long due, was ready in november 2022 and basically left unchanged at
that stage, except the deprecation of veracrypt in the experimental
portable branch, which is not included in the stable release.
The fix is due to the new naming scheme without .tomb extension recently
introduced for mountpoints. While testing this a problem arised with
swish-e related to compression of indexes, to be addressed.
This commit refactors the handling of password input by eliminating
all intermediary programs and relying only on ZSh, hence improving
overall security against rootkits and such.
Also the way sudo is used is now greatly simplified and there is no
privilege escalation at boot: sudo is executed inside Tomb by being
prefixed in front of those programs needing it.
All tests passed.
Switched to use echo with -E flag to disable escapes in keys: escape
strings were discarded cryptsetup tomb operations when they were present
in the decoded key random passphrase. Issue #154
The solution adopted here includes wrapping all cryptsetup operations to
unify the behaviour adopted.
Worth noting that this problem possibly breaks all tombs and keys
created using the unstable Tomb from git development in the past 2
months. Regression tests with previous stable releases are OK.