documentation updates for release

AUTHORS.md

@@ -5,8 +5,9 @@ Tomb includes code by Anathema, Boyska and Hellekin O. Wolf.
 
 Tomb's artwork is contributed by Jordi aka Mon Mort
 
-Testing and reviews are contributed by Dreamer, Shining, Mancausoft,
+Testing, reviews and documentation are contributed by Dreamer,
-Asbesto Molesto and Nignux.
+Shining, Mancausoft, Asbesto Molesto, Nignux, Vlax, Reiven and
+GDrooid.
 
 Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth
 

ChangeLog.md

@@ -1,5 +1,13 @@
 # Tomb ChangeLog
 
+## 1.5.3
+### June 2014
+
+Various usability fixes and documentation updates. Password changing
+and key changing procedures have been refactored and dev-mode
+operation from scripts has been tested against a few new wrappers
+being developed. A strings file is made available for translators.
+
 ## 1.5.2
 ### February 2014
 

KNOWN_BUGS.md

@@ -1,11 +1,14 @@
-* Versioning and stdin key piping in 1.5
+# Versioning and stdin key
+## 1.5
+
  Due to distraction tomb version 1.5 displays its version as 1.4.
  Also version 1.5 did not work when using -k - to pipe keys from
  stdin, plus left the encrypted keys laying around in RAM (tmpfs).
  This was a minor vulnerability fixed in 1.5.1.
 
 
-* Compatibility broken in old Tomb 1.3 and 1.3.1
+# Key compatibility broken
+## 1.3 and 1.3.1
 
  Due to an error in the creation and decoding of key files, release
  versions 1.3 and 1.3.1 cannot open older tombs, plus the tombs created

README.md

@@ -16,7 +16,7 @@
 
 Latest version: **1.5.3**
 
-http://dyne.org/software/tomb
+Updates on website: http://dyne.org/software/tomb
 
 # What is Tomb, the crypto undertaker
 
@@ -29,6 +29,16 @@ standard filesystem tools (GNU) and the cryptographic API of the Linux
 kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
 output to facilitate its use inside graphical applications.
 
+# Plea for support
+
+If you like to support the development of this project, please rate it
+and endorse it on the CHEST funding platform:
+
+http://ideas.chest-project.eu/?q=node/3433
+
+We are seeking funding to continue this free and open source development.
+It does not require much, just a registration and rating. Thanks.
+
 # How does it works
 
 For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).

doc/Tomb_User_Manual.org

@@ -132,11 +132,13 @@ Later on we've felt the urgency to publishing this mechanism for other
 operating systems than dyne:bolic since the current situation in
 personal desktop encryption is far from optimal. Let's have a look.
 
-\index{truecrypt}
+\index{truecrypt} [[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries
-[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
+so that its code is hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free
-hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
+operating system distributors because of liability reasons, see
-distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
+[[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]], [[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]]. For these and other reasons -
-[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
+presumably very sad ones for its users - Truecrypt has also been
+discontinued.
+
 
 \index{cryptkeeper}
 [[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main

doc/tomb.1

@@ -73,7 +73,9 @@ mount(8) options (default: rw,noatime,nodev).
 List all the tombs found open, including information about the time
 they were opened and the hooks that they mounted. If the first
 argument is present, then shows only the tomb named that way or
-returns an error if its not found.
+returns an error if its not found. If the option
+\fI--get-mountpoint\fR is used then print a simple list of currently
+open tomb mountpoint paths.
 
 .B
 .IP "index"
@@ -174,11 +176,10 @@ adding a '.key' suffix, but can be later renamed and transported on
 other media.  If \fI<keyfile>\fR is "-" (dash), it will read it from
 stdin.
 .B
-.IP "--kdf \fI<seconds>\fR"
+.IP "--kdf \fI<iterations>\fR"
 Activate the KDF feature against dictionary attacks when creating a
-key: forces a delay of \fI<seconds>\fR every time this key is
+key: forces a delay of \fI<iterations>\fR (integer multiplied by 10k)
-used. This feature is still \fIexperimental\fR and not recommended in
+every time this key is used.
-production environments.
 .B
 .IP "-n"
 Skip processing of post-hooks and bind-hooks if found inside the tomb.
@@ -186,32 +187,62 @@ See the \fIHOOKS\fR section in this manual for more information.
 .B
 .IP "-o"
 Manually specify mount options to be used when opening a tomb instead
-of the default \fIrw,noatime,nodev\fR. This option can be used to
+of the default \fIrw,noatime,nodev\fR, i.e. to mount a tomb read-only
-mount a tomb read-only (ro) to prevent any modification of its data,
+(ro) to prevent any modification of its data. Can also be used to
-or to experiment with other settings (if you really know what you are
+change the symmetric encryption algorithm for keys during \fIforge\fR
-doing) see the mount(8) man page.
+operations (default \fIAES256\fR) or the LUKS encryption method during
+\fIlock\fR operations (default \fIaes-xts-plain64:sha256\fR).
 .B
 .IP "-f"
 Force flag, currently used to override swap checks, might be
 overriding more wimpy behaviours in future, but make sure you know
-what you are doing if you force an operation...
+what you are doing if you force an operation.
 .B
 .IP "-h"
-Display a help text and quit
+Display a help text and quit.
 .B
 .IP "-v"
-Display version and quit
+Display version and quit.
 .B
 .IP "-q"
 Run more quietly
 .B
 .IP "-D"
 Print more information while running, for debugging purposes
+
+.SH DEV MODE
 .B
 .IP "--no-color"
-Don't use colors; useful for old terminals or integration in other
+Suppress colors in console output (needed for string parsing by
-scripts parsers
+wrappers).
-
+.B
+.IP "--unsecure-dev-mode"
+Enable using dev-mode arguments, i.e. to pass passwords from
+commandline options. This is mostly used needed for execution by
+wrappers and testing suite.
+.B
+.IP "--use-urandom"
+Use an inferior quality random source to improve the speed of key
+generation at the cost of security (neede for the testing suite).
+.B
+.IP "--sudo-pwd <string>"
+Use string as password when needed for privilege escalation via sudo.
+.B
+.IP "--tomb-pwd <string>"
+Use string as password when needed on tomb.
+.B
+.IP "--tomb-old-pwd <string>"
+Use string as old password when needed in tomb commands requiring
+multiple keys, like \fIpasswd\fR or \fIsetkey\fR.
+.B
+.IP "-U --uid"
+Switch to this user ID when dropping privileges.
+.B
+.IP "-G --gid"
+Switch to this group ID when dropping privileges.
+.B
+.IP "-T --tty"
+Switch to this TTY terminal when dropping privileges.
 
 .SH HOOKS
 

tomb

@@ -40,8 +40,8 @@
 
 # {{{ Global variables
 
-VERSION=1.5.2
+VERSION=1.5.3
-DATE="Feb/2014"
+DATE="Jun/2014"
 TOMBEXEC=$0
 typeset -a OLDARGS
 for arg in ${argv}; do OLDARGS+=($arg); done