documentation update and small swish-e fix

The fix is due to the new naming scheme without .tomb extension recently
introduced for mountpoints. While testing this a problem arised with
swish-e related to compression of indexes, to be addressed.

AUTHORS.md

@@ -11,10 +11,10 @@ Gettext internationalization and Spanish translation is contributed by
 GDrooid, French translation by Hellekin, Russian translation by fsLeg,
 German translation by x3nu.
 
-Testing, reviews and documentation are contributed by Dreamer, Shining
-the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
-Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
-Linux Action Show!
+Testing, reviews and documentation contributed by Dreamer, Vlax,
+Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
+The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon, Jim
+Turner, Maxime Arthaud and the Linux Action Show!
 
 Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
 

INSTALL.md

@@ -37,18 +37,18 @@ After installation one can read the commandline help or read the manual:
 
 Once installed one can proceed creating a tomb, for instance:
 
-    tomb dig -s 10 secrets.tomb       (dig a 10MB Tomb, be patient)
-    tomb forge -k secrets.tomb.key    (be patient and follow instructions)
-    tomb lock  -k secrets.tomb.key secrets.tomb
+    tomb dig -s 10 secrets.tomb       (dig a 10MB Tomb)
+    tomb forge -k secrets.tomb.key    (create a new key and set its password)
+    tomb lock  -k secrets.tomb.key secrets.tomb (format the tomb, lock it with key)
 
 When this is done, the tomb can be opened with:
 
-    tomb open -k secrets.tomb.key secrets.tomb
+    tomb open -k secrets.tomb.key secrets.tomb (will ask for password)
 
 The key can also be hidden in an image, to be used as key later
 
-    tomb bury -k secrets.tomb.key nosferatu.jpg
-    tomb open -k nosferatu.jpg secrets.tomb
+    tomb bury -k secrets.tomb.key nosferatu.jpg (hide the key in a jpeg image)
+    tomb open -k nosferatu.jpg secrets.tomb (use the jpeg image to open the tomb)
 
 Or backupped to a QRCode that can be printed on paper and hidden in
 books. QRCodes can be scanned with any mobile application, resulting
@@ -72,10 +72,11 @@ executable | function
   steghide | bury and exhume keys inside images
   resizefs | extend the size of existing tomb volumes
   qrencode | engrave keys into printable qrcode sheets
-  mlocate  | have fast search of file names inside tombs
-  swish++  | have fast search of file contents inside tombs
-  unoconv  | have fast search of contents in PDF and DOC files
-  haveged  | have fast entropy generation for key forging
+  mlocate  | fast search of file names inside tombs
+  swish++  | fast search of file contents inside tombs
+  unoconv  | fast search of contents in PDF and DOC files
+  lesspipe | fast search of contents in compressed archives
+  haveged  | fast entropy generation for key forging
 
 As for requirements, also optional tools may be easy to install using
 the packages provided by each distribution.
@@ -184,4 +185,4 @@ let us know. Tomb is really meant to be maintained as a minimal tool
 for long-term compatibility when handling something so delicate as our
 secrets. For anything else we rely on your own initiative.
 
-Happy hacking! :&^)
+Happy hacking! ;^)

README.md

@@ -126,23 +126,21 @@ usage, etc.
 
 Death is the only sure thing in life. That said, Tomb is a pretty
 secure tool especially because it is kept minimal, its source is
-always open, and its code is easy to review with a bit of shell script
-knowledge.
+always open to review (even when installed) and its code is easy to
+read with a bit of shell script knowledge.
 
 All encryption tools being used in Tomb are included as default in
 many GNU/Linux operating systems and therefore are regularly peer
 reviewed: we don't add anything else to them really, just a layer of
 usability.
 
-The code of Tomb is made to be read in literate programming style.
-
 The file [KNOWN_BUGS.md](KNOWN_BUGS.md) contains some notes on known
 vulnerabilities and threat model analysis.
 
-In absence of the Tomb script it is always possible to access the
-contents of a Tomb using a dm-crypt enabled Linux kernel, cryptsetup
-and GnuPG issuing the following commands as root:
-
+In absence or malfunction of the Tomb script it is always possible to
+access the contents of a Tomb only using a dm-crypt enabled Linux
+kernel, cryptsetup, GnuPG and any shell interpreter issuing the
+following commands as root:
 ```
 lo=$(losetup -f)
 losetup -f secret.tomb
@@ -150,7 +148,12 @@ pass="$(gpg -d secret.key)"
 echo -n -e "$pass" | cryptsetup --key-file - luksOpen $lo secret
 mount /dev/mapper/secret /mnt
 ```
-
+One can change the last argument `/mnt` to where the Tomb has to be
+mounted and made accessible. To close the tomb then use:
+```
+umount /mnt
+cryptsetup luksClose /dev/mapper/secret
+```
 
 # Stage of development
 

doc/tomb.1

@@ -79,18 +79,21 @@ open tomb mountpoint paths.
 
 .B
 .IP "index"
-Creates or updates the search indexes of all tombs currently
-open: enables use of the \fIsearch\fR command using simple word
-patterns on file names. Indexes are created using mlocate updatedb(8) and
-stored in a file inside the tomb's root. To avoid indexing
-a specific tomb simply touch a \fI.noindex\fR file in its root.
+Creates or updates the search indexes of all tombs currently open:
+enables use of the \fIsearch\fR command using simple word patterns on
+file names. Indexes are created using mlocate's updatedb(8) and
+swish-e(1) if they are found on the system. Indexes allow to search
+very fast for filenames and contents inside a tomb, they are stored
+inside it and are not accessible if the Tomb is closed. To avoid
+indexing a specific tomb simply touch a \fI.noindex\fR file in it.
 
 .B
 .IP "search"
-Searches through all tombs currently open for filenames matching one
-or more text patterns given as arguments. Search returns a list of
-files found in all open tombs on which the \fIindex\fR command was run
-at least once.
+Takes any string as argument and searches for them through all tombs
+currently open and previously indexed using the \fIindex\fR command.
+The search matches filenames if mlocate is installed and then also
+file contents if swish++ is present on the system, results are listed
+on the console.
 
 .B
 .IP "close"

tomb

@@ -44,8 +44,8 @@
 
 # {{{ Global variables
 
-typeset VERSION="2.0.1"
-typeset DATE="Dec/2014"
+typeset VERSION="2.1"
+typeset DATE="Jul/2015"
 typeset TOMBEXEC=$0
 typeset TMPPREFIX=${TMPPREFIX:-/tmp}
 # TODO: configure which tmp dir to use from a cli flag
@@ -2149,7 +2149,7 @@ index_tombs() {
         # here we use swish to index file contents
         [[ $SWISH == 1 ]] && {
             _message "Indexing ::1 tomb name:: contents..." $tombname
-            [[ -r ${tombmount}/.swishrc ]] || {
+            rm -f ${tombmount}/.swishrc
             _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc
             cat <<EOF > ${tombmount}/.swishrc
 # index directives
@@ -2190,7 +2190,6 @@ FileRules filename is sys
 FileRules filename is supervise
 FileRules filename regex /\.asc$/i
 FileRules filename regex /\.gpg$/i
-
 # pdf and postscript
 FileFilter .pdf pdftotext "'%p' -"
 FileFilter .ps  ps2txt "'%p' -"
@@ -2218,15 +2217,13 @@ FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
 IndexContents HTML* .htm .html .shtml
 IndexContents XML*  .xml
 EOF
-            }
 
             swish-e -c ${tombmount}/.swishrc -S fs -v3
-
         }
-
         _message "Search index updated."
     done
 }
+
 search_tombs() {
     { command -v locate 1>/dev/null 2>/dev/null } || {
         _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }