mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 10:38:59 +00:00
3eb93acc18
This commit re-organizes all the source distribution contents to present users with the simple script, while moving the rest in extras. Also autoconf/automake scripts were removed, back to minimalism. The rationale of this change is that Tomb really only consists of a script and users with no extra needs should just be presented with it with no need for anything else. Any other thing on top of the Tomb script is an extra and can be even distributed separately or integrated in distributions.
387 lines
11 KiB
Bash
Executable File
387 lines
11 KiB
Bash
Executable File
#!/bin/zsh
|
|
#
|
|
# Tomb, the Crypto Undertaker
|
|
#
|
|
# a tool to easily operate file encryption of private and secret data
|
|
#
|
|
# Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
|
|
#
|
|
# This source code is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This source code is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
# Please refer to the GNU Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Public License along with
|
|
# this source code; if not, write to:
|
|
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
# startup wrapper to open tombs
|
|
|
|
TOMBEXEC="tomb"
|
|
|
|
if [ "$0" = "./tomb-open" ]; then
|
|
TOMBEXEC="$PWD/tomb"
|
|
fi
|
|
|
|
# includes all shell functions in tomb
|
|
source $TOMBEXEC source
|
|
|
|
try() {
|
|
which ${1} > /dev/null
|
|
if [ $? = 0 ]; then
|
|
return 0
|
|
else
|
|
return -1
|
|
fi
|
|
}
|
|
|
|
# popup notification
|
|
tomb-notify() {
|
|
|
|
which notify-send > /dev/null
|
|
if [ $? != 0 ]; then return 1; fi
|
|
|
|
# look for our icon in common prefixes
|
|
if [ -r /usr/share/pixmaps/monmort.xpm ]; then icon=/usr/share/pixmaps/monmort.xpm
|
|
elif [ -r /usr/share/icons/monmort.xpm ]; then icon=/usr/share/icons/monmort.xpm
|
|
elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
|
|
elif [ -r /usr/local/share/icons/monmort.xpm ]; then icon=/usr/local/share/icons/monmort.xpm
|
|
elif [ -r /opt/share/pixmaps/monmort.xpm ]; then icon=/opt/share/pixmaps/monmort.xpm
|
|
elif [ -r /sw/share/pixmaps/monmort.xpm ]; then icon=/sw/share/pixmaps/monmort.xpm
|
|
fi
|
|
|
|
if [ -z $1 ]; then
|
|
notify-send -i $icon \
|
|
-u low -h string:App:Tomb \
|
|
"Tomb version $VERSION" \
|
|
"Hi, I'm the Undertaker.
|
|
Let's start setting your Crypt?"
|
|
else
|
|
notify-send -i $icon ${@}
|
|
fi
|
|
}
|
|
|
|
|
|
# USB plug auto detect using dmesg
|
|
# tested on ubuntu 10.04 and debian 6.0
|
|
# please test and patch on other systems if you can.
|
|
# TODO: use udev rules, see how archlinux folks document it:
|
|
# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
|
|
# here we could modularize the choice of methods using function pointers,
|
|
# so that they are configurable when calling tomb.
|
|
ask_usbkey() {
|
|
unset usbkey_mount
|
|
say "Waiting 1 minute for a usb key to connect"
|
|
act -n "please insert your usb key "
|
|
|
|
tomb-notify "Insert your USB KEY" \
|
|
"Tomb is waiting 30 seconds for you to insert an external key."
|
|
|
|
plugged=false
|
|
c=0
|
|
while [ "$plugged" != "true" ]; do
|
|
dmesg | tail -n 12 | grep -q 'new.*USB device'
|
|
if [ $? = 0 ]; then plugged=true; fi
|
|
echo -n "."
|
|
sleep .5
|
|
c=`expr $c + 1`
|
|
if [ $c -gt 60 ]; then
|
|
echo
|
|
die "timeout"
|
|
fi
|
|
done
|
|
|
|
echo
|
|
act -n "usb key inserted, attaching "
|
|
|
|
c=0
|
|
attached=false
|
|
while [ "$attached" != "true" ]; do
|
|
dmesg | tail -n 12| grep -q 'Attached.*removable disk'
|
|
if [ $? = 0 ]; then attached=true; fi
|
|
echo -n "."
|
|
sleep .5
|
|
c=`expr $c + 1`
|
|
if [ $c -gt 30 ]; then
|
|
echo
|
|
export usbkey_mount=none
|
|
die "timeout"
|
|
fi
|
|
done
|
|
|
|
echo
|
|
act -n "usb attached, opening "
|
|
|
|
# get the first partition
|
|
# usbpart=`dmesg |tail -n 12 | grep ' sd.:' |cut -d: -f2 |tr -d ' '`
|
|
for i in $(seq 1 10); do
|
|
usbpart=$(dmesg | tail -n 12 | sed '/ sd.:/!d;s/^.*: \(sd.[0-9]*\)/\1/')
|
|
if [ -n "$usbpart" ]; then
|
|
break
|
|
elif [ $i -eq 10 ]; then
|
|
die "timeout" 1
|
|
else
|
|
echo -n .
|
|
sleep 1
|
|
fi
|
|
done
|
|
|
|
mtmp=`$TOMBEXEC mktemp tomb`
|
|
sudo mount /dev/$usbpart $mtmp
|
|
if [ $? = 0 ]; then
|
|
usbmount=$mtmp
|
|
else
|
|
die "cannot mount usbkey partition $usbmount"
|
|
fi
|
|
|
|
echo
|
|
act "usb key mounted on $usbmount"
|
|
usbkey_mount=$usbmount
|
|
return 0
|
|
}
|
|
|
|
launch_status() {
|
|
# calculates the correct arguments to launch tomb-status tray
|
|
# applet; it takes the tomb name as an argument and should be
|
|
# launched after a successful tomb mount.
|
|
if ! [ $1 ]; then
|
|
die "cannot launch status tray applet: we don't even know the name of our tomb."
|
|
fi
|
|
|
|
if [ $DISPLAY ]; then
|
|
tombname=${1}
|
|
tombbase=`basename $tombname`
|
|
tombmap=`mount -l | awk "/\[${tombbase}\]\$/"' { print $1 } '`
|
|
tombmount=`mount -l | awk "/\[${tombbase}\]\$/"' { print $3 } '`
|
|
if [ -x ./tomb-status ]; then # launch from build dir
|
|
./tomb-status $tombmap $tombname $tombmount &!
|
|
else
|
|
which tomb-status > /dev/null
|
|
if [ $? = 0 ]; then
|
|
tomb-status $tombmap $tombname $tombmount &!
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# got an argument
|
|
if [ $1 ]; then # is it a file?
|
|
|
|
tombdir=`dirname $1`
|
|
tombfile=`basename $1`
|
|
tombname=${tombfile%%\.*}
|
|
|
|
if [ -f ${tombdir}/${tombfile} ]; then
|
|
|
|
# is it a luks partition
|
|
file ${tombdir}/${tombfile} | grep -i LUKS > /dev/null
|
|
if [ $? = 0 ]; then # tomb is a valid LUKS file
|
|
if [ -r ${tombdir}/${tombname}.tomb.key ]; then
|
|
tombkey=${tombdir}/${tombname}.tomb.key
|
|
else
|
|
ask_usbkey
|
|
if ! [ $usbkey_mount ]; then # no usb key was mounted
|
|
die "key not provided for tomb $tombname: operation aborted" 1
|
|
else # usb mounted, check key presence
|
|
if [ -r ${usbkey_mount}/.tomb/${tombname}.tomb.key ]; then
|
|
tombkey=${usbkey_mount}/.tomb/${tombname}.tomb.key
|
|
elif [ -r ${usbkey_mount}/.tomb ]; then
|
|
die "we can't find the right key, have a look yourself:\n$(ls -lha ${usbkey_mount}/.tomb)" 1
|
|
else
|
|
die "there are no keys stored in your usb" 1
|
|
fi
|
|
fi
|
|
fi
|
|
if ! [ ${tombkey} ]; then # just to be sure
|
|
die "key not found, operation aborted." 1
|
|
else
|
|
|
|
"${TOMBEXEC}" mount -k ${tombkey} ${tombdir}/${tombfile}
|
|
success=$?
|
|
fi
|
|
|
|
if [ $usbkey_mount ]; then
|
|
sudo umount ${usbkey_mount}
|
|
rmdir ${usbkey_mount}
|
|
unset usbkey_mount
|
|
fi
|
|
|
|
if [ $success = 0 ]; then # mount was succesfull (with password and all)
|
|
launch_status ${tombname}
|
|
exit 0
|
|
else
|
|
tomb-notify "Tomb cannot open." "Are you knocking the wrong door?"
|
|
exit 1
|
|
fi
|
|
else
|
|
tomb-notify "Not a real Tomb." "We found no real bones in there, or the tomb file permissions won't allow us in."
|
|
exit 1
|
|
fi
|
|
|
|
|
|
elif [ -d $1 ]; then # its a directory
|
|
|
|
# FIXME: somehow xdg-open loses mailcap mimes when executed by tomb-status
|
|
# try xdg-open; if [ $? = 0 ]; then xdg-open ${1}; exit 0; fi
|
|
try gnome-open; if [ $? = 0 ]; then gnome-open ${1}; exit 0; fi
|
|
try thunar; if [ $? = 0 ]; then thunar ${1}; exit 0; fi
|
|
try pcmanfm; if [ $? = 0 ]; then pcmanfm ${1}; exit 0; fi
|
|
try rox; if [ $? = 0 ]; then rox ${1}; exit 0; fi
|
|
try fsviewer; if [ $? = 0 ]; then fsviewer ${1}; exit 0; fi
|
|
# try xnc; if [ $? = 0 ]; then xnc ${1}; exit 0; fi
|
|
tomb-notify "File manager not found." "Tomb cannot guess which filemanager you are using"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
|
|
# no argument but on graphical display: creation dialog
|
|
if [ "$1" != "wizard" ]; then
|
|
if [ -z $DISPLAY ]; then
|
|
no "tomb-open is a wrapper for the command 'tomb'"
|
|
no "type 'tomb-open wizard' if you want to be guided"
|
|
"${TOMBEXEC}" help
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# no arguments: start guided tomb creation
|
|
tomb-notify
|
|
# we do it on the desktop by default
|
|
if [ -r $HOME/Desktop ]; then
|
|
cd $HOME/Desktop;
|
|
# or inside HOME
|
|
else cd $HOME; fi
|
|
say "Tomb - simple commandline tool for encrypted storage"
|
|
say "version $VERSION ($DATE) by Jaromil @ dyne.org"
|
|
say "Guided creation of a new Tomb"
|
|
cat <<EOF
|
|
|
|
A Tomb is a special folder that keeps files safe using a password:
|
|
it makes use of strong encryption and helps you keep the keys on a
|
|
separate USB storage for safer transports.
|
|
|
|
Inside a Tomb you can store private informations without fear that
|
|
other people possessing it will discover your secrets, unless they
|
|
have your USB key and your password.
|
|
|
|
If you choose to proceed now, we'll guide you through the creation
|
|
of a new Tomb.
|
|
|
|
If you will, I'll be your Crypto Undertaker.
|
|
|
|
Do you want to proceed, Master? (y/n)
|
|
EOF
|
|
echo -n "> "
|
|
read -q
|
|
if [ "$?" != 0 ]; then
|
|
die "Operation aborted" 1
|
|
fi
|
|
# let's proceed
|
|
say "Please type in the name for your new tomb file:"
|
|
echo -n "> "
|
|
read -u 1 tombname
|
|
say "How big you want the Tomb to be?"
|
|
act "Type a size number in Megabytes:"
|
|
echo -n "> "
|
|
read -u 1 tombsize
|
|
if [[ "$tombsize" != <-> ]]; then
|
|
die "Only digit allowed! Operation aborted"
|
|
fi
|
|
clear
|
|
say "You have commanded the creation of this Tomb:"
|
|
act "$tombname ( $tombsize MBytes )";
|
|
echo
|
|
cat <<EOF
|
|
Please confirm if you want to proceed now:
|
|
|
|
You will need the super-user (sudo) password for the computer you
|
|
are using, as well time available.
|
|
|
|
Depending how big your tomb will be, make sure you are not running
|
|
low on batteries.
|
|
|
|
If you are remotely connected to a server, make sure to use a
|
|
detachable screen.
|
|
|
|
Considering 1GB takes usually little less than an hour to be digged.
|
|
|
|
EOF
|
|
say " Digging will take quite some time! Should we start? (y/n)"
|
|
echo -n "> "
|
|
read -q
|
|
if [ $? != 0 ]; then
|
|
die "Operation aborted." 1
|
|
|
|
fi
|
|
cat <<EOF
|
|
Operation confirmed! we will now call the undertaker to do its job,
|
|
but in order to do so you will need to provide your sudo password:
|
|
EOF
|
|
|
|
tombfile=${tombname}.tomb
|
|
"${TOMBEXEC}" create --ignore-swap -s $tombsize ${tombfile}
|
|
|
|
if [ $? != 0 ]; then
|
|
die "An error occurred creating tomb, operation aborted."
|
|
fi
|
|
|
|
tomb-notify "The Tomb is ready!" "We will now open your new Tomb for the first time."
|
|
cat <<EOF
|
|
Would you like to save the key on an external usb device?
|
|
|
|
This is recommended for safety:
|
|
Always keep the key in a different place than the door!
|
|
|
|
If you answer yes, you'll need a USB KEY now: (y/n)
|
|
EOF
|
|
# tomb-notify "Tomb has forged a key." "Would you like to save it on USB?"
|
|
echo -n " > "
|
|
read -q
|
|
if [ $? = 0 ]; then
|
|
ask_usbkey
|
|
if [ ${usbkey_mount} ]; then
|
|
|
|
sudo mkdir -m 0700 -p ${usbkey_mount}/.tomb
|
|
sudo cp -v ${tombfile}.key ${usbkey_mount}/.tomb/
|
|
sudo chmod -R go-rwx ${usbkey_mount}/.tomb
|
|
|
|
yes "${tombname}.key succesfully saved on your USB"
|
|
act "now we'll proceed opening your brand new tomb"
|
|
|
|
"${TOMBEXEC}" open -k ${tombfile}.key ${tombfile}
|
|
if [ $? = 0 ]; then
|
|
launch_status ${tombname}
|
|
fi
|
|
|
|
rm -f ${tombfile}.key
|
|
|
|
sudo umount ${usbkey_mount}
|
|
rmdir ${usbkey_mount}
|
|
unset usbkey_mount
|
|
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
cat <<EOF
|
|
Impossible to save the key on USB.
|
|
|
|
We recommend to preserve the key in a separate place! You can move
|
|
it yourself later, place it in a hidden directory named .tomb inside
|
|
the first partition of an usb key.
|
|
|
|
EOF
|
|
|
|
"${TOMBEXEC}" open -k ${tombname}.tomb.key ${tombfile}
|
|
if [ $? = 0 ]; then
|
|
launch_status ${tombname}
|
|
fi
|
|
|
|
exit 0
|