fixed sudo for privilege excalation, gksu is not anymore a requirement

also updated Todo items

TODO.org

@@ -8,21 +8,37 @@ you are welcome to send patches to jaromil@dyne.org
 ** [#A] fix operation without DISPLAY (over SSH)		   :hellekin:
 ** TODO [#A] SLAM tomb and kill all applications using it
 
-   using fuser(1) we can do that easily, but we should ask user
-   confirmation.
+   using lsof and fuser(1) we can do that easily
+
+   we should ask user confirmation when closing a tomb if to slam
+
+   tomb-askpass will become tomb-ask managing such user interaction,
+   using libassuan and pinentry from the gpg project.
 
-   now tomb-dialog or something like that would be useful it askpass
-   and dialog might melt together into one binary later.
 ** [#A] incremental backup system using bup			    :jaromil:
 
    tombs are modifed only where needed so file changes are local to
-   the file segment where data is stored. i've tested this idea and it
-   works! bup makes incremental backups using git as a backend, big up
-   apenwarr :) on git://github.com/apenwarr/bup
+   the file segment where data is stored. duplicity handles this using
+   gpg for backup sets and rdiff for incremental storage. its more
+   stable than bup at this moment.
+
+** TODO [#B] remove gnome dependencies
+
+   gksu is deeply connected to gnome in all its packages.  actually
+   libgksu2-dev is and that doesn't helps.
+
+   gksu binary is a very simple and dirty code, we should have
+   tomb-ask to use the libgksu library for privilege escalation, but
+   then this would add the dependency into C linking...
+
+   the solution is for now to detect if gksu is present, else fallback
+   to sudo and provide it an interface to ask the password graphically
+   via pinentry
 
 ** TODO [#C] make one single status handle more tombs
 ** TODO [#C] decorate creation wizard with ASCII art
 
+
 ** DONE [#A] steganography to store tomb key			    :jaromil:
 
    steghide can hide keys in JPG, BMP, WAV or AU files it also takes

src/tomb

@@ -246,7 +246,15 @@ check_priv() {
 	which sudo > /dev/null
 	if [ $? = 0 ]; then
 	    func "Using sudo for root execution of 'tomb ${(f)ARGS}'"
-	    sudo "tomb ${ARGS[@]}"
+	    # check if sudo has a timestamp active
+	    sudo -n true 2> /dev/null
+	    if [ $? != 0 ]; then
+		# if not then ask a password
+		echo "SETDESC Sudo execution of Tomb ${ARGS[@]}
+SETPROMPT Insert your USER password:
+GETPIN" | pinentry | awk '/^D/ { print $2 }' | sudo -S -v
+	    fi
+	    sudo "tomb" ${(s: :)ARGS}
 	    exit $?
 	fi
 	return 1
@@ -283,7 +291,7 @@ while true; do
 	    act "create     create a new encrypted storage FILE and keys"
 	    act "open       open an existing tomb FILE on MOUNTPOINT"
             act "close      closes the tomb on MOUNTPOINT"
-	    act "bury       hide a tomb key inside an jpeg image"
+	    act "bury       hide a tomb key inside a jpeg image"
 	    act "exhume     extract an hidden tomb key from a jpeg image"
 
 	    act ""
@@ -528,9 +536,9 @@ mount_tomb() {
     act "mounting tomb named after $tombname"
 
     if [ $KEY ]; then
-	# key manually chosen from commandline with -k 
 	tombkey="`basename $KEY`"
 	tombkeypath="$KEY"
+	act "tomb key specified manually, using: $tombkeypath" 
     else
 	tombkey=${tombfile}.gpg
 	if [ -r $tombkey ]; then