Commit Graph

435 Commits

Author SHA1 Message Date
Daniel Rodriguez
42ae73d727 Sync translations with POEditor 2017-01-03 12:00:29 +01:00
Jaromil
843b7fdfc4 remove change of ownership when mounting tombs
The chmod/chown launched on the mounted volume is not really effective
for security, plus the UID is not correctly guessed when tomb is
launched using sudo. It is now up to the user to correctly set
ownership and permission on mounted volumes. There is also one less
check on the ownership of the tomb file which was failing with a
warning in the same case.
2017-01-02 11:04:08 +01:00
Jaromil
cb699189e7 small linting fixes 2017-01-02 06:13:52 +01:00
Jaromil
18743c82a5 code linting
small cleanup using shellcheck, also available as 'make lint'
2017-01-02 06:03:29 +01:00
Jaromil
6f4cfd626c prefer ascii single-quotes to utf8 2017-01-02 06:02:50 +01:00
Jaromil
d41347fe22 documentation updates for release 2016-12-29 19:20:48 +01:00
Jaromil
7b72f07f96 switch shebang to use /usr/bin/env
this is a more generic approach to shebang which supports interpreters
when installed anywhere in the current path.
2016-12-29 13:49:03 +01:00
Jaromil
14cba81f6e fix is_valid_tomb check for already mounted tombs
also added some more verbosity on debug
2016-12-26 20:40:23 +01:00
Jaromil
db976a5210 improve wrapping of key generation
gen_key now avoids adding a final newline to file (addressing #226)
and provides more debugging information from the gpg  process.
2016-12-26 20:19:01 +01:00
Jaromil
f5375c61fe improvement over previous gpg_decrypt fix
now also avoiding the use of `read` shell built-in
2016-12-26 19:04:54 +01:00
Jaromil
df75c39a58 new parsing for gpg_decrypt function
this new parser works with all ZSh versions and brings overall
improvement by eliminating the invocation of exernal binary `grep`
over the secret data.
2016-12-26 12:12:34 +01:00
Jaromil
844a886da1 fix sudo execution (patch by robertmx in #223)
tested also in #228, this stops overwriting the $USERNAME
variable which is not really useful (it was used in the previous
privilege escalation model)
2016-11-18 19:00:47 +01:00
Jaromil
101b89f0be use head directly without cat in post-hooks
less is more...
2016-11-18 13:56:44 +01:00
Jaromil
fa44f46eba better documentation for kdf
also correctly use _failure on fatal error using --kdf
2016-11-18 13:56:44 +01:00
mandeepbhutani
50719fb06f Changed message when encrypted swap found to something more informative
Changed message to detail all swap partitions
2016-10-16 11:40:26 -05:00
Jaromil
8f0b2943ce documentation improvements for kdf and dm-crypt cipher choice 2016-01-09 10:16:42 +01:00
Jaromil
a08cb6e0de forgot to bump the version into the script 2015-12-31 13:33:36 +01:00
Jaromil
46c41f3572 fixes support for bind-hooks paths with whitespace
refactored list_tomb_binds to parse /proc/mounts
also works around Debian's infamous \040(deleted) bug
also minor fix in regex umount for more recent zsh
closes bug #222
2015-12-30 17:33:23 +01:00
Jaromil
15273c9f19 fix to last open date saved
now using /.last in tomb to save and retrieve the time when tomb
was last opened, fixes behaviour with tomb filenames containing dots.
2015-12-30 14:35:58 +01:00
Jaromil
63464fa5ea docs improvement
I'm assuming gettext will approximate a match with the string
without updating all .po files. This is only increasing the length
2015-12-02 16:34:22 +01:00
Jaromil
a9f5a32459 completed transition of all doc strings to mention mebibytes (MiB) 2015-11-25 17:55:54 +01:00
Jaromil
cecde4e116 fixed a typo in EUID check 2015-11-25 17:41:17 +01:00
Jaromil
9090bfaff9 easier to continue resizing if interrupted
if resize is launched at same size, will run partition resize
helps continuing if i.e: pinentry expired waiting for password
after a long resize while operator is away: jurt rerun resize command
2015-11-07 14:20:43 +01:00
Narrat
9dd81b505b Correct spelling and whitespaces 2015-09-21 00:57:21 +02:00
Jaromil
b07224beab fix to username parsing in passwd
now using getent, light edit of hellekin's fix in #198
2015-07-23 15:18:13 +02:00
Emil Lundberg
4730b6d211 Fix comment typo: --use-random => --use-urandom 2015-07-07 09:56:16 +02:00
Jaromil
b8447dbf24 documentation update and small swish-e fix
The fix is due to the new naming scheme without .tomb extension recently
introduced for mountpoints. While testing this a problem arised with
swish-e related to compression of indexes, to be addressed.
2015-07-06 17:33:44 +02:00
Jaromil
e8ca2998b9 improved debugging for pinentry execution 2015-07-04 11:28:37 +02:00
Jaromil
55d3263cac Parse only untranslated GNUPG output
this avoids getting in the way utf8 chars like non-breakable space
that will hang ZSh in versions previous to 5.0.8, fix #205
2015-07-02 12:47:29 +02:00
Jaromil
eada0538c9 Delete mountpoint when tomb is closed (fix #149)
two bugs were left behind by the last refactoring, one about
consistency of the mountpoint naming (now using $TOMBNAME everywhere,
without the added .tomb extension as per #180), the other about a
missing _sudo to prefix rmdir commands.

Test suite has been updated accordingly.

This fix introduces a mandatory condition for the next update: all
tombs must be closed when upgrading the tomb script, else it will not
be able to correctly close them.
2015-06-26 11:47:19 +02:00
Jim Turner
1dff3676ce Remove inaccurate comment 2015-03-01 02:17:48 -05:00
Jim Turner
1919b29c1f Remove unused variable 2015-03-01 02:17:48 -05:00
hellekin
8aa1c0c6a5 Clarify code and documentation (thanks @boyska) 2015-02-21 23:04:50 -03:00
boyska
5f3ec68c38 FIX kdf iteration count 2015-02-20 19:03:21 +01:00
hellekin
fe504e4a19 Remove tabs 2015-02-20 11:42:49 +01:00
hellekin
8233278ce0 Remove leftover and notify #163 :) 2015-02-20 11:42:49 +01:00
hellekin
bad0173352 Simplify patch 2015-02-20 11:42:49 +01:00
hellekin
e4afe6aefa Recover legacy code for systems using util-linux < 2.22 2015-02-20 11:42:49 +01:00
hellekin
de418d00c9 Add detection of plain swap on encrypted volumes. (Fixes #163)
Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.

Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
2015-02-20 11:42:49 +01:00
Jaromil
ec5d72ae9a TODO updates and a small comment correction 2015-02-20 11:40:45 +01:00
Jim Turner
346a31ac5b Remove redundant test for $DISPLAY
This block is already wrapped in the `else` block of the same test for
the `$DISPLAY` variable, so this test is redundant.
2015-02-17 23:01:46 -05:00
Jim Turner
030704f5f3 Remove outdated error message
Commit 5dbcabdf26 removed the `chown` call
in `_tmp_create()` but not the associated error message. This commit
removes that error message since it is just dead code.
2015-02-17 01:33:29 -05:00
Jaromil
2598c11893 avoid enforcing .tomb extension to allow better deniability, fix #180 2015-02-08 17:41:01 +00:00
Jaromil
15ff5abe61 Sudo prompt for password made more visible to distinguish from other password prompts, addressing #171 2015-02-08 17:33:10 +00:00
Jaromil
46583fa445 tidying up the documentation 2015-01-30 02:00:07 +01:00
Jaromil
181103bc56 Make pinentry work even if LANG env var is not set (default to C, fix #188) 2015-01-29 18:11:25 +01:00
Jaromil
90e46854bc handle failure in load_key when key is not retrieved from stdin 2015-01-27 17:31:09 +01:00
Jaromil
ca012e8744 supports default mount also on /run/media/jrml (udisk2 compat). minor cleanups to default mountpoint generation. fix #186 2015-01-21 12:17:09 +01:00
Jaromil
4788ee6834 Avoid proceeding to umount if a bind_mount is busy and close is not slamming. 2015-01-17 02:29:57 +01:00
Jaromil
88c51f89f0 Improved validity check on tomb file. Introduces use of zsh/stat module 2015-01-17 02:14:38 +01:00
Jaromil
9b0364d34c preserve current GTK-2.0 theme when using pinentry-gtk-2 (fix #185) 2015-01-13 10:46:53 +01:00
Daniel "GDrooid" Rodriguez
30669bb9fa Use spaces instead of tabs. 2015-01-09 17:33:07 +01:00
Daniel "GDrooid" Rodriguez
bd7300aa3e Update .po files and fix typo in tomb executable. 2015-01-09 17:11:14 +01:00
Jaromil
d8c5cd24d1 better checks on file creation, both on dig and forge 2015-01-04 21:02:27 +01:00
hellekin
1068033e93 Address non-zero exit code on mount attempt 2014-12-27 08:13:15 -03:00
hellekin
45c5b53cc4 Restore -o and make explicit it means 'options local to subcommand' (Closes #182) 2014-12-26 23:42:58 -03:00
hellekin
f1c6245c80 Honor mount options (fixes #181) and disambiguate -o (fixes #182) 2014-12-26 20:54:51 -03:00
Jaromil
c56bd74e22 minor versioning 2014-12-25 02:48:49 +01:00
Jaromil
d88fd5c9cb release versioning 2014-12-21 22:08:32 +01:00
Jaromil
c436b76a85 typo fix for gpg 1.4.11 affecting mint 13 and ubuntu 12, closes #175 2014-12-21 21:51:15 +01:00
hellekin
b0c63ebf12 lapsus: not _notice, but _message 2014-11-27 13:40:58 -03:00
hellekin
29040b2d7f Replace tab with spaces 2014-11-27 13:01:35 -03:00
hellekin
f7ea486e13 Remove extra space and split message for accuracy (fixes #170) 2014-11-27 12:47:12 -03:00
Jaromil
0d690bf142 documentation and makefile scripts updates for release 2014-11-26 20:28:28 +01:00
gdrooid
de65325fc3 [i18n] Don't localize legal output. 2014-11-26 19:35:47 +01:00
Jaromil
bbe9a49ec3 Direct handling of pinentry execution
We skip distro wrappers here since they interfere with stdin/out
As usual: better to have less intermediaries.
2014-11-26 17:45:31 +01:00
Jaromil
7a8a8666ba addressing comments on last commit with a few fixes 2014-11-26 17:25:47 +01:00
gdrooid
47652747c3 [l10n] Update pot file. 2014-11-25 22:51:33 +01:00
Jaromil
f218c644ab KDF key handling cleanup 2014-11-25 03:25:27 +01:00
Jaromil
5dbcabdf26 Removed old privilege escalation model
This commit refactors the handling of password input by eliminating
all intermediary programs and relying only on ZSh, hence improving
overall security against rootkits and such.

Also the way sudo is used is now greatly simplified and there is no
privilege escalation at boot: sudo is executed inside Tomb by being
prefixed in front of those programs needing it.

All tests passed.
2014-11-25 02:37:05 +01:00
Jaromil
e6075d08ce really fail to not overwrite keys when forging 2014-11-24 20:06:45 +01:00
gdrooid
fb686db8eb Finished fixing #164 2014-11-24 17:02:30 +01:00
gdrooid
a46da1cc23 Fix #164 2014-11-23 22:47:03 +01:00
Jaromil
a6a784f1ef swish-e indexing change and whoami cleanup
swish-e now creates a .swishrc config file inside the tomb so that
users can tweak its configuration by hand.
whoami() is also cleaned up, pending a fix for slackware usage.
2014-11-23 21:53:44 +01:00
Jaromil
2480c89210 small security measure against exporting all vars 2014-11-23 18:26:06 +01:00
Jaromil
99581a5faa whitespace cleanup and correct indentation to 4 spaces (no tabs) 2014-11-23 18:25:42 +01:00
Jaromil
aba0fa5191 Avoid using a tempfile on every key decryption
A tempfile was often used by Tomb in order to parse the stderr output of
gpg and detect if the password is correct or not. The tempfile was not
holding any secret information (see #162) yet this is an improvement for
Tomb's deniability since there is now much less going on in the temp
firectory.
2014-11-23 16:58:43 +01:00
Jaromil
c0bd822312 fix for #165 2014-11-23 16:27:09 +01:00
Jaromil
a10d6af804 Removed handling of temporary directory
Added the --tmp flag for manual selection of the temporary directory, whose security should really be up to sysadmins when configuring operating systems. Default is ZSh TMPPREFIX usually set to /tmp/zsh which, if not existing, will be created as world writable with a sticky bit.

This commit also includes a cleanup of commandline options and a fix to swap check.
2014-11-23 14:49:41 +01:00
Jaromil
6bb1385c69 Security fix to setkey
Now there is no more writing of cleartext secrets in any tempfile,
the last case was in setkey and is now eliminated. Tempfile creation
is cleaner. Related to issue #162
2014-11-22 01:40:26 +01:00
Jaromil
f2efa69001 Read setting of pinentry-program in gpg-agent.conf
also fixes the check if the tomb is already open
2014-11-22 00:23:57 +01:00
Jaromil
4d82b20199 small fix to whitespace and leftover newline tests 2014-11-21 22:32:38 +01:00
Jaromil
e48c7c4a85 Added new --unsafe mode: -k cleartext
Using the 'cleartext' name for a key will read it from stdin and
expect it to be unencrypted. This is an unsafe mode of operation,
but useful i.e. to open remote tombs by piping the key over ssh,
or using a different software than Tomb to de/crypt keys.

This commit also renames the flag --unsecure-dev-mode into --unsafe
and includes a minor fix to the last opened date shown on open.

Addressing issue #161
2014-11-21 22:25:43 +01:00
Jaromil
b7f4e3a7fd Use print for non-escaped piping of secret
after fixing issue #154 with echo here we revert to using print with
options -R -n which sort the same effect. Print is preferred since it
executes the built-in command without any possible ambiguity. We don't
want to expose secrets to an external executable in case of a simple
attack that would change the env PATH to use a rootkitted echo.
2014-11-20 15:53:45 +01:00
Jaromil
489b3582cb Disable escapes when piping secrets
Switched to use echo with -E flag to disable escapes in keys: escape
strings were discarded cryptsetup tomb operations when they were present
in the decoded key random passphrase. Issue #154

The solution adopted here includes wrapping all cryptsetup operations to
unify the behaviour adopted.

Worth noting that this problem possibly breaks all tombs and keys
created using the unstable Tomb from git development in the past 2
months. Regression tests with previous stable releases are OK.
2014-11-20 09:59:11 +01:00
gdrooid
6ce45a6f84 [i18n] Update translation files. 2014-11-16 17:30:59 +01:00
Jaromil
a568cdf546 imported python tomber into extras
more documentation updates
2014-11-16 15:21:11 +01:00
Jaromil
bbb290c81a documentation updates 2014-11-16 13:55:51 +01:00
Jaromil
a0db66b18e added also explicit stdout redirection to command -v 2014-11-16 13:11:42 +01:00
Jaromil
9f39d671a0 reverted to use command -v instead of hash
according to analysis made with @gdrooid
2014-11-16 12:38:31 +01:00
Jaromil
da46cbcd31 using zsh hash function instead of command -v to check for bins in path, using plain 2>/dev/null redirection everywhere 2014-11-16 11:37:30 +01:00
Jaromil
982c7591f2 avoid gettext being a requirement and list optional tools found in version output 2014-11-16 11:34:35 +01:00
Jaromil
aa35441d69 this should fix lo_mount() as reported in #154 2014-11-16 11:09:43 +01:00
Jaromil
d4c4a82d73 more detailed help messages and exclude videos from index 2014-11-15 04:14:40 +01:00
Jaromil
249c3cec1d work also without gettext. versioning 2014-11-15 03:14:03 +01:00
Jaromil
8c8ab3fc5c removed some minor debugging tests 2014-11-15 02:41:10 +01:00
Jaromil
edbd950120 switched to zsh/regex and zsh/mapfile
many operations moved to builtin zsh internals, improving speed
also fixes to the username detection and to the losetup check
2014-11-15 02:38:53 +01:00
Jaromil
4ce8771e99 Correct wrapping of cli argument arrays
Fixes also piping to ssh for remote tomb commands
This fix was suggested by @brianmay on #139
2014-11-14 20:12:30 +01:00
Jaromil
82e0533892 message fix 2014-11-14 19:43:26 +01:00
Jaromil
a7d7fad6a8 last minor fix to use _plot() instead of is_valid_tomb() on tomb creation commands 2014-11-14 19:27:57 +01:00
Jaromil
949a8c19e7 correct rendering of dev mapper filename and use of is_valid_tomb 2014-11-14 19:13:48 +01:00
Jaromil
106c4ab32e fixed resize 2014-11-14 18:51:33 +01:00
Jaromil
98ab49315a fixes to _tmp_create and its usage 2014-11-14 18:42:11 +01:00
Jaromil
828579e10d better parses for bind-hooks
rw global vars VERSION etc facilitate re-source in test environment
2014-11-14 17:42:49 +01:00
Jaromil
9097a69631 indentation and small fix for umount to avoid warnings and correct check 2014-11-14 14:25:49 +01:00
Jaromil
c73f00eb19 adjusting strings to facilitate translation 2014-11-04 16:45:57 +01:00
Jaromil
943a46ef60 removed create_tomb, left deprecation notice 2014-11-04 16:45:37 +01:00
Jaromil
181f0fc636 revert to swish-e again 2014-11-04 16:45:08 +01:00
hellekin
6c71f2c94b [cleanup] Process subcommands 2014-11-04 15:33:12 +01:00
hellekin
8df1575a44 [cleanup] Replace 'test' with [[ expr ]] 2014-11-04 15:33:12 +01:00
hellekin
b857122d7d [cleanup] _load_key 2014-11-04 15:32:46 +01:00
hellekin
27ec914870 [cleanup] Fix path to user's temporary files 2014-11-04 15:32:46 +01:00
hellekin
fb12b50d7d [cleanup] ask_password 2014-11-04 15:32:45 +01:00
Jaromil
dac8e4acae remove base2 notation for flags
fixes bug that prevented to evaluate correctly 1/0 values for optional extensions
2014-11-04 15:32:45 +01:00
hellekin
788c133f94 [cleanup] More test cleanups 2014-11-04 15:32:45 +01:00
hellekin
14ed549a55 [cleanup] Consolidate temporary file creation 2014-11-04 15:32:45 +01:00
hellekin
226fd2a0f8 [cleanup] Only add directory to mounted if it's actually mounted 2014-11-04 15:32:45 +01:00
hellekin
fda78fbf8a [cleanup] Disallow empty TOMBNAME 2014-11-04 15:32:45 +01:00
hellekin
0754e9acd2 [cleanup] "Safety functions" section
- more documentation
  - follow style guide
  - rationalize check_swap
2014-11-04 15:32:45 +01:00
hellekin
3e91b7bb9b [cleanup] Document options functions 2014-11-04 15:32:45 +01:00
hellekin
cd1ceac92e [cleanup] Introduce _whoami ; clean ; pass all tests with or without sudo 2014-11-04 15:32:44 +01:00
hellekin
b053898300 [cleanup] Privatize {,_}endgame event 2014-11-04 15:32:44 +01:00
hellekin
8e38a1c31b [cleanup] Uppercase loop devices 2014-11-04 15:32:44 +01:00
hellekin
03a3456c98 [cleanup] Uppercase temporary files 2014-11-04 15:32:44 +01:00
hellekin
43225c790e [clenaup] Uppercase secrets 2014-11-04 15:32:44 +01:00
hellekin
fe01a62467 [cleanup] Uppercase TOMBKEY* 2014-11-04 15:32:44 +01:00
hellekin
b91573dde5 [cleanup] Introduce _plot 2014-11-04 15:32:44 +01:00
hellekin
19abe7cf85 [cleanup] Uppercase global command context 2014-11-04 15:32:44 +01:00
hellekin
0e9453ebd8 [cleanup] Remove unused global variable 2014-11-04 15:32:44 +01:00
hellekin
b340721307 [cleanup] Uppercase global OPTS 2014-11-04 15:32:43 +01:00
hellekin
9539d0cc4b [cleanup] Formalize tests for flags 2014-11-04 15:32:43 +01:00
hellekin
da183aa689 [cleanup] Fix log of commands by using arrays consistently 2014-11-04 15:32:43 +01:00
hellekin
b721de0ec1 Starting cleanup 2014-11-04 15:32:43 +01:00
Jaromil
3d29d6a422 use swish-e and not the debian-specific wrapper, fix #136 2014-10-24 01:20:36 +02:00
hellekin
a9bc4c2489 Remove fatally broken failure :) 2014-10-20 12:52:21 -03:00
Jaromil
3416ad2d2c avoid using Tomb's PID in temp files and double the random #150 2014-10-20 16:34:45 +02:00
Jaromil
f2ffa9c67f correct tomb_key variable usage in logs 2014-10-10 11:17:02 +02:00
Jaromil
f8df67fcd0 fixes empty variables used in output messages
there where variable names left over after the code refactoring
they have now correct names or are filled, messages stay the same
fixes #138
2014-10-10 00:05:00 +02:00
hellekin
4610af02c9 Tidy up options documentation 2014-10-05 13:41:19 -03:00
Jaromil
c7009e5c1b Merge pull request #132 from gdrooid/i18n
Internationalization of all human language in Tomb using gettext
2014-09-16 18:56:45 +02:00
gdrooid
0d76ccc2df Usage message translations.
Adds a new `_print` function to print strings without coloring or
other stuff added by the `_msg` function. It's used for the usage
message, letting it be translated.

The usage messages have been split into one-line strings, and added
back to the tomb.pot and *.po files.
2014-09-13 16:55:03 +02:00
gdrooid
55f6a0a927 Remove manual coloring from strings. 2014-09-09 13:20:06 +02:00
gdrooid
b73dfd65d7 Makes it possible to add any number of ::vars:: to the strings. 2014-09-09 13:15:31 +02:00
Jaromil
7918161803 revert to using /dev/null to ignore output when needed
should fix #134
2014-09-06 20:24:24 +02:00
gdrooid
20a59fdf7b Update new strings to the new format. 2014-09-01 10:09:33 +02:00
gdrooid
118ace28ef Update Spanish translations and fix minor issues.
Issues:
	`gettext -s - "$2"` prints the -, instead of getting the desired effect
	The custom expansion  missed repeated variables in a single string
	Some string fixes
2014-09-01 09:37:45 +02:00
gdrooid
61e6529f6a Update Spanish translations. 2014-09-01 09:37:11 +02:00
gdrooid
bfc12248bd Adapt _failure strings for new format.
Also, changes the way you pass an exit value to the _failure function:
	exitv=1 _failure "Message"
2014-09-01 09:37:11 +02:00
gdrooid
d1bac626ef Adapt _verbose strings to new format. 2014-09-01 09:36:49 +02:00
gdrooid
08c94cc110 Adapt _message strings to new format. 2014-09-01 09:35:24 +02:00
gdrooid
2b0a02f3d7 Adapt _warning messages to new format. 2014-09-01 09:34:02 +02:00
gdrooid
7d6c72a2e8 Adapt _success messages to new format. 2014-09-01 09:32:22 +02:00
gdrooid
bb863b7e17 Modify _msg function for new string format. 2014-09-01 09:28:32 +02:00
Jaromil
76248f2d66 documentation updates 2014-08-30 19:38:56 +02:00
Jaromil
e8aaf03b52 Completed refactoring of secret handling, all unit tests working.
This refactoring avoids writing of keys on filesystem, exception made
for the 'setkey' command. Loopfiles and tempfiles are automatically
wiped at exit, variable are filled with random data before unset.
2014-08-30 19:38:56 +02:00
Jaromil
16b319c256 More cleanup and refactoring.
Now most functions are stable. tomb open -k image.jpg can use images
directly as keys, works on tests, but needs more debugging.
2014-08-26 00:54:41 +02:00
Jaromil
5d9caf01e0 Cleanup and normalization of functions handling secrets
also now using a dash - after print and gettext options to avoid
parsing printed strings as options.
2014-08-25 23:32:32 +02:00
Jaromil
1d815a1f7e More refactoring of how keys, passwords and secrets are stored
includes a working loopback and tempfile cleanup in endgame()
and several changes in order to avoid saving anything on disk
WIP addressing #124 and #126
2014-08-25 21:07:47 +02:00
Jaromil
f794b78795 Merge pull request #123 from gdrooid/i18n
Install and use translations.
2014-08-19 18:48:49 +02:00
Jaromil
31ab169e2f Merge pull request #122 from gdrooid/master
Substitute /dev/null redirection with closing stdin/err. Cleanup some obsolete functions.
2014-08-17 21:10:18 +02:00
Jaromil
7bd21e4419 remove newline from decrypted key's secret, fixes #125 2014-08-17 21:05:22 +02:00
gdrooid
22f3ab09e5 Close std(out|err) instead of redirecting to /dev/null. 2014-08-15 01:43:52 +02:00
gdrooid
6c4bc38e6a Small fixes/Remove dead options 2014-08-15 01:43:52 +02:00
Jaromil
9d718d0ebb signal traps for endgame cleanups 2014-08-14 09:58:15 +02:00
gdrooid
7d434787b6 Install and use translations. 2014-08-11 23:01:58 +02:00
Jaromil
f7b83de6ca cleanup implicitly exhumed key and move get_lukskey() closer to caller funcs 2014-08-06 11:21:08 +02:00
Jaromil
5158c380fe refactoring of the way password and keys are handled internally
this change uses an hidden global variable within tomb to store the
decrypted key material, avoiding using one tempfile in RAM, avoiding
running the decryption more than once (which means sanity for KDF
usage) and overall simplifying the code also avoiding duplicates.
2014-08-06 07:43:25 +02:00
Jaromil
534476a849 fixes to piping keys stdin/out in image steganography
Also started refactoring code around key handling and
added some documentation.
2014-08-05 17:05:49 +02:00
Jaromil
b7e89e5246 fix to exhume key (steg) to correctly print on stdout when -k -
addressing issue #118
2014-08-03 19:54:43 +02:00
Jaromil
b425f82f99 Merge pull request #114 from gdrooid/master
Indent everything with spaces
2014-07-21 20:06:07 +02:00
Jaromil
da349afeda Security fix for use in multi-user environments
The tomb mount is now readable by the opening uid only (711 r-x--x--x);
directory access is preserved to allow sharing access to certain subdirs.

Review and fix contributed by Morten Langlo
2014-07-14 18:58:09 +02:00
gdrooid
79fdca5342 Align everything with spaces. 2014-07-13 17:35:28 +02:00
gdrooid
2282782bc2 Remove trailing spaces. 2014-07-13 16:51:13 +02:00
Jaromil
f6885729ac documentation updates for release 2014-06-09 12:22:33 +02:00
Jaromil
9bc0bd762b Merge pull request #112 from reiven/master
fixed 'non interactive' e2fsck on resize, proposal for #111
2014-06-08 20:37:07 +02:00
Jaromil
108a4c00fc setkey now works also in dev-mode
includes some minor code refactoring mostly around setkey
2014-06-08 20:30:35 +02:00
Federico Reiven
d2982307a8 fixed 'non interactive' e2fsck on resize, proposal for #111 2014-06-08 15:05:25 -03:00
Jaromil
052a86de0c fixes to key password handling
refactoring of the code using ask_key_password for better support
of dev-mode password supplied from CLI. This also fixes all uses of
passwd command to change a key's password.
2014-06-08 19:33:35 +02:00
Jaromil
ba9d7e03fc make sure sbin is in PATH
this helps find cryptsetup
2014-06-01 22:19:49 +02:00
Jaromil
85fe8fdc01 Merge pull request #107 from gdrooid/master
Message formatting inconsistencies
2014-05-11 09:28:01 +02:00
gdrooid
47d13addb2 message formatting fix 2014-05-06 08:12:19 +02:00
reiven
ff1ee165c2 fixed incorrect help for dig command 2014-05-05 13:12:42 -03:00
gdrooid
ee3caecafd message formatting fix 2014-04-30 17:31:28 +02:00
gdrooid
c49606f2dc documentation fix 2014-04-28 14:56:21 +02:00
Jaromil
9009fba9f5 re-fix for .gnupg home dir 2014-04-25 23:16:47 +02:00
Jaromil
cf66907fa2 fixes a nasty bug on forge when run without /home/jrml/.gnupg
thanks to Giuliana Dieni for debbugging
2014-04-04 14:52:40 +02:00
Jaromil
db42a8fd3f documentation for a new minor release 2014-02-24 16:09:28 +01:00
Jaromil
12f49bf2ff another fix to key handling
ultimately removing the case in which we guess if the key is near
the tomb: that is not anymore in documentation and we stop encouraging
to keep the key near the tomb.
2014-02-21 22:40:06 +01:00
Jaromil
7fb404d97c documentation update for minor bugfix release 2014-02-20 11:12:21 +01:00
Jaromil
a7d330997e fixed correct handling and deletion of keys when taken from stdin 2014-02-19 12:08:26 +01:00
Jaromil
10baee25a6 Resize now appends directly to tomb file
this avoids creating a delta file in ram, filling it eventually.
fixes #99
2014-01-13 00:17:24 +01:00
Jaromil
9991405124 sanitized the way key filenames are set
there was some inconsistency in the way load_keys was accepting
different parameters or guessing from the tomb filename.

fixes #98
2014-01-13 00:09:37 +01:00
Jaromil
325633d2fb correct documentation on -s option
somewhere mentioned as --size, but the option is really just -s
fixes #100
2014-01-12 23:40:45 +01:00
Jaromil
f9805731f1 Merge pull request #101 from hellekin/swap
Better support for multiple swap partitions, avoids warning if swap is encrypted.
2014-01-12 14:35:17 -08:00
Jaromil
39bfce25f8 Change default cipher specification
new default is "aes-xts-plain64:sha256"
manpage now includes note on how to tune it
fixes #102
2014-01-12 23:32:23 +01:00
hellekin
42a51c53fc Support encrypted swaps 2013-12-16 18:23:10 -03:00
hellekin
15517e0141 Support multiple swaps 2013-12-16 18:20:52 -03:00
hellekin
7f2fd4d60c Support encrypted swap 2013-12-16 17:41:49 -03:00
hellekin
0e49dfc7a0 Detect non-partition swaps 2013-12-16 16:34:39 -03:00
Jaromil
8e9cc7d5c2 more post-hooks documentation and second argument passed with mountpoint 2013-09-19 15:37:21 +02:00
Jaromil
0ca70509cf fix to engrave usage of qrencode 2013-09-18 02:19:14 +02:00
Jaromil
8f25001f57 fixed versioning and extras reorganization 2013-09-08 16:10:19 +02:00
Jaromil
fa75d0f7bc check if loop mount is possible
if not abort gracefully with an explanation
(10x to Bucciarati and sdonk)
2013-09-05 12:45:40 +02:00
Jaromil
914ac9594e last fixes and documentation for release
manual page updates and improvements to kdf argument handling
2013-06-20 12:46:20 +02:00
Jaromil
064b9c964c Improved swish indexing
swish-e usage for indexing of file contents is stable
2013-06-20 10:30:54 +02:00
Jaromil
f3c18819d2 documentation and test improvements
also renamed 'backup' command into 'engrave'
2013-06-20 10:26:12 +02:00
Jaromil
551a7839f5 important fix for backward compatibility to 1.2
a grave bug has been affecting 1.3 and 1.3.1 releases, which makes keys
created with those versions incompatible with other Tomb versions.
This bug is now fixed and Tomb should be able again to open old tombs.
A script to sanitize keys will be released soon.
2013-06-20 00:45:23 +02:00
Jaromil
8d46ff46e1 new backup command to save keys on paper
Backup simply encodes a QRCode that can be print on paper and
hidden in books or so, to keep phisical backups of keys.
The QR can be simply scanned with any smartphone, saved into a file
and reused as a key.
2013-06-19 20:52:21 +02:00
Jaromil
8f4b0c6567 improvements to key handling
added a new 'change' command to change a Tomb's key
it replaces the same LUKS slot using luksChangeKey
2013-06-19 20:20:17 +02:00
Jaromil
9706ef1ab1 Index/Search support over file contents (Swish-e) 2013-06-12 18:15:55 +02:00
Jaromil
5c70938b67 create command deprecation 2013-06-12 15:39:46 +02:00
Jaromil
8e9fc7e803 Major fixes to KDF and steganography
With the advent of a proper test suite many bugs were found and
squashed both in the way KDF and steghide were used.

Key validation func is_valid_key() now attempts recovery for keys
that have broken headers or are naked text (back-compat to old exhume).

KDF and steg now work correctly.
2013-06-12 13:33:54 +02:00
Jaromil
bc3177141d fix to tomb resize
also included into test script
2013-06-12 03:01:28 +02:00
Jaromil
8f9e9f9d2a fixes to --tomb-pwd and new test script 2013-06-12 00:59:41 +02:00
Jaromil
61362ce34e forge and create refuse to overwrite existing files 2013-06-11 23:37:20 +02:00
Jaromil
28a52f5851 fixes to the way paths are handled in load_keys
should fix issue #97
2013-06-11 18:34:17 +00:00
Jaromil
6e51d166be search/index fixes
warning if mlocate not found and better search string handling
searches through all open tombs. mlocate seems to not support multiple strings well.
2013-06-11 16:49:58 +00:00
Jaromil
f43ab33872 Merge branch 'gpgfix' for gnupg result parsing and stdin keys 2013-06-11 15:57:20 +00:00
Jaromil
9e820f3de6 Fixes to GnuPG 1.4.11/1.4.12 result parsing
GnuPG 1 changes behaviour across 1.4.11 and 12 minor versions
when it comes to --status-fd and messaging on stderr/stdout.

This is a fix to make sure that gpg output is parsed correctly
2013-06-11 15:56:59 +00:00
Jaromil
772b731e5f small fixes to tmpfile handling for key from stdin 2013-06-11 15:05:15 +00:00
gdrooid
d4b5d652f5 Fixed "tomb search" for real
Makes `tomb search` work as expected.
`tomb search tombname pattern` will search `pattern` in `tombname`.
2013-05-31 14:18:20 +03:00
gdrooid
778bca3864 Fixed "tomb search"
This way you can't specify a tomb to search in, but at least it will search for the patterns.
2013-05-30 20:24:51 +02:00
gdrooid
88b24de30a Fixed 2 typos
changed a <tab> for a space
and corrected "sndexing"
2013-05-30 11:42:22 +03:00
Jaromil
c72ea9e52e last cosmetics for release
pdf rendering of manpage, images and copyright to foundation
2013-05-29 23:12:47 +02:00
Jaromil
361a194700 fix to key password verification
last minute bug slipped in: it doesn't recognizes correct passwords
in some strange situations where gnupg doesn't returns correctly
(for instance when a .gnupg dir is not found in home)
2013-05-29 21:05:30 +00:00
Jaromil
2601dccb27 Temporary key from stdin
fix to temp dir and docu in help
2013-05-28 13:00:54 +02:00
Jaromil
917d8e8c6c Literate programming documentation links 2013-05-28 12:53:26 +02:00
Jaromil
671350585e Massive code cleanup
This commit doesn't changes anything substantial in the code,
but reorganizes it in foldable units (we use folding.el) and
fixes its markup for literate code documentation using our own
fork of shocco.
2013-05-28 11:57:58 +02:00
Jaromil
110ae83cd1 Relevant improvements to key password handling
now keys are verified in load_key() honoring commanline args
ask_key_password() will challenge user verifying using gnupg
drop_key() should be called after key has been used

this commit removes quite som duplicate code in password handling.
2013-05-27 22:49:44 +02:00
Jaromil
f37f7dd51d Tomb size lower limit
Most filesystems can't deal with less than 10 MiB space
closes issue #68
2013-05-27 21:35:28 +02:00
Jaromil
568cc43ab6 Size unit is now MiB
More precise megabyte calculation as in IEC 2000 mebibyte
Cleans up use of dd/dcfldd
Solves issue #87
2013-05-27 21:24:17 +02:00
Jaromil
ad59dec3da documentation updates 2013-05-25 16:29:19 +02:00
Jaromil
c20ca3a920 whitespace cleanup 2013-05-25 15:05:21 +02:00
Jaromil
37792ffdc5 cleanup of the main script
improved binary check, made resize optional
and set aside old install command (was already unused)
2013-05-25 15:04:16 +02:00
Jaromil
3eb93acc18 Directory reorganization
This commit re-organizes all the source distribution contents to
present users with the simple script, while moving the rest in extras.
Also autoconf/automake scripts were removed, back to minimalism.

The rationale of this change is that Tomb really only consists of a
script and users with no extra needs should just be presented with
it with no need for anything else. Any other thing on top of the Tomb
script is an extra and can be even distributed separately or integrated
in distributions.
2013-05-18 17:29:37 +02:00