Commit Graph

334 Commits

Author SHA1 Message Date
Jaromil
21347f3657 square parens detection in list_mounted_tombs 2017-12-11 17:53:38 +01:00
Jaromil
6182a56fb6 fix bug in message rendering: stop overriding $i if existing
this small bug caused rewriting the $i variable (often used as
iterator in loops) whenever a log message was produced. Fix also
includes an acceleration of log printing by substituting seq with
native zsh notation.
2017-12-11 17:53:17 +01:00
parazyd
c8be1c22dd
use shred instead of wipe 2017-12-07 11:36:59 +01:00
Florian Brandes
8d2cb2d852
Double check after umounting bind directories
Checking if a tomb is still present in the
output of mount after umounting binded directories.
Addresses issue #265
2017-07-23 10:28:06 +02:00
Amin Mesbah
04ec0189a6 Fix 3 grammatical errors. 2017-06-24 12:24:50 -07:00
Jaromil
127a8ed7ee exit code check on close
also removed pre-open and post-close as they don't really make sense
since all hooks are contained inside the Tomb. The post-close may be
implemented using a temp file, if a use case turns up for it.
2017-06-06 16:30:48 +02:00
Jaromil
056d0174f4 refactoring of exec-hooks
Renamed file from "post-hooks" to more appropriate "exec-hooks".
Implemented and documented a more consistent call system made of 4
different stages: pre-open, post-open, pre-close, post-close.
Addresses issue #265
2017-06-06 12:45:29 +02:00
Narrat
c658d33187 --version includes lsof as optional dep 2017-05-10 21:50:48 +02:00
Jaromil
18067a1c2e version bump 2017-04-16 17:18:16 +02:00
Jaromil
66aa7fdac7 minor corrections to new gpg related message formatting 2017-04-16 12:07:41 +02:00
Jaromil
3e0dd1e111 add debug message of loop device in umount_tomb 2017-04-16 12:00:47 +02:00
Alexandre Pujol
1050d43c59
Support for gpg encrypted tomb key loaded from stdin. See #255 2017-04-05 14:52:47 +01:00
Alexandre Pujol
c303513be4
Fix issues with GPG default key.
- Remove --no-options gpg option when using GPG key.
- Improve gpg default key tests

To use the default key, ~/.gnupg/gpg.conf needs:
  default-key <keyid>
  default-recipient-self
Or
  default-recipient <keyid>

Otherwise the first key in the keyring is used.
2017-04-03 13:24:25 +01:00
Alexandre Pujol
d720e4b2ce
Remove --shared flag when sharing a tomb key. See #252 2017-03-24 20:08:33 +00:00
Alexandre Pujol
bb77de0815
Fix compatibility with GnuPG 2.2.19
GnuPG 2.2.19 added a warning when no command was given. Some invocations
do not specify a command, added --decrypt in this these cases.
2017-03-20 19:14:47 +00:00
Alexandre Pujol
29a177aa05
Fix issue #251 2017-03-20 19:07:04 +00:00
Alexandre Pujol
c793e0b132
Add support for non hidden and hidden recipient
Use -r to provide non-hidden recipient,
Use -R to provide hidden recipient.
2017-03-03 21:19:04 +00:00
Alexandre Pujol
6352a1d417
Add GPG default key support for key encryption
If the option -r is not set, use the gpg default key to encrypt
a tomb key
2017-03-03 20:36:50 +00:00
Jaromil
3f06bce8eb failed bind-hooks (missing target) no more abort the mount operation
a warning is printed and the mounting goes forward without the hooks
2017-02-20 22:13:43 +01:00
Jaromil
bea7fe3f7c Merge branch 'master' into gnupg-key-support 2017-02-20 20:47:06 +01:00
Jaromil
1f022d10f1 Merge pull request #248 from mesbahamin/open_read_only
Open non-writable Tomb files with "read only " mount option
2017-02-18 20:30:33 +01:00
Jaromil
2bc7e43198 Merge pull request #245 from Arusekk/master
Totally fixed spaces handling in tomb and tomber
2017-02-14 10:58:35 +01:00
Amin Mesbah
70334f58fb Skip writable check when mounting with "ro" option.
When opening a tomb file with "ro" passed through the -o option, the
writability check in is-valid-tomb() is skipped. This allows tomb files
to be opened without write permission.

test-open-read-only() now succeeds.
2017-02-12 17:44:55 -08:00
Arusekk
f4cdc1a0c5 Fixed spaces handling in Tomb 2017-02-10 21:05:04 +01:00
Alexandre Pujol
4a7019715f Use --hidden-recipient by default instead of --recipient.
Due to the hidden-recipient, GPG will try all the available keys. User
can speed up this process providing the recipent using the -r
option. Therefore, 'tomb open' optionaly support the -r option.
2017-02-09 20:59:10 +00:00
Alexandre Pujol
c63fcf2730 Fix is_valid_recipients private key detection 2017-02-09 19:18:02 +00:00
Alexandre Pujol
528140738a Add -g/--gpgkey option to tell tomb to use GPG key to encrypt a tomb key
Option -r is now only used to provide the recipient
Option -R removed, the new recipient can be given by the -r option.
2017-02-09 18:57:34 +00:00
Narrat
e69795fe71 lsof should be correctly detected now
LSOF would be set everytime otherwise
2017-02-07 03:30:25 +01:00
Narrat
b2ee2114cf Make lsof an optional dep
tomb doesn't need lsof for anything else, and can work regulary without it.
So make it an optional feature, which allows to slam a tomb if lsof is installed

Updates additionally the man page and generates a new pdf from it
2017-02-05 20:03:29 +01:00
Alexandre Pujol
f27130053d Add new options description in tomb -h 2017-02-03 23:57:52 +00:00
Alexandre Pujol
6cfffef137 Update function comments & description with GPG recipient support. 2017-02-03 23:57:52 +00:00
Alexandre Pujol
dfc593f9d6 Add support for GPG key in the tomb outputs. 2017-02-03 23:57:52 +00:00
Alexandre Pujol
e8384ec7ac Allow opening a tomb without giving a valid recipient.
The -r option always requires an arguments. However GPG does not need
any recipient when decrypting a key. In order to be able to open a tomb
without writing (the long) recipient, the user can use the -f option to
short-cut the valid recipient checking. A dummy recipient is still required.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
6f89dbd2fe Add '--shared' in order to activate sharing support.
Sharing feature is a very sensitive action, the user needs to trust the
GPG public key it is going to share its tomb. This is why this feature
needs to be explicitly activated using in more the flag --shared
on the key encryption commands.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
15164f5578 Add sharing support for tomb key.
A tomb key can be encrypted with more than one recipient. Therefore, a
tomb can be shared between different user. The multiple recipients are
given using the -r (or/and -R) option and must be separated by ','.

Multiple recipients can be given for the commands: forge, setket and passwd
2017-02-03 23:57:52 +00:00
Alexandre Pujol
53b7460274 Add tomb setkey support for GPG key 2017-02-03 23:57:52 +00:00
Alexandre Pujol
a200448de2 Add tomb resize support for GPG key 2017-02-03 23:57:52 +00:00
Alexandre Pujol
47ddeebbc4 Add support to change the GPG key used to encrypt a tomb key. (tomb passwd) 2017-02-03 23:57:52 +00:00
Alexandre Pujol
5a35ab9668 Improve key encryption/decryption using GPG key.
Decryption/Encryption works without these improvment, however, there
are needed in order to have clean key (without empty line).

Moreover, tests showed not doing cause troubles when changing the GPG key
used to encrypt a tomb key.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
8f8dc0a0d4 Improve exhumation of key when opening a tomb 2017-02-03 23:57:52 +00:00
Alexandre Pujol
b23e9aa028 Add --tomb-pwd support for GPG key on steganography functions 2017-02-03 23:57:52 +00:00
Alexandre Pujol
d1b016b3c1 Add GPG recipient support for steganography function (bury and exhume)
The tomb policy is to use the same password to encrypt
the key and to bury it. However, steganography cannot be
done with GPG key. Therefore, we check the user can
decrypt the tomb with its GPG key and we ask for a
steganography password. Having different method is a
technical requirement and should enhance security.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
2d516cbaed Check if the GPG key given is a valid.
Add the function 'is_valid_recipients'
A key is valid if both public and private keys are present
in the GPG database
2017-02-03 23:57:52 +00:00
Alexandre Pujol
902860fd9f Add GPG recipient support when generating a new tomb key 2017-02-03 23:57:52 +00:00
Alexandre Pujol
6c0d89cab1 Use -r option to shortcut interactive tomb password popup 2017-02-03 23:57:52 +00:00
Alexandre Pujol
9ee0a1550e Add -r option to enable GPG key integration.
The flag -r (for recipient like in GPG itself) takes a mandatory
argument, the GPG key ID.
2017-02-03 23:57:52 +00:00
Narrat
537bb6aaeb Use of lsof to fix slam for specific mountpoint
Apparantly fuser didn't report back, if the tomb was mounted in a subdir of /run (whereas /run itself is often a tmpfs mount).
With no list of process ids those couldn't be killed, so slamming the tomb failed.
lsof is capable to report back the sought information.

Fixes #220

Additionally fixing the debug output, where a hardcoded mountpoint was used
2017-02-03 17:46:16 +01:00
Jaromil
9110ccd9d1 really use key-size 512 on luksFormat 2017-01-29 21:54:46 +01:00
Jaromil
7a98ee8ba6 change forged key lenght to 512 bits
Addresses issue #238: as 512 bit key length triggers use of AES256.
Apparently so far tombs used AES128 due to key length 256.
Change passes all tests and has no regression implications.
2017-01-21 23:50:57 +01:00
Daniel Rodriguez
42ae73d727 Sync translations with POEditor 2017-01-03 12:00:29 +01:00
Jaromil
843b7fdfc4 remove change of ownership when mounting tombs
The chmod/chown launched on the mounted volume is not really effective
for security, plus the UID is not correctly guessed when tomb is
launched using sudo. It is now up to the user to correctly set
ownership and permission on mounted volumes. There is also one less
check on the ownership of the tomb file which was failing with a
warning in the same case.
2017-01-02 11:04:08 +01:00
Jaromil
cb699189e7 small linting fixes 2017-01-02 06:13:52 +01:00
Jaromil
18743c82a5 code linting
small cleanup using shellcheck, also available as 'make lint'
2017-01-02 06:03:29 +01:00
Jaromil
6f4cfd626c prefer ascii single-quotes to utf8 2017-01-02 06:02:50 +01:00
Jaromil
d41347fe22 documentation updates for release 2016-12-29 19:20:48 +01:00
Jaromil
7b72f07f96 switch shebang to use /usr/bin/env
this is a more generic approach to shebang which supports interpreters
when installed anywhere in the current path.
2016-12-29 13:49:03 +01:00
Jaromil
14cba81f6e fix is_valid_tomb check for already mounted tombs
also added some more verbosity on debug
2016-12-26 20:40:23 +01:00
Jaromil
db976a5210 improve wrapping of key generation
gen_key now avoids adding a final newline to file (addressing #226)
and provides more debugging information from the gpg  process.
2016-12-26 20:19:01 +01:00
Jaromil
f5375c61fe improvement over previous gpg_decrypt fix
now also avoiding the use of `read` shell built-in
2016-12-26 19:04:54 +01:00
Jaromil
df75c39a58 new parsing for gpg_decrypt function
this new parser works with all ZSh versions and brings overall
improvement by eliminating the invocation of exernal binary `grep`
over the secret data.
2016-12-26 12:12:34 +01:00
Jaromil
844a886da1 fix sudo execution (patch by robertmx in #223)
tested also in #228, this stops overwriting the $USERNAME
variable which is not really useful (it was used in the previous
privilege escalation model)
2016-11-18 19:00:47 +01:00
Jaromil
101b89f0be use head directly without cat in post-hooks
less is more...
2016-11-18 13:56:44 +01:00
Jaromil
fa44f46eba better documentation for kdf
also correctly use _failure on fatal error using --kdf
2016-11-18 13:56:44 +01:00
mandeepbhutani
50719fb06f Changed message when encrypted swap found to something more informative
Changed message to detail all swap partitions
2016-10-16 11:40:26 -05:00
Jaromil
8f0b2943ce documentation improvements for kdf and dm-crypt cipher choice 2016-01-09 10:16:42 +01:00
Jaromil
a08cb6e0de forgot to bump the version into the script 2015-12-31 13:33:36 +01:00
Jaromil
46c41f3572 fixes support for bind-hooks paths with whitespace
refactored list_tomb_binds to parse /proc/mounts
also works around Debian's infamous \040(deleted) bug
also minor fix in regex umount for more recent zsh
closes bug #222
2015-12-30 17:33:23 +01:00
Jaromil
15273c9f19 fix to last open date saved
now using /.last in tomb to save and retrieve the time when tomb
was last opened, fixes behaviour with tomb filenames containing dots.
2015-12-30 14:35:58 +01:00
Jaromil
63464fa5ea docs improvement
I'm assuming gettext will approximate a match with the string
without updating all .po files. This is only increasing the length
2015-12-02 16:34:22 +01:00
Jaromil
a9f5a32459 completed transition of all doc strings to mention mebibytes (MiB) 2015-11-25 17:55:54 +01:00
Jaromil
cecde4e116 fixed a typo in EUID check 2015-11-25 17:41:17 +01:00
Jaromil
9090bfaff9 easier to continue resizing if interrupted
if resize is launched at same size, will run partition resize
helps continuing if i.e: pinentry expired waiting for password
after a long resize while operator is away: jurt rerun resize command
2015-11-07 14:20:43 +01:00
Narrat
9dd81b505b Correct spelling and whitespaces 2015-09-21 00:57:21 +02:00
Jaromil
b07224beab fix to username parsing in passwd
now using getent, light edit of hellekin's fix in #198
2015-07-23 15:18:13 +02:00
Emil Lundberg
4730b6d211 Fix comment typo: --use-random => --use-urandom 2015-07-07 09:56:16 +02:00
Jaromil
b8447dbf24 documentation update and small swish-e fix
The fix is due to the new naming scheme without .tomb extension recently
introduced for mountpoints. While testing this a problem arised with
swish-e related to compression of indexes, to be addressed.
2015-07-06 17:33:44 +02:00
Jaromil
e8ca2998b9 improved debugging for pinentry execution 2015-07-04 11:28:37 +02:00
Jaromil
55d3263cac Parse only untranslated GNUPG output
this avoids getting in the way utf8 chars like non-breakable space
that will hang ZSh in versions previous to 5.0.8, fix #205
2015-07-02 12:47:29 +02:00
Jaromil
eada0538c9 Delete mountpoint when tomb is closed (fix #149)
two bugs were left behind by the last refactoring, one about
consistency of the mountpoint naming (now using $TOMBNAME everywhere,
without the added .tomb extension as per #180), the other about a
missing _sudo to prefix rmdir commands.

Test suite has been updated accordingly.

This fix introduces a mandatory condition for the next update: all
tombs must be closed when upgrading the tomb script, else it will not
be able to correctly close them.
2015-06-26 11:47:19 +02:00
Jim Turner
1dff3676ce Remove inaccurate comment 2015-03-01 02:17:48 -05:00
Jim Turner
1919b29c1f Remove unused variable 2015-03-01 02:17:48 -05:00
hellekin
8aa1c0c6a5 Clarify code and documentation (thanks @boyska) 2015-02-21 23:04:50 -03:00
boyska
5f3ec68c38 FIX kdf iteration count 2015-02-20 19:03:21 +01:00
hellekin
fe504e4a19 Remove tabs 2015-02-20 11:42:49 +01:00
hellekin
8233278ce0 Remove leftover and notify #163 :) 2015-02-20 11:42:49 +01:00
hellekin
bad0173352 Simplify patch 2015-02-20 11:42:49 +01:00
hellekin
e4afe6aefa Recover legacy code for systems using util-linux < 2.22 2015-02-20 11:42:49 +01:00
hellekin
de418d00c9 Add detection of plain swap on encrypted volumes. (Fixes #163)
Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.

Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
2015-02-20 11:42:49 +01:00
Jaromil
ec5d72ae9a TODO updates and a small comment correction 2015-02-20 11:40:45 +01:00
Jim Turner
346a31ac5b Remove redundant test for $DISPLAY
This block is already wrapped in the `else` block of the same test for
the `$DISPLAY` variable, so this test is redundant.
2015-02-17 23:01:46 -05:00
Jim Turner
030704f5f3 Remove outdated error message
Commit 5dbcabdf26 removed the `chown` call
in `_tmp_create()` but not the associated error message. This commit
removes that error message since it is just dead code.
2015-02-17 01:33:29 -05:00
Jaromil
2598c11893 avoid enforcing .tomb extension to allow better deniability, fix #180 2015-02-08 17:41:01 +00:00
Jaromil
15ff5abe61 Sudo prompt for password made more visible to distinguish from other password prompts, addressing #171 2015-02-08 17:33:10 +00:00
Jaromil
46583fa445 tidying up the documentation 2015-01-30 02:00:07 +01:00
Jaromil
181103bc56 Make pinentry work even if LANG env var is not set (default to C, fix #188) 2015-01-29 18:11:25 +01:00
Jaromil
90e46854bc handle failure in load_key when key is not retrieved from stdin 2015-01-27 17:31:09 +01:00
Jaromil
ca012e8744 supports default mount also on /run/media/jrml (udisk2 compat). minor cleanups to default mountpoint generation. fix #186 2015-01-21 12:17:09 +01:00
Jaromil
4788ee6834 Avoid proceeding to umount if a bind_mount is busy and close is not slamming. 2015-01-17 02:29:57 +01:00
Jaromil
88c51f89f0 Improved validity check on tomb file. Introduces use of zsh/stat module 2015-01-17 02:14:38 +01:00
Jaromil
9b0364d34c preserve current GTK-2.0 theme when using pinentry-gtk-2 (fix #185) 2015-01-13 10:46:53 +01:00