long due, was ready in november 2022 and basically left unchanged at
that stage, except the deprecation of veracrypt in the experimental
portable branch, which is not included in the stable release.
The sudo program checks this env var and uses it, but only if --askpass
was given at the command line, or if it thinks there is no terminal.
But the terminal detection is unreliable, so give it --askpass if there
is an askpass program defined in the environment.
To try it, simply "export SUDO_ASKPASS=/usr/bin/ssh-askpass" before
running tomb.
For me personally, this makes it possible to have a hotkey to run
"pass" and "pass tomb" related commands. Without this patch, invoking
via hotkey causes my window manager to lock up while waiting for a
password on the VT where Xorg was started... and since it's locked up,
I can't change to the VT to enter the data it's waiting for. So I have
to log in via ssh from another host to recover it.
So, instead of locking up... now it can use a GUI askpass program.
this new "flavor" of tomb uses veracrypt for mounted volumes and
POSIX sh only for its scripting, is a work in progress and still
lacks full functionality, but provides a proof-of-concept to be
developed further if needs arise.
The --filesystem option can be used to specify
an alternative filesystem used to format the tomb, in place of the default "ext4".
Beside "btrfs" now the following parameters to --filesystem are supported:
"ext3" using operating system defaults
"ext4" using operating system defaults
"btrfs" for tombs >= 47MB using operating system defaults
"btrfsmixedmode" for tombs >=18MB btrfs mixed mode (see mkfs.btrfs(8))
"ext3maxinodes" ext3 with a maximum of inodes (for many small files)
"ext4maxinodes" ext4 with a maximum of inodes (for many small files)
These changes help use scenarios in which there is a great number of small files
and/or directories in a small filesystem, like e.g. the pass-tomb extension to pass.
Check if unencrypted swap is zram. If it is zram check whether a writeback to
disk is configured.
Unencrypted zramswap not written to disk is accepted.
ToDo (as for other unencrypted swap): check if the writeback happens on an
already encrypted disk/partition.
If there is no free loop device, the call of loopsetup -f will create one and return it. For this it needs privilege escalation.
It doesn't need those, if there is already an used device, but that cannot be guaranteed.
Closes#436