The new script adds reference and context to the strings, identifies
them with more correctness and has blacklisting capabilities to ignore
strings that need no translation.
omb_manpage.pdf had not been updated for two years. This update brings
the document up to date with the latest update done to the tomb.1 man
page on November 26, 2014.
This commit refactors the handling of password input by eliminating
all intermediary programs and relying only on ZSh, hence improving
overall security against rootkits and such.
Also the way sudo is used is now greatly simplified and there is no
privilege escalation at boot: sudo is executed inside Tomb by being
prefixed in front of those programs needing it.
All tests passed.
swish-e now creates a .swishrc config file inside the tomb so that
users can tweak its configuration by hand.
whoami() is also cleaned up, pending a fix for slackware usage.
A tempfile was often used by Tomb in order to parse the stderr output of
gpg and detect if the password is correct or not. The tempfile was not
holding any secret information (see #162) yet this is an improvement for
Tomb's deniability since there is now much less going on in the temp
firectory.
Added the --tmp flag for manual selection of the temporary directory, whose security should really be up to sysadmins when configuring operating systems. Default is ZSh TMPPREFIX usually set to /tmp/zsh which, if not existing, will be created as world writable with a sticky bit.
This commit also includes a cleanup of commandline options and a fix to swap check.
Now there is no more writing of cleartext secrets in any tempfile,
the last case was in setkey and is now eliminated. Tempfile creation
is cleaner. Related to issue #162
