tmessaging and debugging enhancements - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 1af4c42749f10f25d9deb5f7bf6ddbffeabb7799
DIR parent 35e1afdcebfbf8d1eaf7edb59187a4039d45eec4
HTML Author: Jaromil <jaromil@dyne.org>
Date: Tue, 17 Jan 2012 17:28:40 +0100
messaging and debugging enhancements
Now checks for GnuPG and lists available ciphers
Some more information about the tomb opened is retrieved via cryptsetup
Also some duplicate strings were eliminated and year notices were updated
Diffstat:
M src/tomb | 91 ++++++++++++++++++++++---------
1 file changed, 65 insertions(+), 26 deletions(-)
---
DIR diff --git a/src/tomb b/src/tomb
t@@ -4,7 +4,7 @@
#
# a tool to easily operate file encryption of private and secret data
#
-# {{{ Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
+# {{{ Copyleft (C) 2007-2012 Denis Roio <jaromil@dyne.org>
#
# This source code is free software; you can redistribute it and/or
t@@ -23,8 +23,8 @@
# }}}
# {{{ GLOBAL VARIABLES
-VERSION=1.2
-DATE=Nov/2011
+VERSION=1.3
+DATE=Nov/2012
TOMBEXEC=$0
TOMBOPENEXEC="${TOMBEXEC}-open"
typeset -a OLDARGS
t@@ -63,13 +63,13 @@ function _msg() {
pchars=" . "; pcolor="green"
;;
verbose)
- pchars="[D]"; pcolor="yellow"
+ pchars="[D]"; pcolor="blue"
;;
success)
pchars="(*)"; pcolor="green"; message="%{%F{$pcolor}%}${2}%{%f%}"
;;
warning)
- pchars="[W]"; pcolor="red"; message="%{%F{yellow}%}${2}%{%f%}"
+ pchars="[W]"; pcolor="yellow"; message="%{%F{$pcolor}%}${2}%{%f%}"
;;
failure)
pchars="[E]"; pcolor="red"; message="%{%F{$pcolor}%}${2}%{%f%}"
t@@ -119,7 +119,7 @@ function _failure die()
check_bin() {
# check for required programs
- for req in cryptsetup pinentry sudo; do
+ for req in cryptsetup pinentry sudo gpg; do
which $req >/dev/null || die "Cannot find $req. Please install it." 1
done
t@@ -285,11 +285,6 @@ EOF
# {{{ - TOMB USAGE
usage() {
cat <<EOF
-Tomb $VERSION - a strong and gentle undertaker for your secrets
-
- Copyright (C) 2007-2011 Dyne.org Foundation, License GNU GPL v3+
- This is free software: you are free to change and redistribute it
- The latest Tomb sourcecode is published on <http://tomb.dyne.org>
Syntax: tomb [options] command [file] [place]
t@@ -320,7 +315,7 @@ Options:
-f force operation (i.e. even if swap is active)
-h print this help
- -v version information for this tool
+ -v print version, license and list of available ciphers
-q run quietly without printing informations
-D print debugging information at runtime
t@@ -333,8 +328,8 @@ EOF
generate_translatable_strings() {
cat <<EOF
# Tomb - The Crypto Undertaker.
-# Copyright (C) 2007-2011 Dyne.org Foundation
-# Denis Roio <jaromil@dyne.org>, 2011.
+# Copyright (C) 2007-2012 Dyne.org Foundation
+# Denis Roio <jaromil@dyne.org>, 2012.
#
#, fuzzy
msgid ""
t@@ -492,6 +487,22 @@ print "-----END PGP MESSAGE-----"
return $res
}
+
+list_gnupg_ciphers() {
+ # prints an array of ciphers available in gnupg (to encrypt keys)
+ # prints an error if GnuPG is not found
+ which gnupg > /dev/null || die "gpg (GnuPG) is not found, Tomb cannot function without it."
+
+ ciphers=(`gpg --version | awk '
+BEGIN { ciphers=0 }
+/^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
+/^Hash:/ { ciphers=0 }
+{ if(ciphers==0) { next } else { gsub(/,/,""); print; } }
+'`)
+ echo " ${ciphers}"
+ return 1
+}
+
# }}}
# }}}
# {{{ - HOOK HELPERS
t@@ -805,7 +816,7 @@ mount_tomb() {
return 1
fi
- _success "mounting $tombfile on mountpoint $tombmount"
+ _success "Opening $tombfile on $tombmount"
# we need root from here on
mkdir -p $tombmount
t@@ -825,13 +836,21 @@ mount_tomb() {
return 1
fi
+ tombdump=(`cryptsetup luksDump ${nstloop} | awk '
+ /^Cipher name/ {print $3}
+ /^Cipher mode/ {print $3}
+ /^Hash spec/ {print $3}'`)
+ say "cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
+
+
# save date of mount in minutes since 1970
mapdate=`date +%s`
+
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
keyname=`basename $tombkey | cut -d. -f1`
- _success "Password is required for key ${keyname}"
+ _warning "Password is required for key ${keyname}"
for c in 1 2 3; do
if [ $c = 1 ]; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
t@@ -855,13 +874,20 @@ mount_tomb() {
done
if ! [ -r /dev/mapper/${mapper} ]; then
- _warning "failure mounting the encrypted file"
losetup -d ${nstloop}
$norm || rmdir ${tombmount} 2>/dev/null
- return 1
+ die "failure mounting the encrypted file"
fi
- _message "encrypted storage filesystem check"
+ # array: [ cipher, keysize, loopdevice ]
+ tombstat=(`cryptsetup status ${mapper} | awk '
+ /cipher:/ {print $2}
+ /keysize:/ {print $2}
+ /device:/ {print $2}'`)
+ yes "Success unlocking tomb $tombname"
+ xxx "key size is $tombstat[2] for cipher $tombstat[1]"
+
+ _message "checking filesystem via $tombstat[3]"
fsck -p -C0 /dev/mapper/${mapper}
xxx "tomb engraved as $tombname"
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
t@@ -873,7 +899,7 @@ mount_tomb() {
chmod 0750 ${tombmount}
chown $(id -u $ME):$(id -g $ME) ${tombmount}
- _success "encrypted storage $tombfile succesfully mounted on $tombmount"
+ _success "Success opening $tombfile on $tombmount"
if ! option_is_set -n ; then
exec_safe_bind_hooks ${tombmount}
exec_safe_post_hooks ${tombmount} open
t@@ -1328,6 +1354,11 @@ list_tombs() {
print "$fg_bold[white]$tombfs $tombfsopts"
print -n "$fg_no_bold[green]$tombname"
+ print -n "$fg_no_bold[white] cipher ${tombstat}"
+ print -n "keysize $tombstat[1]"
+ print "mounted via $tombstat[2]"
+
+ print -n "$fg_no_bold[green]$tombname"
print -n "$fg_no_bold[white] open since "
print "$fg_bold[white]$tombsince$fg_no_bold[white]"
t@@ -1368,7 +1399,7 @@ launch_status() {
which tomb-status > /dev/null
if [ $? != 0 ]; then
- _warning "Cannot find tomb-status binary, operation aborted."
+ die "Cannot find tomb-status binary, operation aborted."
return 1
fi
t@@ -1703,11 +1734,19 @@ main() {
mktemp) safe_dir ${CMD2} ;;
translate) generate_translatable_strings ;;
__default)
- if option_is_set -v; then
- echo Tomb - $VERSION
- else
- usage
- fi
+ cat <<EOF
+Tomb $VERSION - a strong and gentle undertaker for your secrets
+
+ Copyright (C) 2007-2012 Dyne.org Foundation, License GNU GPL v3+
+ This is free software: you are free to change and redistribute it
+ The latest Tomb sourcecode is published on <http://tomb.dyne.org>
+
+GnuPG available ciphers:
+`list_gnupg_ciphers`
+EOF
+ option_is_set -v && return 0
+
+ usage
;;
*)
_warning "command \"$CMD\" not recognized"