The sudo program checks this env var and uses it, but only if --askpass
was given at the command line, or if it thinks there is no terminal.
But the terminal detection is unreliable, so give it --askpass if there
is an askpass program defined in the environment.
To try it, simply "export SUDO_ASKPASS=/usr/bin/ssh-askpass" before
running tomb.
For me personally, this makes it possible to have a hotkey to run
"pass" and "pass tomb" related commands. Without this patch, invoking
via hotkey causes my window manager to lock up while waiting for a
password on the VT where Xorg was started... and since it's locked up,
I can't change to the VT to enter the data it's waiting for. So I have
to log in via ssh from another host to recover it.
So, instead of locking up... now it can use a GUI askpass program.
this new "flavor" of tomb uses veracrypt for mounted volumes and
POSIX sh only for its scripting, is a work in progress and still
lacks full functionality, but provides a proof-of-concept to be
developed further if needs arise.
The --filesystem option can be used to specify
an alternative filesystem used to format the tomb, in place of the default "ext4".
Beside "btrfs" now the following parameters to --filesystem are supported:
"ext3" using operating system defaults
"ext4" using operating system defaults
"btrfs" for tombs >= 47MB using operating system defaults
"btrfsmixedmode" for tombs >=18MB btrfs mixed mode (see mkfs.btrfs(8))
"ext3maxinodes" ext3 with a maximum of inodes (for many small files)
"ext4maxinodes" ext4 with a maximum of inodes (for many small files)
These changes help use scenarios in which there is a great number of small files
and/or directories in a small filesystem, like e.g. the pass-tomb extension to pass.
Check if unencrypted swap is zram. If it is zram check whether a writeback to
disk is configured.
Unencrypted zramswap not written to disk is accepted.
ToDo (as for other unencrypted swap): check if the writeback happens on an
already encrypted disk/partition.
If there is no free loop device, the call of loopsetup -f will create one and return it. For this it needs privilege escalation.
It doesn't need those, if there is already an used device, but that cannot be guaranteed.
Closes#436
* KDF support for argon2 memory intensive algorithm
following many requests, here is support for argon2 KDF to be switched
on using --kdftype argon2 (--kdf iterations --kdfmem memory)
effective memory required is 2^memory KiB, defaults to 18 (262 MiB)
number of iterations are still specified as --kdf argument
requires the argon2 reference C implementation from P-H-C
also requires tomb-kdb-pbkdf2-gensalt in extras/kdf-keys
example usage:
tomb forge -k argon.key --kdf 10 --kdftype argon2
* manual updates for argon2
* small improvements to loopback setup and --sudo
* support reading hostname from file
also tolerate not finding the hostname (fill localhost)
address #428
* cleanup and support sup,sud,pkexec