commit 684ad7d8211acbe52c4f37b3bc6fb501e0888340
parent 2489bcfa1b54399971404925ef9e3d379133e5cb
Author: parazyd <parazyd@dyne.org>
Date: Tue, 29 Mar 2016 21:53:28 +0200
trailings, final uninstall
Diffstat:
9 files changed, 49 insertions(+), 43 deletions(-)
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Secure dedicated LAN file storage made easy
A coffin is a dedicated device you can use to keep your files on a safe
and encrypted place. The core workflow of the coffin is having a key
that is autodetected by the device once plugged in. Once detected, the
-coffin will open the tomb that corresponds to that same key.
+coffin will open the tomb that corresponds to that same key.
Now, you are able to access your files on the LAN.
Once you plug in your key again, that same tomb will be closed and your
files are once again unreadable.
@@ -19,7 +19,7 @@ depending on the distro you are using:
pinentry-curses pwgen gettext haveged sudo
```
-Clone this repository to the device you will be using.
+Clone this repository to the device you will be using.
Run `make` in order to compile tomb's KDF modules.
@@ -32,9 +32,9 @@ device.
## Usage
After installation, you will end up with an initscript in
-/etc/init.d/coffin
+/etc/init.d/coffin
You can start coffin by issuing `/etc/init.d/coffin start` and the watch
-script will begin to watch your /dev for new devices.
+script will begin to watch your /dev for new devices.
### Hooks
Hooks are oneliners written on your USB key which will trigger actions
@@ -50,7 +50,7 @@ works.
action:userName:tombName:options
```
So far there are only two actions (create, delete) but more are to be
-added in the future.
+added in the future.
To create a hook, add one or more to the `.coffin` directory in a file
called `hook`. Separate each hook with a newline.
##### Create hook
@@ -59,16 +59,16 @@ create:userName:tombName:tombSize:features
create:undertaker:myAwesomeCrypt:50:webdav:sshfs
```
So, to create a tomb, you will have to choose a username, a tomb name
-and the size of your choice (in MiB). This is the bare minimum.
+and the size of your choice (in MiB). This is the bare minimum.
There are also features like `webdav` or `sshfs` that can be used to
-access your files.
+access your files.
Currently implemented features:
* WebDAV
* SSHFS
Important note is that if you use any of the features listed above you
will have to add according files as well. For more info, please consult
-the README file inside the `conf/` directory.
+the README file inside the `conf/` directory.
##### Delete hook
```
diff --git a/conf/README b/conf/README
@@ -1,8 +1,7 @@
Here's some more info on the features
# WebDAV
-To generate a WebDAV login entry by yourself, issue the
-following command:
+To generate a WebDAV login entry by yourself, issue the following command:
####################
`echo -n "yourUsername:WebDAV:" \
@@ -11,7 +10,7 @@ following command:
| awk '{print $1}'`
####################
-Add it to the 'davpasswd' file which is located in
+Add it to the 'davpasswd' file which is located in
/etc/apache2/DAV/davpasswd on your coffin box. Or add it now here,
before installation.
diff --git a/conf/config.sh b/conf/config.sh
@@ -8,7 +8,7 @@
[[ $1 == "checkdep" ]] && {
missing=()
which apache2 >/dev/null || missing+=(apache)
- which cryptsetup >/dev/null || missing+=(cryptsetup)
+ which cryptsetup >/dev/null || missing+=(cryptsetup)
which inotifywatch >/dev/null || missing+=(inotify-tools)
which wipe >/dev/null || missing+=(wipe)
which pinentry >/dev/null || missing+=(pinentry)
@@ -43,6 +43,7 @@ edit-sudo() {
print "%coffin `hostname`=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
[[ $? = 0 ]] && print "Added coffin group to sudoers"
elif [[ $1 == "remove" ]]; then
+ # FIXME: doesn't write to sudoers
tmp=`sed '/^%coffin / d' /etc/sudoers`
print $tmp | (EDITOR="tee" visudo)
[[ $? = 0 ]] && print "Removed coffin group from sudoers"
@@ -51,7 +52,7 @@ edit-sudo() {
# because all cool software has snowmen in them
[[ $1 == "snowman" ]] && {
- pushd `pwd`/conf
+ pushd `pwd`/conf
groupadd coffin && print "created coffin group"
gpasswd -a www-data coffin && print "added www-data to coffin group"
@@ -61,7 +62,7 @@ edit-sudo() {
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
-keyout coffin.key -out coffin.pem
[[ $? = 0 ]] || {
- print "Failed generating openssl certificate."
+ print "Failed generating openssl certificate."
return 1
}
@@ -83,7 +84,7 @@ edit-sudo() {
for i in $apachemods; do
a2enmod $i
done
-
+
# [[ -f /etc/apache2/sites-enabled/000-default.conf ]] && a2dissite 000-default.conf
[[ -f /etc/apache2/sites-enabled/coffindav.conf ]] || a2ensite coffindav.conf
@@ -100,7 +101,7 @@ edit-sudo() {
print "######################################"
fprint=`openssl x509 -noout -in coffin.pem -fingerprint \
- | awk -F\= '{print $2}'`
+ | awk -F\= '{print $2}'`
print "The fingerptint of your SSL certificate is: $fprint"
print "Compare it and/or set is as trusted when you connect to coffin."
print "######################################"
@@ -124,13 +125,19 @@ edit-sudo() {
rm -rv /home/graveyard/DAV
rm -v /etc/apache2/sites-available/coffindav.conf
+ #apachemods=(dav dav_fs dav_lock ssl)
+ #print "Enabling Apache modules..."
+ #for i in $apachemods; do
+ # a2enmod $i
+ #done
+
/etc/init.d/apache2 restart
}
sed -i '/^DAVLockDB / d' /etc/apache2/apache2.conf
[[ $? = 0 ]] && print "removed entry from apache2.conf"
# groupdel coffin
- edit-sudo remove
+ edit-sudo remove
# rm -v /etc/init.d/coffin
rm -rv /etc/ssl/coffin
diff --git a/src/coffinrc b/src/coffinrc
@@ -3,7 +3,7 @@
# Careful!
# Directory where you keep all your tombs and data
-# Reminder that the default is already installed,
+# Reminder that the default is already installed,
# and the directory group owner must be 'coffin'
# with permissions 770
GRAVEYARD /home/graveyard
diff --git a/src/zlibs/config b/src/zlibs/config
@@ -4,11 +4,11 @@ parse-config() {
act "Found config file. Parsing..."
ttmp=`awk '
- /^#/ { next }
+ /^#/ { next }
/^GRAVEYARD / { printf "GRAVEYARD=\"%s\";", $2 }
/^KEYMOUNT / { printf "KEYMOUNT=\"%s\";", $2 }
/^TOMB / { printf "TOMB=\"%s\";", $2 }
- ' "$R/.coffinrc"`
+ ' "$R/.coffinrc"`
{ test $? = 0 } || {
die "Error parsing config file."
return 1
diff --git a/src/zlibs/features b/src/zlibs/features
@@ -10,7 +10,7 @@ create-webdav-hook() {
[[ -f $COFFINDOT/davinfo ]] && {
cat $COFFINDOT/davinfo >> /etc/apache2/davpasswd
- [[ $? = 0 ]] && {
+ [[ $? = 0 ]] && {
rm $COFFINDOT/davinfo
gpasswd -a www-data $undertaker
act "Added new WebDAV user"
@@ -29,7 +29,7 @@ create-webdav-hook() {
fi
}
-delete-webdav-hook() {
+delete-webdav-hook() {
fn delete-webdav-hook $*
req=(tombid)
tombid="$1"
@@ -53,7 +53,7 @@ create-sshfs-hook() {
cat $COFFINDOT/$tombid.pub >> /home/$undertaker/.ssh/authorized_keys
chown -R $undertaker:$undertaker /home/$undertaker/.ssh
chmod 700 /home/$undertaker/.ssh && chmod 600 /home/$undertaker/.ssh/authorized_keys
-
+
[[ $? = 0 ]] && act "Wrote to authorized_keys" \
&& act "Done setting up SSH"
@@ -63,7 +63,7 @@ create-sshfs-hook() {
fi
}
-delete-sshfs-hook() {
+delete-sshfs-hook() {
fn delete-sshfs-hook $*
req=(undertaker tombid)
undertaker="$1"
diff --git a/src/zlibs/hooks b/src/zlibs/hooks
@@ -41,7 +41,7 @@ create-new-tomb() {
$(id $undertaker &>/dev/null)
[[ $? = 0 ]] || {
- warn "User $undertaker not found. Creating..."
+ warn "User $undertaker not found. Creating..."
useradd -G coffin -m -s /bin/nologin $undertaker
act "Created user $undertaker"
}
@@ -51,21 +51,21 @@ create-new-tomb() {
sudo -u $undertaker $TOMB dig -s $tombsize $GRAVEYARD/$tombid.tomb || \
(die "Digging went downhill. Cleaning and exiting" && \
clean-failed-hook)
-
+
sudo -u $undertaker $TOMB forge $GRAVEYARD/$tombid.key \
--unsafe \
--tomb-pwd "$keypass" || \
(die "Forging key went downhill. Cleaning and exiting" && \
- clean-failed-hook)
+ clean-failed-hook)
sudo -u $undertaker $TOMB lock $GRAVEYARD/$tombid.tomb \
-k $GRAVEYARD/$tombid.key \
--unsafe \
--tomb-pwd "$keypass" || \
(die "Locking tomb went downhill. Cleaning and exiting" && \
- clean-failed-hook)
+ clean-failed-hook)
- xxx "Moving your keyfile to your USB key..."
+ xxx "Moving your keyfile to your USB key..."
mv $GRAVEYARD/$tombid.key $COFFINDOT/ && \
chown $undertaker:$undertaker $COFFINDOT/$tombid.key && \
xxx "Moved and chowned keyfile"
@@ -91,24 +91,24 @@ delete-tomb() {
tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid"
[[ $(id $undertaker &>/dev/null) ]] || {
- die "User $undertaker not found. Exiting..."
+ die "User $undertaker not found. Exiting..."
return 1
}
[[ -f $GRAVEYARD/$tombid.tomb ]] || {
- die "Tomb $tombid.tomb not found. Exiting..."
+ die "Tomb $tombid.tomb not found. Exiting..."
return 1
}
[[ -f $COFFINDOT/$tombid.key ]] || {
- die "Key of $tombid not found. Exiting..."
+ die "Key of $tombid not found. Exiting..."
return 1
}
compare-key
[[ $? = 0 ]] && {
sudo -u $undertaker $TOMB slam $tombid
-
+
grep -v ${undertaker}:${tombid} $TTAB > $TTAB.tmp
[[ $? = 0 ]] && mv $TTAB.tmp $TTAB && \
act "Removed from ttab"
diff --git a/src/zlibs/keyfiles b/src/zlibs/keyfiles
@@ -4,7 +4,7 @@ hash-key() {
fn hash-key
vars+=(keyhash)
keyhash=""
-
+
keyhash=${$(sha256sum $COFFINDOT/$tombid.key)[(ws: :)1]}
xxx "sha256 of keyfile: $keyhash"
}
@@ -32,15 +32,15 @@ compare-key() {
# /-iit5N)KWG%%8%%%%W8%ZWM(8YZvD)XN(@. [ \]!/GXW[
# / ))G8\NMN%W%%%%%%%%%%8KK@WZKYK*ZG5KMi,- vi[NZGM[
# i\!(44Y8K%8%%%**~YZYZ@%%%%%4KWZ/PKN)ZDZ7 c=//WZK%! This is a euphemism for how my code is structured.
-# ,\v\YtMZW8W%%f`,`.t/bNZZK%%W%%ZXb*K(K5DZ -c\\/KM48
-# -|c5PbM4DDW%f v./c\[tMY8W%PMW%D@KW)Gbf -/(=ZZKM8[ If you're reading this, you have probably been put
+# ,\v\YtMZW8W%%f`,`.t/bNZZK%%W%%ZXb*K(K5DZ -c\\/KM48
+# -|c5PbM4DDW%f v./c\[tMY8W%PMW%D@KW)Gbf -/(=ZZKM8[ If you're reading this, you have probably been put
# 2(N8YXWK85@K -'c|K4/KKK%@ V%@@WD8e~ .//ct)8ZK%8` in charge of maintaining this program.
-# =)b%]Nd)@KM[ !'\cG!iWYK%%| !M@KZf -c\))ZDKW%`
+# =)b%]Nd)@KM[ !'\cG!iWYK%%| !M@KZf -c\))ZDKW%`
# YYKWZGNM4/Pb '-VscP4]b@W% 'Mf` -L\///KM(%W! I am so, so sorry for you.
-# !KKW4ZK/W7)Z. '/cttbY)DKW% -` .',\v)K(5KW%%f
+# !KKW4ZK/W7)Z. '/cttbY)DKW% -` .',\v)K(5KW%%f
# 'W)KWKZZg)Z2/,!/L(-DYYb54% ,,`, -\-/v(((KK5WW%f God speed.
# \M4NDDKZZ(e!/\7vNTtZd)8\Mi!\-,-/i-v((tKNGN%W%%
-# 'M8M88(Zd))///((|D\tDY\\KK-`/-i(=)KtNNN@W%%%@%[
+# 'M8M88(Zd))///((|D\tDY\\KK-`/-i(=)KtNNN@W%%%@%[
# !8%@KW5KKN4///s(\Pd!ROBY8/=2(/4ZdzKD%K%%%M8@%%
# '%%%W%dGNtPK(c\/2\[Z(ttNYZ2NZW8W8K%%%%YKM%M%%.
# *%%W%GW5@/%!e]_tZdY()v)ZXMZW%W%%%*5Y]K%ZK%8[
diff --git a/src/zlibs/ttab b/src/zlibs/ttab
@@ -11,14 +11,14 @@ ttab-magic() {
act "Found line $line..."
[[ ${entry[(ws@:@)3]} == "true" ]] && {
- act "Working on tomb from line $line"
+ act "Working on tomb from line $line"
undertaker=${entry[(ws@:@)1]} && xxx "Undertaker: $undertaker"
tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid"
compare-key
[[ $? = 0 ]] && {
- act "compare-key -> true"
+ act "compare-key -> true"
sudo -u $undertaker $TOMB slam $tombid
cp $TOMBS $TMPTOMBS
@@ -35,7 +35,7 @@ ttab-magic() {
keypass=$(grep $keyhash $TOMBPASSWD)
keypass=${keypass[(ws@:@)2]}
xxx "Key password: $keypass"
-
+
sudo -u $undertaker $TOMB open $GRAVEYARD/$tombid.tomb \
-k $COFFINDOT/$tombid.key \
--unsafe \
@@ -44,7 +44,7 @@ ttab-magic() {
[[ $? = 0 ]] || { die "Tomb didn't open" && return 1 }
[[ -d "/media/$tombid" ]] && {
- chmod g+rw /media/$tombid
+ chmod g+rw /media/$tombid
print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \
chmod 600 $TOMBS && \
act "Added info to $TOMBS"