Jaromil
7a98ee8ba6
change forged key lenght to 512 bits
...
Addresses issue #238 : as 512 bit key length triggers use of AES256.
Apparently so far tombs used AES128 due to key length 256.
Change passes all tests and has no regression implications.
2017-01-21 23:50:57 +01:00
Daniel Rodriguez
42ae73d727
Sync translations with POEditor
2017-01-03 12:00:29 +01:00
Jaromil
843b7fdfc4
remove change of ownership when mounting tombs
...
The chmod/chown launched on the mounted volume is not really effective
for security, plus the UID is not correctly guessed when tomb is
launched using sudo. It is now up to the user to correctly set
ownership and permission on mounted volumes. There is also one less
check on the ownership of the tomb file which was failing with a
warning in the same case.
2017-01-02 11:04:08 +01:00
Jaromil
cb699189e7
small linting fixes
2017-01-02 06:13:52 +01:00
Jaromil
18743c82a5
code linting
...
small cleanup using shellcheck, also available as 'make lint'
2017-01-02 06:03:29 +01:00
Jaromil
6f4cfd626c
prefer ascii single-quotes to utf8
2017-01-02 06:02:50 +01:00
Jaromil
d41347fe22
documentation updates for release
2016-12-29 19:20:48 +01:00
Jaromil
7b72f07f96
switch shebang to use /usr/bin/env
...
this is a more generic approach to shebang which supports interpreters
when installed anywhere in the current path.
2016-12-29 13:49:03 +01:00
Jaromil
14cba81f6e
fix is_valid_tomb check for already mounted tombs
...
also added some more verbosity on debug
2016-12-26 20:40:23 +01:00
Jaromil
db976a5210
improve wrapping of key generation
...
gen_key now avoids adding a final newline to file (addressing #226 )
and provides more debugging information from the gpg process.
2016-12-26 20:19:01 +01:00
Jaromil
f5375c61fe
improvement over previous gpg_decrypt fix
...
now also avoiding the use of `read` shell built-in
2016-12-26 19:04:54 +01:00
Jaromil
df75c39a58
new parsing for gpg_decrypt function
...
this new parser works with all ZSh versions and brings overall
improvement by eliminating the invocation of exernal binary `grep`
over the secret data.
2016-12-26 12:12:34 +01:00
Jaromil
844a886da1
fix sudo execution (patch by robertmx in #223 )
...
tested also in #228 , this stops overwriting the $USERNAME
variable which is not really useful (it was used in the previous
privilege escalation model)
2016-11-18 19:00:47 +01:00
Jaromil
101b89f0be
use head directly without cat in post-hooks
...
less is more...
2016-11-18 13:56:44 +01:00
Jaromil
fa44f46eba
better documentation for kdf
...
also correctly use _failure on fatal error using --kdf
2016-11-18 13:56:44 +01:00
mandeepbhutani
50719fb06f
Changed message when encrypted swap found to something more informative
...
Changed message to detail all swap partitions
2016-10-16 11:40:26 -05:00
Jaromil
8f0b2943ce
documentation improvements for kdf and dm-crypt cipher choice
2016-01-09 10:16:42 +01:00
Jaromil
a08cb6e0de
forgot to bump the version into the script
2015-12-31 13:33:36 +01:00
Jaromil
46c41f3572
fixes support for bind-hooks paths with whitespace
...
refactored list_tomb_binds to parse /proc/mounts
also works around Debian's infamous \040(deleted) bug
also minor fix in regex umount for more recent zsh
closes bug #222
2015-12-30 17:33:23 +01:00
Jaromil
15273c9f19
fix to last open date saved
...
now using /.last in tomb to save and retrieve the time when tomb
was last opened, fixes behaviour with tomb filenames containing dots.
2015-12-30 14:35:58 +01:00
Jaromil
63464fa5ea
docs improvement
...
I'm assuming gettext will approximate a match with the string
without updating all .po files. This is only increasing the length
2015-12-02 16:34:22 +01:00
Jaromil
a9f5a32459
completed transition of all doc strings to mention mebibytes (MiB)
2015-11-25 17:55:54 +01:00
Jaromil
cecde4e116
fixed a typo in EUID check
2015-11-25 17:41:17 +01:00
Jaromil
9090bfaff9
easier to continue resizing if interrupted
...
if resize is launched at same size, will run partition resize
helps continuing if i.e: pinentry expired waiting for password
after a long resize while operator is away: jurt rerun resize command
2015-11-07 14:20:43 +01:00
Narrat
9dd81b505b
Correct spelling and whitespaces
2015-09-21 00:57:21 +02:00
Jaromil
b07224beab
fix to username parsing in passwd
...
now using getent, light edit of hellekin's fix in #198
2015-07-23 15:18:13 +02:00
Emil Lundberg
4730b6d211
Fix comment typo: --use-random => --use-urandom
2015-07-07 09:56:16 +02:00
Jaromil
b8447dbf24
documentation update and small swish-e fix
...
The fix is due to the new naming scheme without .tomb extension recently
introduced for mountpoints. While testing this a problem arised with
swish-e related to compression of indexes, to be addressed.
2015-07-06 17:33:44 +02:00
Jaromil
e8ca2998b9
improved debugging for pinentry execution
2015-07-04 11:28:37 +02:00
Jaromil
55d3263cac
Parse only untranslated GNUPG output
...
this avoids getting in the way utf8 chars like non-breakable space
that will hang ZSh in versions previous to 5.0.8, fix #205
2015-07-02 12:47:29 +02:00
Jaromil
eada0538c9
Delete mountpoint when tomb is closed ( fix #149 )
...
two bugs were left behind by the last refactoring, one about
consistency of the mountpoint naming (now using $TOMBNAME everywhere,
without the added .tomb extension as per #180 ), the other about a
missing _sudo to prefix rmdir commands.
Test suite has been updated accordingly.
This fix introduces a mandatory condition for the next update: all
tombs must be closed when upgrading the tomb script, else it will not
be able to correctly close them.
2015-06-26 11:47:19 +02:00
Jim Turner
1dff3676ce
Remove inaccurate comment
2015-03-01 02:17:48 -05:00
Jim Turner
1919b29c1f
Remove unused variable
2015-03-01 02:17:48 -05:00
hellekin
8aa1c0c6a5
Clarify code and documentation (thanks @boyska)
2015-02-21 23:04:50 -03:00
boyska
5f3ec68c38
FIX kdf iteration count
2015-02-20 19:03:21 +01:00
hellekin
fe504e4a19
Remove tabs
2015-02-20 11:42:49 +01:00
hellekin
8233278ce0
Remove leftover and notify #163 :)
2015-02-20 11:42:49 +01:00
hellekin
bad0173352
Simplify patch
2015-02-20 11:42:49 +01:00
hellekin
e4afe6aefa
Recover legacy code for systems using util-linux < 2.22
2015-02-20 11:42:49 +01:00
hellekin
de418d00c9
Add detection of plain swap on encrypted volumes. ( Fixes #163 )
...
Previously, the code was relying on `file` and `dmsetup` to detect
encrypted swaps, but it was missing plain swaps on encrypted
volumes. Using `lsblk` adds this detection and simplifies the test.
Thanks @fsLeg for reporting the issue, and @boyska for fixing it.
2015-02-20 11:42:49 +01:00
Jaromil
ec5d72ae9a
TODO updates and a small comment correction
2015-02-20 11:40:45 +01:00
Jim Turner
346a31ac5b
Remove redundant test for $DISPLAY
...
This block is already wrapped in the `else` block of the same test for
the `$DISPLAY` variable, so this test is redundant.
2015-02-17 23:01:46 -05:00
Jim Turner
030704f5f3
Remove outdated error message
...
Commit 5dbcabdf26
removed the `chown` call
in `_tmp_create()` but not the associated error message. This commit
removes that error message since it is just dead code.
2015-02-17 01:33:29 -05:00
Jaromil
2598c11893
avoid enforcing .tomb extension to allow better deniability, fix #180
2015-02-08 17:41:01 +00:00
Jaromil
15ff5abe61
Sudo prompt for password made more visible to distinguish from other password prompts, addressing #171
2015-02-08 17:33:10 +00:00
Jaromil
46583fa445
tidying up the documentation
2015-01-30 02:00:07 +01:00
Jaromil
181103bc56
Make pinentry work even if LANG env var is not set (default to C, fix #188 )
2015-01-29 18:11:25 +01:00
Jaromil
90e46854bc
handle failure in load_key when key is not retrieved from stdin
2015-01-27 17:31:09 +01:00
Jaromil
ca012e8744
supports default mount also on /run/media/jrml (udisk2 compat). minor cleanups to default mountpoint generation. fix #186
2015-01-21 12:17:09 +01:00
Jaromil
4788ee6834
Avoid proceeding to umount if a bind_mount is busy and close is not slamming.
2015-01-17 02:29:57 +01:00
Jaromil
88c51f89f0
Improved validity check on tomb file. Introduces use of zsh/stat module
2015-01-17 02:14:38 +01:00
Jaromil
9b0364d34c
preserve current GTK-2.0 theme when using pinentry-gtk-2 ( fix #185 )
2015-01-13 10:46:53 +01:00
Daniel "GDrooid" Rodriguez
30669bb9fa
Use spaces instead of tabs.
2015-01-09 17:33:07 +01:00
Daniel "GDrooid" Rodriguez
bd7300aa3e
Update .po files and fix typo in tomb executable.
2015-01-09 17:11:14 +01:00
Jaromil
d8c5cd24d1
better checks on file creation, both on dig and forge
2015-01-04 21:02:27 +01:00
hellekin
1068033e93
Address non-zero exit code on mount attempt
2014-12-27 08:13:15 -03:00
hellekin
45c5b53cc4
Restore -o and make explicit it means 'options local to subcommand' ( Closes #182 )
2014-12-26 23:42:58 -03:00
hellekin
f1c6245c80
Honor mount options ( fixes #181 ) and disambiguate -o ( fixes #182 )
2014-12-26 20:54:51 -03:00
Jaromil
c56bd74e22
minor versioning
2014-12-25 02:48:49 +01:00
Jaromil
d88fd5c9cb
release versioning
2014-12-21 22:08:32 +01:00
Jaromil
c436b76a85
typo fix for gpg 1.4.11 affecting mint 13 and ubuntu 12, closes #175
2014-12-21 21:51:15 +01:00
hellekin
b0c63ebf12
lapsus: not _notice, but _message
2014-11-27 13:40:58 -03:00
hellekin
29040b2d7f
Replace tab with spaces
2014-11-27 13:01:35 -03:00
hellekin
f7ea486e13
Remove extra space and split message for accuracy ( fixes #170 )
2014-11-27 12:47:12 -03:00
Jaromil
0d690bf142
documentation and makefile scripts updates for release
2014-11-26 20:28:28 +01:00
gdrooid
de65325fc3
[i18n] Don't localize legal output.
2014-11-26 19:35:47 +01:00
Jaromil
bbe9a49ec3
Direct handling of pinentry execution
...
We skip distro wrappers here since they interfere with stdin/out
As usual: better to have less intermediaries.
2014-11-26 17:45:31 +01:00
Jaromil
7a8a8666ba
addressing comments on last commit with a few fixes
2014-11-26 17:25:47 +01:00
gdrooid
47652747c3
[l10n] Update pot file.
2014-11-25 22:51:33 +01:00
Jaromil
f218c644ab
KDF key handling cleanup
2014-11-25 03:25:27 +01:00
Jaromil
5dbcabdf26
Removed old privilege escalation model
...
This commit refactors the handling of password input by eliminating
all intermediary programs and relying only on ZSh, hence improving
overall security against rootkits and such.
Also the way sudo is used is now greatly simplified and there is no
privilege escalation at boot: sudo is executed inside Tomb by being
prefixed in front of those programs needing it.
All tests passed.
2014-11-25 02:37:05 +01:00
Jaromil
e6075d08ce
really fail to not overwrite keys when forging
2014-11-24 20:06:45 +01:00
gdrooid
fb686db8eb
Finished fixing #164
2014-11-24 17:02:30 +01:00
gdrooid
a46da1cc23
Fix #164
2014-11-23 22:47:03 +01:00
Jaromil
a6a784f1ef
swish-e indexing change and whoami cleanup
...
swish-e now creates a .swishrc config file inside the tomb so that
users can tweak its configuration by hand.
whoami() is also cleaned up, pending a fix for slackware usage.
2014-11-23 21:53:44 +01:00
Jaromil
2480c89210
small security measure against exporting all vars
2014-11-23 18:26:06 +01:00
Jaromil
99581a5faa
whitespace cleanup and correct indentation to 4 spaces (no tabs)
2014-11-23 18:25:42 +01:00
Jaromil
aba0fa5191
Avoid using a tempfile on every key decryption
...
A tempfile was often used by Tomb in order to parse the stderr output of
gpg and detect if the password is correct or not. The tempfile was not
holding any secret information (see #162 ) yet this is an improvement for
Tomb's deniability since there is now much less going on in the temp
firectory.
2014-11-23 16:58:43 +01:00
Jaromil
c0bd822312
fix for #165
2014-11-23 16:27:09 +01:00
Jaromil
a10d6af804
Removed handling of temporary directory
...
Added the --tmp flag for manual selection of the temporary directory, whose security should really be up to sysadmins when configuring operating systems. Default is ZSh TMPPREFIX usually set to /tmp/zsh which, if not existing, will be created as world writable with a sticky bit.
This commit also includes a cleanup of commandline options and a fix to swap check.
2014-11-23 14:49:41 +01:00
Jaromil
6bb1385c69
Security fix to setkey
...
Now there is no more writing of cleartext secrets in any tempfile,
the last case was in setkey and is now eliminated. Tempfile creation
is cleaner. Related to issue #162
2014-11-22 01:40:26 +01:00
Jaromil
f2efa69001
Read setting of pinentry-program in gpg-agent.conf
...
also fixes the check if the tomb is already open
2014-11-22 00:23:57 +01:00
Jaromil
4d82b20199
small fix to whitespace and leftover newline tests
2014-11-21 22:32:38 +01:00
Jaromil
e48c7c4a85
Added new --unsafe mode: -k cleartext
...
Using the 'cleartext' name for a key will read it from stdin and
expect it to be unencrypted. This is an unsafe mode of operation,
but useful i.e. to open remote tombs by piping the key over ssh,
or using a different software than Tomb to de/crypt keys.
This commit also renames the flag --unsecure-dev-mode into --unsafe
and includes a minor fix to the last opened date shown on open.
Addressing issue #161
2014-11-21 22:25:43 +01:00
Jaromil
b7f4e3a7fd
Use print for non-escaped piping of secret
...
after fixing issue #154 with echo here we revert to using print with
options -R -n which sort the same effect. Print is preferred since it
executes the built-in command without any possible ambiguity. We don't
want to expose secrets to an external executable in case of a simple
attack that would change the env PATH to use a rootkitted echo.
2014-11-20 15:53:45 +01:00
Jaromil
489b3582cb
Disable escapes when piping secrets
...
Switched to use echo with -E flag to disable escapes in keys: escape
strings were discarded cryptsetup tomb operations when they were present
in the decoded key random passphrase. Issue #154
The solution adopted here includes wrapping all cryptsetup operations to
unify the behaviour adopted.
Worth noting that this problem possibly breaks all tombs and keys
created using the unstable Tomb from git development in the past 2
months. Regression tests with previous stable releases are OK.
2014-11-20 09:59:11 +01:00
gdrooid
6ce45a6f84
[i18n] Update translation files.
2014-11-16 17:30:59 +01:00
Jaromil
a568cdf546
imported python tomber into extras
...
more documentation updates
2014-11-16 15:21:11 +01:00
Jaromil
bbb290c81a
documentation updates
2014-11-16 13:55:51 +01:00
Jaromil
a0db66b18e
added also explicit stdout redirection to command -v
2014-11-16 13:11:42 +01:00
Jaromil
9f39d671a0
reverted to use command -v instead of hash
...
according to analysis made with @gdrooid
2014-11-16 12:38:31 +01:00
Jaromil
da46cbcd31
using zsh hash function instead of command -v to check for bins in path, using plain 2>/dev/null redirection everywhere
2014-11-16 11:37:30 +01:00
Jaromil
982c7591f2
avoid gettext being a requirement and list optional tools found in version output
2014-11-16 11:34:35 +01:00
Jaromil
aa35441d69
this should fix lo_mount() as reported in #154
2014-11-16 11:09:43 +01:00
Jaromil
d4c4a82d73
more detailed help messages and exclude videos from index
2014-11-15 04:14:40 +01:00
Jaromil
249c3cec1d
work also without gettext. versioning
2014-11-15 03:14:03 +01:00
Jaromil
8c8ab3fc5c
removed some minor debugging tests
2014-11-15 02:41:10 +01:00
Jaromil
edbd950120
switched to zsh/regex and zsh/mapfile
...
many operations moved to builtin zsh internals, improving speed
also fixes to the username detection and to the losetup check
2014-11-15 02:38:53 +01:00
Jaromil
4ce8771e99
Correct wrapping of cli argument arrays
...
Fixes also piping to ssh for remote tomb commands
This fix was suggested by @brianmay on #139
2014-11-14 20:12:30 +01:00
Jaromil
82e0533892
message fix
2014-11-14 19:43:26 +01:00
Jaromil
a7d7fad6a8
last minor fix to use _plot() instead of is_valid_tomb() on tomb creation commands
2014-11-14 19:27:57 +01:00
Jaromil
949a8c19e7
correct rendering of dev mapper filename and use of is_valid_tomb
2014-11-14 19:13:48 +01:00
Jaromil
106c4ab32e
fixed resize
2014-11-14 18:51:33 +01:00
Jaromil
98ab49315a
fixes to _tmp_create and its usage
2014-11-14 18:42:11 +01:00
Jaromil
828579e10d
better parses for bind-hooks
...
rw global vars VERSION etc facilitate re-source in test environment
2014-11-14 17:42:49 +01:00
Jaromil
9097a69631
indentation and small fix for umount to avoid warnings and correct check
2014-11-14 14:25:49 +01:00
Jaromil
c73f00eb19
adjusting strings to facilitate translation
2014-11-04 16:45:57 +01:00
Jaromil
943a46ef60
removed create_tomb, left deprecation notice
2014-11-04 16:45:37 +01:00
Jaromil
181f0fc636
revert to swish-e again
2014-11-04 16:45:08 +01:00
hellekin
6c71f2c94b
[cleanup] Process subcommands
2014-11-04 15:33:12 +01:00
hellekin
8df1575a44
[cleanup] Replace 'test' with [[ expr ]]
2014-11-04 15:33:12 +01:00
hellekin
b857122d7d
[cleanup] _load_key
2014-11-04 15:32:46 +01:00
hellekin
27ec914870
[cleanup] Fix path to user's temporary files
2014-11-04 15:32:46 +01:00
hellekin
fb12b50d7d
[cleanup] ask_password
2014-11-04 15:32:45 +01:00
Jaromil
dac8e4acae
remove base2 notation for flags
...
fixes bug that prevented to evaluate correctly 1/0 values for optional extensions
2014-11-04 15:32:45 +01:00
hellekin
788c133f94
[cleanup] More test cleanups
2014-11-04 15:32:45 +01:00
hellekin
14ed549a55
[cleanup] Consolidate temporary file creation
2014-11-04 15:32:45 +01:00
hellekin
226fd2a0f8
[cleanup] Only add directory to mounted if it's actually mounted
2014-11-04 15:32:45 +01:00
hellekin
fda78fbf8a
[cleanup] Disallow empty TOMBNAME
2014-11-04 15:32:45 +01:00
hellekin
0754e9acd2
[cleanup] "Safety functions" section
...
- more documentation
- follow style guide
- rationalize check_swap
2014-11-04 15:32:45 +01:00
hellekin
3e91b7bb9b
[cleanup] Document options functions
2014-11-04 15:32:45 +01:00
hellekin
cd1ceac92e
[cleanup] Introduce _whoami ; clean ; pass all tests with or without sudo
2014-11-04 15:32:44 +01:00
hellekin
b053898300
[cleanup] Privatize {,_}endgame event
2014-11-04 15:32:44 +01:00
hellekin
8e38a1c31b
[cleanup] Uppercase loop devices
2014-11-04 15:32:44 +01:00
hellekin
03a3456c98
[cleanup] Uppercase temporary files
2014-11-04 15:32:44 +01:00
hellekin
43225c790e
[clenaup] Uppercase secrets
2014-11-04 15:32:44 +01:00
hellekin
fe01a62467
[cleanup] Uppercase TOMBKEY*
2014-11-04 15:32:44 +01:00
hellekin
b91573dde5
[cleanup] Introduce _plot
2014-11-04 15:32:44 +01:00
hellekin
19abe7cf85
[cleanup] Uppercase global command context
2014-11-04 15:32:44 +01:00
hellekin
0e9453ebd8
[cleanup] Remove unused global variable
2014-11-04 15:32:44 +01:00
hellekin
b340721307
[cleanup] Uppercase global OPTS
2014-11-04 15:32:43 +01:00
hellekin
9539d0cc4b
[cleanup] Formalize tests for flags
2014-11-04 15:32:43 +01:00
hellekin
da183aa689
[cleanup] Fix log of commands by using arrays consistently
2014-11-04 15:32:43 +01:00
hellekin
b721de0ec1
Starting cleanup
2014-11-04 15:32:43 +01:00
Jaromil
3d29d6a422
use swish-e and not the debian-specific wrapper, fix #136
2014-10-24 01:20:36 +02:00
hellekin
a9bc4c2489
Remove fatally broken failure :)
2014-10-20 12:52:21 -03:00
Jaromil
3416ad2d2c
avoid using Tomb's PID in temp files and double the random #150
2014-10-20 16:34:45 +02:00
Jaromil
f2ffa9c67f
correct tomb_key variable usage in logs
2014-10-10 11:17:02 +02:00
Jaromil
f8df67fcd0
fixes empty variables used in output messages
...
there where variable names left over after the code refactoring
they have now correct names or are filled, messages stay the same
fixes #138
2014-10-10 00:05:00 +02:00
hellekin
4610af02c9
Tidy up options documentation
2014-10-05 13:41:19 -03:00
Jaromil
c7009e5c1b
Merge pull request #132 from gdrooid/i18n
...
Internationalization of all human language in Tomb using gettext
2014-09-16 18:56:45 +02:00
gdrooid
0d76ccc2df
Usage message translations.
...
Adds a new `_print` function to print strings without coloring or
other stuff added by the `_msg` function. It's used for the usage
message, letting it be translated.
The usage messages have been split into one-line strings, and added
back to the tomb.pot and *.po files.
2014-09-13 16:55:03 +02:00
gdrooid
55f6a0a927
Remove manual coloring from strings.
2014-09-09 13:20:06 +02:00
gdrooid
b73dfd65d7
Makes it possible to add any number of ::vars:: to the strings.
2014-09-09 13:15:31 +02:00
Jaromil
7918161803
revert to using /dev/null to ignore output when needed
...
should fix #134
2014-09-06 20:24:24 +02:00
gdrooid
20a59fdf7b
Update new strings to the new format.
2014-09-01 10:09:33 +02:00
gdrooid
118ace28ef
Update Spanish translations and fix minor issues.
...
Issues:
`gettext -s - "$2"` prints the -, instead of getting the desired effect
The custom expansion missed repeated variables in a single string
Some string fixes
2014-09-01 09:37:45 +02:00
gdrooid
61e6529f6a
Update Spanish translations.
2014-09-01 09:37:11 +02:00
gdrooid
bfc12248bd
Adapt _failure strings for new format.
...
Also, changes the way you pass an exit value to the _failure function:
exitv=1 _failure "Message"
2014-09-01 09:37:11 +02:00
gdrooid
d1bac626ef
Adapt _verbose strings to new format.
2014-09-01 09:36:49 +02:00