tcleanup of the main script improved binary check, made resize optional and set aside old install command (was already unused) - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 37792ffdc5fd5d697b7e4df11428689234d361d2
DIR parent 5f5fb06d433f384be36c61b02bc7cc45976d8558
HTML Author: Jaromil <jaromil@dyne.org>
Date: Sat, 25 May 2013 15:04:16 +0200
cleanup of the main script
improved binary check, made resize optional
and set aside old install command (was already unused)
Diffstat:
A extras/desktop/install.zsh | 90 +++++++++++++++++++++++++++++++
M tomb | 169 +++++++++----------------------
2 files changed, 136 insertions(+), 123 deletions(-)
---
DIR diff --git a/extras/desktop/install.zsh b/extras/desktop/install.zsh
t@@ -0,0 +1,90 @@
+# {{{ - Install
+# install mime-types, bells and whistles for the desktop
+# see http://developers.sun.com/solaris/articles/integrating_gnome.html
+# and freedesktop specs
+install_tomb() {
+
+# TODO: distro package deps (for binary)
+# debian: zsh, cryptsetup, sudo
+ _message "updating mimetypes..."
+ cat <<EOF > /tmp/dyne-tomb.xml
+<?xml version="1.0"?>
+<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'>
+ <mime-type type="application/x-tomb-volume">
+ <comment>Tomb crypto volume</comment>
+ <glob pattern="*.tomb"/>
+ </mime-type>
+ <mime-type type="application/x-tomb-key">
+ <comment>Tomb crypto key</comment>
+ <glob pattern="*.tomb.key"/>
+ </mime-type>
+</mime-info>
+EOF
+ xdg-mime install /tmp/dyne-tomb.xml
+ xdg-icon-resource install --context mimetypes --size 32 monmort.xpm monmort
+ xdg-icon-resource install --size 32 monmort.xpm dyne-monmort
+
+ rm /tmp/dyne-tomb.xml
+
+ _message "updating desktop..."
+ cat <<EOF > /usr/share/applications/tomb.desktop
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=Tomb crypto undertaker
+GenericName=Crypto undertaker
+Comment=Keep your bones safe
+Exec="${TOMBOPENEXEC}" %U
+TryExec=tomb-open
+Icon=monmort.xpm
+Terminal=true
+Categories=Utility;Security;Archiving;Filesystem;
+MimeType=application/x-tomb-volume;
+X-AppInstall-Package=tomb
+EOF
+ update-desktop-database
+
+ _message "updating menus..."
+ cat <<EOF > /etc/menu/tomb
+?package(tomb):command="tomb" icon="/usr/share/pixmaps/monmort.xpm" needs="text" \
+ section="Applications/Accessories" title="Tomb" hints="Crypto" \
+ hotkey="Tomb"
+EOF
+ update-menus
+
+ _message "updating mime info..."
+ cat <<EOF > /usr/share/mime-info/tomb.keys
+# actions for encrypted tomb storage
+application/x-tomb-volume:
+ open="${TOMBOPENEXEC}" %f
+ view=tomb-open %f
+ icon-filename=monmort.xpm
+ short_list_application_ids_for_novice_user_level=tomb
+EOF
+ cat <<EOF > /usr/share/mime-info/tomb.mime
+# mime type for encrypted tomb storage
+application/x-tomb-volume
+ ext: tomb
+
+application/x-tomb-key
+ ext: tomb.key
+EOF
+ cat <<EOF > /usr/lib/mime/packages/tomb
+application/x-tomb-volume; tomb-open '%s'; priority=8
+EOF
+ update-mime
+
+ _message "updating application entry..."
+
+ cat <<EOF > /usr/share/application-registry/tomb.applications
+tomb
+ command=tomb-open
+ name=Tomb - Crypto Undertaker
+ can_open_multiple_files=false
+ expects_uris=false
+ requires_terminal=true
+ mime-types=application/x-tomb-volume,application/x-tomb-key
+EOF
+ _message "Tomb is now installed."
+}
+# }}}
DIR diff --git a/tomb b/tomb
t@@ -31,6 +31,7 @@ typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done
STEGHIDE=1
MKTEMP=1
+RESIZER=1
MOUNTOPTS="rw,noatime,nodev"
typeset -A global_opts
t@@ -169,33 +170,29 @@ progress() {
check_bin() {
# check for required programs
- for req in pinentry sudo gpg; do
- which $req >/dev/null || die "Cannot find $req. Please install it." 1
+ for req in cryptsetup pinentry sudo gpg; do
+ command -v $req >/dev/null || die "Cannot find $req. It's a requirement to use Tomb, please install it." 1
done
export PATH=/sbin:/usr/sbin:$PATH
- which cryptsetup > /dev/null && CRYPTSETUP=cryptsetup || die "Cryptsetup not found in $PATH." 1
-
# which dd command to use
- which dcfldd > /dev/null && DD=dcfldd || DD=dd
+ command -v dcfldd > /dev/null && DD=dcfldd || DD=dd
# which wipe command to use
- which wipe > /dev/null && WIPE="wipe -f -s" || WIPE="rm -f"
+ command -v wipe > /dev/null && WIPE="wipe -f -s" || WIPE="rm -f"
# check for filesystem creation progs
- which mkfs.ext4 > /dev/null && \
+ command -v mkfs.ext4 > /dev/null && \
MKFS="mkfs.ext4 -q -F -j -L" || \
MKFS="mkfs.ext3 -q -F -j -L"
# check for mktemp
- which mktemp > /dev/null || MKTEMP=0
+ command -v mktemp > /dev/null || MKTEMP=0
# check for steghide
- which steghide > /dev/null || STEGHIDE=0
-
- # resize suite check bin!
- which e2fsck > /dev/null || die "Cannot find e2fsck. Please install it." 1
- which resize2fs > /dev/null || die "Cannot find resize2fs. Please install it." 1
+ command -v steghide > /dev/null || STEGHIDE=0
+ # check for resize
+ command -v e2fsck resize2fs > /dev/null || RESIZER=0
if which tomb-kdf-pbkdf2 &> /dev/null; then
KDF_PBKDF2="tomb-kdf-pbkdf2"
t@@ -356,6 +353,10 @@ EOF
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
exit $?
fi # are we root already
+
+ # make sure necessary kernel modules are loaded
+ modprobe dm_crypt
+
return 0
}
# }}}
t@@ -393,8 +394,12 @@ Commands:
slam slam a TOMB killing all programs using it
passwd change the password of a KEY
- resize resize a TOMB to a new --size (can only grow)
EOF
+ if [ "$RESIZER" = 1 ]; then
+ cat <<EOF
+ resize resize a TOMB to a new --size (can only grow)
+EOF
+ fi
if [ "$STEGHIDE" = 1 ]; then
cat <<EOF
bury hide a KEY inside a JPEG image
t@@ -680,7 +685,7 @@ forge_key() {
_message "Commanded to forge key $1"
if ! [ $1 ]; then
- _warning "no key name specified for creation"
+ _warning "no key name specified for creation"
return 1
fi
t@@ -759,7 +764,9 @@ forge_key() {
ls -lh ${tombkey}
}
-# dig a tomb
+# Dig a tomb, means that it will create an empty file to be formatted
+# as a loopback filesystem. Initially the file is filled with random data
+# taken from /dev/urandom which improves the tomb's overall security
dig_tomb() {
_message "Commanded to dig tomb $1"
t@@ -1111,8 +1118,10 @@ gen_key() {
;;
esac
echo -n $header
- gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
- -o - -c -a ${lukskey} <<< "${tombpass}"
+
+ print "${tombpass}" \
+ | gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
+ -o - -c -a ${lukskey}
unset tombpass
}
t@@ -1531,7 +1540,7 @@ umount_tomb() {
return 0
}
# }}}
-# }}}
+
# {{{ - Change Password
# $1 is the tomb key path
t@@ -1686,18 +1695,18 @@ resize_tomb() {
_message "Password is required for key ${keyname}"
for c in 1 2 3; do
- if [ $c = 1 ]; then
- tombpass=`exec_as_user ${TOMBEXEC} askpass ${keyname}`
- else
- tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
- fi
+ if [ $c = 1 ]; then
+ tombpass=`exec_as_user ${TOMBEXEC} askpass ${keyname}`
+ else
+ tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
+ fi
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
-
+
unset tombpass
- if [ -r /dev/mapper/${mapper} ]; then
- break; # password was correct
+ if [ -r /dev/mapper/${mapper} ]; then
+ break; # password was correct
fi
done
t@@ -1871,8 +1880,8 @@ list_tombs() {
for h in ${mounted_hooks}; do
print -n "$fg_no_bold[green]$tombname"
print -n "$fg_no_bold[white] hooks "
- print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`"
- print -n "$fg_no_bold[white] on "
+# print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`"
+# print -n "$fg_no_bold[white] on "
print "$fg_bold[white]${h[(ws:;:)2]}$fg_no_bold[white]"
done
done
t@@ -1931,98 +1940,7 @@ launch_status() {
return 0
}
# }}}
-# {{{ - Install GUI
-# install mime-types, bells and whistles for the desktop
-# see http://developers.sun.com/solaris/articles/integrating_gnome.html
-# and freedesktop specs
-install_tomb() {
-
-# TODO: distro package deps (for binary)
-# debian: zsh, cryptsetup, sudo
- _message "updating mimetypes..."
- cat <<EOF > /tmp/dyne-tomb.xml
-<?xml version="1.0"?>
-<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'>
- <mime-type type="application/x-tomb-volume">
- <comment>Tomb encrypted volume</comment>
- <glob pattern="*.tomb"/>
- </mime-type>
- <mime-type type="application/x-tomb-key">
- <comment>Tomb crypto key</comment>
- <glob pattern="*.tomb.key"/>
- </mime-type>
-</mime-info>
-EOF
- xdg-mime install /tmp/dyne-tomb.xml
- xdg-icon-resource install --context mimetypes --size 32 monmort.xpm monmort
- xdg-icon-resource install --size 32 monmort.xpm dyne-monmort
-
- rm /tmp/dyne-tomb.xml
-
- _message "updating desktop..."
- cat <<EOF > /usr/share/applications/tomb.desktop
-[Desktop Entry]
-Version=1.0
-Type=Application
-Name=Tomb crypto undertaker
-GenericName=Crypto undertaker
-Comment=Keep your bones safe
-Exec="${TOMBOPENEXEC}" %U
-TryExec=tomb-open
-Icon=monmort.xpm
-Terminal=true
-Categories=Utility;Security;Archiving;Filesystem;
-MimeType=application/x-tomb-volume;
-X-AppInstall-Package=tomb
-EOF
- update-desktop-database
- _message "updating menus..."
- cat <<EOF > /etc/menu/tomb
-?package(tomb):command="tomb" icon="/usr/share/pixmaps/monmort.xpm" needs="text" \
- section="Applications/Accessories" title="Tomb" hints="Crypto" \
- hotkey="Tomb"
-EOF
- update-menus
-
- _message "updating mime info..."
- cat <<EOF > /usr/share/mime-info/tomb.keys
-# actions for encrypted tomb storage
-application/x-tomb-volume:
- open="${TOMBOPENEXEC}" %f
- view=tomb-open %f
- icon-filename=monmort.xpm
- short_list_application_ids_for_novice_user_level=tomb
-EOF
- cat <<EOF > /usr/share/mime-info/tomb.mime
-# mime type for encrypted tomb storage
-application/x-tomb-volume
- ext: tomb
-
-application/x-tomb-key
- ext: tomb.key
-EOF
- cat <<EOF > /usr/lib/mime/packages/tomb
-application/x-tomb-volume; tomb-open '%s'; priority=8
-EOF
- update-mime
-
- _message "updating application entry..."
-
- cat <<EOF > /usr/share/application-registry/tomb.applications
-tomb
- command=tomb-open
- name=Tomb - Crypto Undertaker
- can_open_multiple_files=false
- expects_uris=false
- requires_terminal=true
- mime-types=application/x-tomb-volume,application/x-tomb-key
-EOF
- _message "Tomb is now installed."
-}
-# }}}
-
-# }}}
# {{{ MAIN COMMAND
main() {
t@@ -2230,9 +2148,14 @@ main() {
decode_key $PARAM[1] $PARAM[2]
;;
resize)
- check_priv
- resize_tomb $PARAM[1]
- ;;
+ if [ "$RESIZER" = 0 ]; then
+ _warning "resize2fs not installed. Cannot resize your tomb."
+ return 1
+ fi
+ check_priv
+ resize_tomb $PARAM[1]
+ ;;
+
# internal commands useful to developers
'source') return 0 ;;
install) check_priv ; install_tomb ;;