tomb with the first argument -determining the step of execution: "open" or "close". The exec-hooks -file should be an executable (ELF or shell script) present inside the -Tomb. Tomb executes this hook as user supplying two or more arguments, -the first being the step, followed by the mountpoint of the tomb and, -on close events, its name, loopback device and dev-mapper device -paths. +determining the step of execution (\fIopen\fR or \fIclose\fR) and the second +being the full path to the mountpoint. The \fIexec-hooks\fR file should be +executable (ELF or shell script) and present inside the Tomb. Tomb +executes this hook as user and adds the name, loopback device and +dev-mapper device paths as additional arguments for the \fIclose\fR +command. .SH PRIVILEGE ESCALATION