Commit Graph

378 Commits

Author SHA1 Message Date
heat-wave
61386ca646 Support for sudo alternatives such as doas 2021-04-15 12:27:26 +02:00
Denis Roio
ae21619d04
Merge pull request #408 from heat-wave/fix/sphinx-test-configs
Fix configs and dockerfile to enable sphinx in tests
2021-01-31 00:10:22 +01:00
Jaromil
7f2e22c517 fix read-only opening of tombs using -o ro
skip touch, chown and some minor operations when read-only
2021-01-25 18:26:49 +01:00
heat-wave
815b8f4218 Fix configs and dockerfile to enable sphinx in tests 2021-01-23 19:16:29 +00:00
Jaromil
f35ad11e3f updated documentation for release 2021-01-04 22:00:29 +01:00
Matthieu Crapet
c5701793fb minor typo/formatting fixes
Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:22:06 +01:00
Matthieu Crapet
02812f4c06 tomb forge: useless sudo and chown
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.

Preparation:
$ tomb dig foo.tomb -s 10

Method 1:
$ sudo tomb forge foo.tomb.key -v

Method 2:
$ tomb forge foo.tomb.key -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb.key' as root on <hostname>.

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:20:26 +01:00
Matthieu Crapet
99f10bf215 tomb dig: useless sudo and chown
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.

Method 1:
$ sudo tomb dig foo.tomb -s 10 -v

Method 2:
$ tomb dig foo.tomb -s 10 -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb' as root on <hostname>.

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:12:55 +01:00
Matthieu Crapet
859a5c7783 TMPPREFIX is not supposed to be a directory
http://zsh.sourceforge.net/Doc/Release/Files.html
TMPPREFIX defaults to /tmp/zsh (for zsh shell)

Note: --tmp command line switch is not documented?

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:09:51 +01:00
Matthieu Crapet
312915b4b3 fix potential wrong _USER value
"id -u" gives then uid not a the name.
https://man7.org/linux/man-pages/man1/id.1.html

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:09:51 +01:00
Jaromil
d227695778 add support for tombs formatted with the btrfs filesystem
basic functionality working for open, close and resize

still needs test coverage and some minor checks
2020-12-29 13:50:04 +01:00
Jaromil
8d5a85658f explicit return codes for all operations 2020-12-29 11:52:23 +01:00
Jaromil
0ac5a34c20 close luks mapper and end with an error on lock format failures 2020-12-29 10:56:20 +01:00
Jaromil
d8360688b3 fix wrong comparison of $pass_asked left by last commits
fix #404
2020-12-29 10:52:16 +01:00
Jaromil
7a81ad032d add zsh to version output 2020-12-29 08:58:14 +01:00
Jaromil
b0de6e07b2 adopt everywhere -z test to check when variables are empty
check works both for empty ("") and non-existing vars and is a fix
for regression #398 to work on older Zsh versions. It is normalized
through all tomb's code.
2020-12-15 18:22:38 +01:00
Jaromil
5199bef4a6 documentation for release 2020-11-27 18:40:17 +01:00
Jaromil
45b144d213 print messages by default on stderr 2020-11-25 14:47:54 +01:00
Jaromil
c13f38266e fix tomb list output 2020-11-25 14:47:43 +01:00
Jaromil
0a968b80b7 fix losetup permission
leftover bug in #391
2020-11-23 21:56:25 +01:00
Narrat
da590fb50e Fix typo calling pinentry_assuan_getpass
Affected the use of Tomb without DISPLAY and pinentry-curses.
Fixes #393
2020-11-21 22:33:30 +01:00
Jaromil
c9f3b07cd8 documentation updates for release 2020-11-17 13:58:43 +01:00
Jaromil
c3a354cc0f fixes and cleanups 2020-11-17 08:19:36 +01:00
Jaromil
3fb248bde8 refactor of state tracking for loop mounting
simplified function calls for tracking of loop mount by using global
variables whose scope is limited to execution, most computation is now
included in the `is_valid_tomb` function.
2020-11-16 23:35:03 +01:00
Jaromil
940563d02c resize now checks for correct password before operating
fixes bug mentioned in issue #333 that made tomb append space to a
tomb file before checking for correct password, leading to file
corruption in case the wrong password is inserted 3 times.
2020-11-16 13:28:37 +01:00
Denis Roio
91debdbf58
Merge pull request #390 from dyne/pinentry_display_updates
updated pinentry invokation to include wayland
2020-11-16 13:27:04 +01:00
Jaromil
bc94559ac4 updated pinentry invokation to include wayland
also changes to priority order of invokation and some code cleanups and
indentations. Invokation order is now:

- WAYLAND? pinentry-gnome3
- X11?
	1. pinentry-x11 (distro specific wrapper)
	2. pinentry-gtk2 (legacy, removable)
	3. pinentry-gnome3
	4. pinentry-qt5
	5. pinentry-qt4
- NO DISPLAY? pinentry-curses
2020-11-16 10:24:37 +01:00
Jaromil
72da5b481e add .loop extension to /dev/mapper volume to identify its nature 2020-11-16 09:56:38 +01:00
Jaromil
9be5dff823 use realpath to always use absolute paths of tomb files in maphash 2020-11-16 09:54:37 +01:00
Jaromil
59d3810665 improve the check if a tomb file is in use
Change the mapper path using a hash of the tomb file path,
making it unique and reproducible to check if tomb is in use.
Check happens inside the new render_mapper() function which is
executed right after the key file opening.
2020-11-16 09:54:37 +01:00
Jaromil
136ba6e053 honor custom settings for GNUPGHOME
fix #371
2020-11-13 23:16:36 +01:00
Aaron Janse
15c894dfb4 use _verbose for pinentry-curses in ask_password 2020-11-09 16:43:06 -08:00
Denis Roio
f14ba758ee
Merge pull request #378 from quickcougar/pinentry-override
Allow pinentry to fail, so long as the password comes through.
2020-06-22 10:05:31 +02:00
Mark Mykkanen
2f29e6709c Allow pinentry to fail, so long as the password comes through. 2020-03-23 17:07:46 -05:00
Mark Mykkanen
7cead041ac Write all debug messages to stderr to avoid polluting stdout. 2020-03-22 14:02:12 -05:00
Jaromil
e9fd1a19e1 documentation fix for default xts cipher string 2019-11-18 10:17:38 +01:00
Jaromil
377e335e93 remove warning on open by fixing order of chown
fix #369 (completes #324)
2019-11-18 10:15:12 +01:00
Jaromil
bec53aeb72 documentation update for new release 2019-10-11 22:06:55 +02:00
Jaromil
15d279605b fix getent parsing when fields are emtpy
fix #365
2019-09-14 12:06:13 +02:00
Jaromil
382070481f use getent with wrappers every /etc/passwd query 2019-08-22 17:07:12 +02:00
Jaromil
1574723502 rewrite some conditionals for less ambiguity
this restyles some code introduced by the sphinx feature and tries to fix parse
errors reported in issue #357
2019-08-22 14:37:47 +02:00
Jaromil
71a7241f9c remove unneeded umount on forge_key failure 2019-08-22 11:49:43 +02:00
Jaromil
94d8ad497f Fix inconsistent cleanup on forge_key failure
Address concern raised in #360
2019-08-22 11:47:58 +02:00
Jaromil
0b9080e0ca make gettext optional in _sudo()
address #355
2019-07-05 08:10:00 +02:00
Alexandre Pujol
6b4bd69dbc
Ensure GPG key is trusted. See #340 2019-06-27 19:58:58 +01:00
Jaromil
06039a9e47 fix warnings on first tomb open
fix issue #324
2019-06-26 08:56:05 +02:00
Jaromil
e45c005c88 documentation updates for release
known bugs, changelog and manual for sphinx
2019-05-30 18:48:30 +02:00
Jaromil
ace80c87db switch default random source to /dev/urandom
there is no need to default to a blocking source of random,
since /dev/random doesn't improves the quality of randomness in Linux
2019-05-22 09:55:02 +02:00
Jaromil
2b8eec6ba5 improve tomb umount checks avoiding grep call
consolidate use of `list_tomb_mounts` also inside umount_tomb
this should fix #315
2019-05-22 01:03:00 +02:00
Jaromil
7b06be5d43 before opening check if mountpoint is already used by a tomb
a simple check introduced on `tomb open` to list all tombs mounted and
control if any mountpoint is already in use, in case refuse opening.

fix #326
2019-05-22 00:30:48 +02:00