Cryptsetup is since 1.3.0 capable of setting up a loop device if the
device argument is a file.
This has the additional benefit that those loop devices will get the
AUTOCLEAR flag (available with Linux 2.6.25). This means those loop
devices will be closed as soon they're unused (on luksClose).
Swish is outdated and recoll works much better as a frontend to
xapian, so we adopt it to provide local search over file contents in a
tomb. This update also makes plocate optional to search over file
names, not mandatory. Recoll works also in GUI using its -c
commandline option followed by the indexed tomb's path.
Parsing the output from lsof had possibilities for race conditions.
Either due to short lived processes or issuing "tomb ps" from a terminal which cwd is from inside the tomb.
This would spit out available users on the system.
To avoid this use the lsof output directly.
In the future formatting could be reintroduced via commands like
"lsof +D "$tombmount" -F Lc" or "lsof +D "$tombmount" -F Lc0".
This fixes#503
long due, was ready in november 2022 and basically left unchanged at
that stage, except the deprecation of veracrypt in the experimental
portable branch, which is not included in the stable release.
The sudo program checks this env var and uses it, but only if --askpass
was given at the command line, or if it thinks there is no terminal.
But the terminal detection is unreliable, so give it --askpass if there
is an askpass program defined in the environment.
To try it, simply "export SUDO_ASKPASS=/usr/bin/ssh-askpass" before
running tomb.
For me personally, this makes it possible to have a hotkey to run
"pass" and "pass tomb" related commands. Without this patch, invoking
via hotkey causes my window manager to lock up while waiting for a
password on the VT where Xorg was started... and since it's locked up,
I can't change to the VT to enter the data it's waiting for. So I have
to log in via ssh from another host to recover it.
So, instead of locking up... now it can use a GUI askpass program.
The --filesystem option can be used to specify
an alternative filesystem used to format the tomb, in place of the default "ext4".
Beside "btrfs" now the following parameters to --filesystem are supported:
"ext3" using operating system defaults
"ext4" using operating system defaults
"btrfs" for tombs >= 47MB using operating system defaults
"btrfsmixedmode" for tombs >=18MB btrfs mixed mode (see mkfs.btrfs(8))
"ext3maxinodes" ext3 with a maximum of inodes (for many small files)
"ext4maxinodes" ext4 with a maximum of inodes (for many small files)
These changes help use scenarios in which there is a great number of small files
and/or directories in a small filesystem, like e.g. the pass-tomb extension to pass.
Check if unencrypted swap is zram. If it is zram check whether a writeback to
disk is configured.
Unencrypted zramswap not written to disk is accepted.
ToDo (as for other unencrypted swap): check if the writeback happens on an
already encrypted disk/partition.
If there is no free loop device, the call of loopsetup -f will create one and return it. For this it needs privilege escalation.
It doesn't need those, if there is already an used device, but that cannot be guaranteed.
Closes#436
* KDF support for argon2 memory intensive algorithm
following many requests, here is support for argon2 KDF to be switched
on using --kdftype argon2 (--kdf iterations --kdfmem memory)
effective memory required is 2^memory KiB, defaults to 18 (262 MiB)
number of iterations are still specified as --kdf argument
requires the argon2 reference C implementation from P-H-C
also requires tomb-kdb-pbkdf2-gensalt in extras/kdf-keys
example usage:
tomb forge -k argon.key --kdf 10 --kdftype argon2
* manual updates for argon2
* small improvements to loopback setup and --sudo
* support reading hostname from file
also tolerate not finding the hostname (fill localhost)
address #428
* cleanup and support sup,sud,pkexec
now supporting also pkexec (polkit daemon), suckless' sup and
sud.dyne.org
pkexec is autodetected when polkit is running
manpage documents the --sudo flag which overrides any autodetection
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.
Preparation:
$ tomb dig foo.tomb -s 10
Method 1:
$ sudo tomb forge foo.tomb.key -v
Method 2:
$ tomb forge foo.tomb.key -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb.key' as root on <hostname>.
Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>