this new "flavor" of tomb uses veracrypt for mounted volumes and
POSIX sh only for its scripting, is a work in progress and still
lacks full functionality, but provides a proof-of-concept to be
developed further if needs arise.
The --filesystem option can be used to specify
an alternative filesystem used to format the tomb, in place of the default "ext4".
Beside "btrfs" now the following parameters to --filesystem are supported:
"ext3" using operating system defaults
"ext4" using operating system defaults
"btrfs" for tombs >= 47MB using operating system defaults
"btrfsmixedmode" for tombs >=18MB btrfs mixed mode (see mkfs.btrfs(8))
"ext3maxinodes" ext3 with a maximum of inodes (for many small files)
"ext4maxinodes" ext4 with a maximum of inodes (for many small files)
These changes help use scenarios in which there is a great number of small files
and/or directories in a small filesystem, like e.g. the pass-tomb extension to pass.
Check if unencrypted swap is zram. If it is zram check whether a writeback to
disk is configured.
Unencrypted zramswap not written to disk is accepted.
ToDo (as for other unencrypted swap): check if the writeback happens on an
already encrypted disk/partition.
If there is no free loop device, the call of loopsetup -f will create one and return it. For this it needs privilege escalation.
It doesn't need those, if there is already an used device, but that cannot be guaranteed.
Closes#436
* KDF support for argon2 memory intensive algorithm
following many requests, here is support for argon2 KDF to be switched
on using --kdftype argon2 (--kdf iterations --kdfmem memory)
effective memory required is 2^memory KiB, defaults to 18 (262 MiB)
number of iterations are still specified as --kdf argument
requires the argon2 reference C implementation from P-H-C
also requires tomb-kdb-pbkdf2-gensalt in extras/kdf-keys
example usage:
tomb forge -k argon.key --kdf 10 --kdftype argon2
* manual updates for argon2
* small improvements to loopback setup and --sudo
* support reading hostname from file
also tolerate not finding the hostname (fill localhost)
address #428
* cleanup and support sup,sud,pkexec
* Translated using Weblate (French)
Currently translated at 74.6% (215 of 288 strings)
Translation: Tomb/tomb
Translate-URL: https://hosted.weblate.org/projects/tomb/tomb/fr/
* Added translation using Weblate (Chinese (Simplified))
* Translated using Weblate (French)
Currently translated at 76.0% (219 of 288 strings)
Translation: Tomb/tomb
Translate-URL: https://hosted.weblate.org/projects/tomb/tomb/fr/
* Translated using Weblate (French)
Currently translated at 76.3% (220 of 288 strings)
Translation: Tomb/tomb
Translate-URL: https://hosted.weblate.org/projects/tomb/tomb/fr/
* Translated using Weblate (French)
Currently translated at 78.4% (226 of 288 strings)
Translation: Tomb/tomb
Translate-URL: https://hosted.weblate.org/projects/tomb/tomb/fr/
* Translated using Weblate (French)
Currently translated at 95.4% (275 of 288 strings)
Translation: Tomb/tomb
Translate-URL: https://hosted.weblate.org/projects/tomb/tomb/fr/
Co-authored-by: luzhen <luzhen@uniontech.com>
Co-authored-by: Dyne.org foundation <translate@dyne.org>
Co-authored-by: Maxime Leroy <lisacintosh@gmail.com>
now supporting also pkexec (polkit daemon), suckless' sup and
sud.dyne.org
pkexec is autodetected when polkit is running
manpage documents the --sudo flag which overrides any autodetection
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.
Preparation:
$ tomb dig foo.tomb -s 10
Method 1:
$ sudo tomb forge foo.tomb.key -v
Method 2:
$ tomb forge foo.tomb.key -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb.key' as root on <hostname>.
Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.
Method 1:
$ sudo tomb dig foo.tomb -s 10 -v
Method 2:
$ tomb dig foo.tomb -s 10 -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb' as root on <hostname>.
Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>