mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2025-01-25 16:08:24 +00:00
4a04d9dd84
including the old qt and python wrappers as discussed in issue #113
387 lines
11 KiB
Bash
Executable File
387 lines
11 KiB
Bash
Executable File
#!/bin/zsh
|
|
#
|
|
# Tomb, the Crypto Undertaker
|
|
#
|
|
# a tool to easily operate file encryption of private and secret data
|
|
#
|
|
# Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
|
|
#
|
|
# This source code is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This source code is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
# Please refer to the GNU Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Public License along with
|
|
# this source code; if not, write to:
|
|
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
# startup wrapper to open tombs
|
|
|
|
TOMBEXEC="tomb"
|
|
|
|
if [ "$0" = "./tomb-open" ]; then
|
|
TOMBEXEC="$PWD/tomb"
|
|
fi
|
|
|
|
# includes all shell functions in tomb
|
|
source $TOMBEXEC source
|
|
|
|
try() {
|
|
which ${1} > /dev/null
|
|
if [ $? = 0 ]; then
|
|
return 0
|
|
else
|
|
return -1
|
|
fi
|
|
}
|
|
|
|
# popup notification
|
|
tomb-notify() {
|
|
|
|
which notify-send > /dev/null
|
|
if [ $? != 0 ]; then return 1; fi
|
|
|
|
# look for our icon in common prefixes
|
|
if [ -r /usr/share/pixmaps/monmort.xpm ]; then icon=/usr/share/pixmaps/monmort.xpm
|
|
elif [ -r /usr/share/icons/monmort.xpm ]; then icon=/usr/share/icons/monmort.xpm
|
|
elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
|
|
elif [ -r /usr/local/share/icons/monmort.xpm ]; then icon=/usr/local/share/icons/monmort.xpm
|
|
elif [ -r /opt/share/pixmaps/monmort.xpm ]; then icon=/opt/share/pixmaps/monmort.xpm
|
|
elif [ -r /sw/share/pixmaps/monmort.xpm ]; then icon=/sw/share/pixmaps/monmort.xpm
|
|
fi
|
|
|
|
if [ -z $1 ]; then
|
|
notify-send -i $icon \
|
|
-u low -h string:App:Tomb \
|
|
"Tomb version $VERSION" \
|
|
"Hi, I'm the Undertaker.
|
|
Let's start setting your Crypt?"
|
|
else
|
|
notify-send -i $icon ${@}
|
|
fi
|
|
}
|
|
|
|
|
|
# USB plug auto detect using dmesg
|
|
# tested on ubuntu 10.04 and debian 6.0
|
|
# please test and patch on other systems if you can.
|
|
# TODO: use udev rules, see how archlinux folks document it:
|
|
# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
|
|
# here we could modularize the choice of methods using function pointers,
|
|
# so that they are configurable when calling tomb.
|
|
ask_usbkey() {
|
|
unset usbkey_mount
|
|
say "Waiting 1 minute for a usb key to connect"
|
|
act -n "please insert your usb key "
|
|
|
|
tomb-notify "Insert your USB KEY" \
|
|
"Tomb is waiting 30 seconds for you to insert an external key."
|
|
|
|
plugged=false
|
|
c=0
|
|
while [ "$plugged" != "true" ]; do
|
|
dmesg | tail -n 12 | grep -q 'new.*USB device'
|
|
if [ $? = 0 ]; then plugged=true; fi
|
|
echo -n "."
|
|
sleep .5
|
|
c=`expr $c + 1`
|
|
if [ $c -gt 60 ]; then
|
|
echo
|
|
die "timeout"
|
|
fi
|
|
done
|
|
|
|
echo
|
|
act -n "usb key inserted, attaching "
|
|
|
|
c=0
|
|
attached=false
|
|
while [ "$attached" != "true" ]; do
|
|
dmesg | tail -n 12| grep -q 'Attached.*removable disk'
|
|
if [ $? = 0 ]; then attached=true; fi
|
|
echo -n "."
|
|
sleep .5
|
|
c=`expr $c + 1`
|
|
if [ $c -gt 30 ]; then
|
|
echo
|
|
export usbkey_mount=none
|
|
die "timeout"
|
|
fi
|
|
done
|
|
|
|
echo
|
|
act -n "usb attached, opening "
|
|
|
|
# get the first partition
|
|
# usbpart=`dmesg |tail -n 12 | grep ' sd.:' |cut -d: -f2 |tr -d ' '`
|
|
for i in $(seq 1 10); do
|
|
usbpart=$(dmesg | tail -n 12 | sed '/ sd.:/!d;s/^.*: \(sd.[0-9]*\)/\1/')
|
|
if [ -n "$usbpart" ]; then
|
|
break
|
|
elif [ $i -eq 10 ]; then
|
|
die "timeout" 1
|
|
else
|
|
echo -n .
|
|
sleep 1
|
|
fi
|
|
done
|
|
|
|
mtmp=`$TOMBEXEC mktemp tomb`
|
|
sudo mount /dev/$usbpart $mtmp
|
|
if [ $? = 0 ]; then
|
|
usbmount=$mtmp
|
|
else
|
|
die "cannot mount usbkey partition $usbmount"
|
|
fi
|
|
|
|
echo
|
|
act "usb key mounted on $usbmount"
|
|
usbkey_mount=$usbmount
|
|
return 0
|
|
}
|
|
|
|
launch_status() {
|
|
# calculates the correct arguments to launch tomb-status tray
|
|
# applet; it takes the tomb name as an argument and should be
|
|
# launched after a successful tomb mount.
|
|
if ! [ $1 ]; then
|
|
die "cannot launch status tray applet: we don't even know the name of our tomb."
|
|
fi
|
|
|
|
if [ $DISPLAY ]; then
|
|
tombname=${1}
|
|
tombbase=`basename $tombname`
|
|
tombmap=`mount -l | awk "/\[${tombbase}\]\$/"' { print $1 } '`
|
|
tombmount=`mount -l | awk "/\[${tombbase}\]\$/"' { print $3 } '`
|
|
if [ -x ./tomb-status ]; then # launch from build dir
|
|
./tomb-status $tombmap $tombname $tombmount &!
|
|
else
|
|
which tomb-status > /dev/null
|
|
if [ $? = 0 ]; then
|
|
tomb-status $tombmap $tombname $tombmount &!
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# got an argument
|
|
if [ $1 ]; then # is it a file?
|
|
|
|
tombdir=`dirname $1`
|
|
tombfile=`basename $1`
|
|
tombname=${tombfile%%\.*}
|
|
|
|
if [ -f ${tombdir}/${tombfile} ]; then
|
|
|
|
# is it a luks partition
|
|
file ${tombdir}/${tombfile} | grep -i LUKS > /dev/null
|
|
if [ $? = 0 ]; then # tomb is a valid LUKS file
|
|
if [ -r ${tombdir}/${tombname}.tomb.key ]; then
|
|
tombkey=${tombdir}/${tombname}.tomb.key
|
|
else
|
|
ask_usbkey
|
|
if ! [ $usbkey_mount ]; then # no usb key was mounted
|
|
die "key not provided for tomb $tombname: operation aborted" 1
|
|
else # usb mounted, check key presence
|
|
if [ -r ${usbkey_mount}/.tomb/${tombname}.tomb.key ]; then
|
|
tombkey=${usbkey_mount}/.tomb/${tombname}.tomb.key
|
|
elif [ -r ${usbkey_mount}/.tomb ]; then
|
|
die "we can't find the right key, have a look yourself:\n$(ls -lha ${usbkey_mount}/.tomb)" 1
|
|
else
|
|
die "there are no keys stored in your usb" 1
|
|
fi
|
|
fi
|
|
fi
|
|
if ! [ ${tombkey} ]; then # just to be sure
|
|
die "key not found, operation aborted." 1
|
|
else
|
|
|
|
"${TOMBEXEC}" mount -k ${tombkey} ${tombdir}/${tombfile}
|
|
success=$?
|
|
fi
|
|
|
|
if [ $usbkey_mount ]; then
|
|
sudo umount ${usbkey_mount}
|
|
rmdir ${usbkey_mount}
|
|
unset usbkey_mount
|
|
fi
|
|
|
|
if [ $success = 0 ]; then # mount was succesfull (with password and all)
|
|
launch_status ${tombname}
|
|
exit 0
|
|
else
|
|
tomb-notify "Tomb cannot open." "Are you knocking the wrong door?"
|
|
exit 1
|
|
fi
|
|
else
|
|
tomb-notify "Not a real Tomb." "We found no real bones in there, or the tomb file permissions won't allow us in."
|
|
exit 1
|
|
fi
|
|
|
|
|
|
elif [ -d $1 ]; then # its a directory
|
|
|
|
# FIXME: somehow xdg-open loses mailcap mimes when executed by tomb-status
|
|
# try xdg-open; if [ $? = 0 ]; then xdg-open ${1}; exit 0; fi
|
|
try gnome-open; if [ $? = 0 ]; then gnome-open ${1}; exit 0; fi
|
|
try thunar; if [ $? = 0 ]; then thunar ${1}; exit 0; fi
|
|
try pcmanfm; if [ $? = 0 ]; then pcmanfm ${1}; exit 0; fi
|
|
try rox; if [ $? = 0 ]; then rox ${1}; exit 0; fi
|
|
try fsviewer; if [ $? = 0 ]; then fsviewer ${1}; exit 0; fi
|
|
# try xnc; if [ $? = 0 ]; then xnc ${1}; exit 0; fi
|
|
tomb-notify "File manager not found." "Tomb cannot guess which filemanager you are using"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
|
|
# no argument but on graphical display: creation dialog
|
|
if [ "$1" != "wizard" ]; then
|
|
if [ -z $DISPLAY ]; then
|
|
no "tomb-open is a wrapper for the command 'tomb'"
|
|
no "type 'tomb-open wizard' if you want to be guided"
|
|
"${TOMBEXEC}" help
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# no arguments: start guided tomb creation
|
|
tomb-notify
|
|
# we do it on the desktop by default
|
|
if [ -r $HOME/Desktop ]; then
|
|
cd $HOME/Desktop;
|
|
# or inside HOME
|
|
else cd $HOME; fi
|
|
say "Tomb - simple commandline tool for encrypted storage"
|
|
say "version $VERSION ($DATE) by Jaromil @ dyne.org"
|
|
say "Guided creation of a new Tomb"
|
|
cat <<EOF
|
|
|
|
A Tomb is a special folder that keeps files safe using a password:
|
|
it makes use of strong encryption and helps you keep the keys on a
|
|
separate USB storage for safer transports.
|
|
|
|
Inside a Tomb you can store private informations without fear that
|
|
other people possessing it will discover your secrets, unless they
|
|
have your USB key and your password.
|
|
|
|
If you choose to proceed now, we'll guide you through the creation
|
|
of a new Tomb.
|
|
|
|
If you will, I'll be your Crypto Undertaker.
|
|
|
|
Do you want to proceed, Master? (y/n)
|
|
EOF
|
|
echo -n "> "
|
|
read -q
|
|
if [ "$?" != 0 ]; then
|
|
die "Operation aborted" 1
|
|
fi
|
|
# let's proceed
|
|
say "Please type in the name for your new tomb file:"
|
|
echo -n "> "
|
|
read -u 1 tombname
|
|
say "How big you want the Tomb to be?"
|
|
act "Type a size number in Megabytes:"
|
|
echo -n "> "
|
|
read -u 1 tombsize
|
|
if [[ "$tombsize" != <-> ]]; then
|
|
die "Only digit allowed! Operation aborted"
|
|
fi
|
|
clear
|
|
say "You have commanded the creation of this Tomb:"
|
|
act "$tombname ( $tombsize MBytes )";
|
|
echo
|
|
cat <<EOF
|
|
Please confirm if you want to proceed now:
|
|
|
|
You will need the super-user (sudo) password for the computer you
|
|
are using, as well time available.
|
|
|
|
Depending how big your tomb will be, make sure you are not running
|
|
low on batteries.
|
|
|
|
If you are remotely connected to a server, make sure to use a
|
|
detachable screen.
|
|
|
|
Considering 1GB takes usually little less than an hour to be digged.
|
|
|
|
EOF
|
|
say " Digging will take quite some time! Should we start? (y/n)"
|
|
echo -n "> "
|
|
read -q
|
|
if [ $? != 0 ]; then
|
|
die "Operation aborted." 1
|
|
|
|
fi
|
|
cat <<EOF
|
|
Operation confirmed! we will now call the undertaker to do its job,
|
|
but in order to do so you will need to provide your sudo password:
|
|
EOF
|
|
|
|
tombfile=${tombname}.tomb
|
|
"${TOMBEXEC}" create --ignore-swap -s $tombsize ${tombfile}
|
|
|
|
if [ $? != 0 ]; then
|
|
die "An error occurred creating tomb, operation aborted."
|
|
fi
|
|
|
|
tomb-notify "The Tomb is ready!" "We will now open your new Tomb for the first time."
|
|
cat <<EOF
|
|
Would you like to save the key on an external usb device?
|
|
|
|
This is recommended for safety:
|
|
Always keep the key in a different place than the door!
|
|
|
|
If you answer yes, you'll need a USB KEY now: (y/n)
|
|
EOF
|
|
# tomb-notify "Tomb has forged a key." "Would you like to save it on USB?"
|
|
echo -n " > "
|
|
read -q
|
|
if [ $? = 0 ]; then
|
|
ask_usbkey
|
|
if [ ${usbkey_mount} ]; then
|
|
|
|
sudo mkdir -m 0700 -p ${usbkey_mount}/.tomb
|
|
sudo cp -v ${tombfile}.key ${usbkey_mount}/.tomb/
|
|
sudo chmod -R go-rwx ${usbkey_mount}/.tomb
|
|
|
|
yes "${tombname}.key succesfully saved on your USB"
|
|
act "now we'll proceed opening your brand new tomb"
|
|
|
|
"${TOMBEXEC}" open -k ${tombfile}.key ${tombfile}
|
|
if [ $? = 0 ]; then
|
|
launch_status ${tombname}
|
|
fi
|
|
|
|
rm -f ${tombfile}.key
|
|
|
|
sudo umount ${usbkey_mount}
|
|
rmdir ${usbkey_mount}
|
|
unset usbkey_mount
|
|
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
cat <<EOF
|
|
Impossible to save the key on USB.
|
|
|
|
We recommend to preserve the key in a separate place! You can move
|
|
it yourself later, place it in a hidden directory named .tomb inside
|
|
the first partition of an usb key.
|
|
|
|
EOF
|
|
|
|
"${TOMBEXEC}" open -k ${tombname}.tomb.key ${tombfile}
|
|
if [ $? = 0 ]; then
|
|
launch_status ${tombname}
|
|
fi
|
|
|
|
exit 0
|