commit 613fb37cc7cfcdd4274266be435e1d19d49397ee
parent 4727c052fae8bff398e479a7ad296aceb3799c79
Author: Jaromil <jaromil@dyne.org>
Date: Sun, 30 Jan 2011 23:25:01 +0100
integrations from the work branch
documentation updates for the 0.9 release
Diffstat:
4 files changed, 31 insertions(+), 184 deletions(-)
diff --git a/README b/README
@@ -13,11 +13,9 @@ X~ `?888888hx~ ...ue888b .888: x888 x888. 8888 .
^"***"` "`
a simple commandline tool to manage encrypted storage v.0.9
- http://crypto.dyne.org by Jaromil @ dyne.org
- Tomb development is supported by: NOONE.
- Would you like to support it and engrave your name on this software?
- Contact me!
+ http://tomb.dyne.org
+
Tomb aims to be a free and open source system for easy encryption and
backup of personal files, written in code that is easy to review and
@@ -25,11 +23,8 @@ links shared OS components.
At present time, Tomb consists of a simple shell script (Zsh) using
standard filesystem tools (GNU) and the cryptographic API of the Linux
-kernel (cryptsetup and LUKS).
-
-In future Tomb will grow to facilitate proper use of encryption by
-unexperienced users, probably also prividing a graphical user
-interface, as well a porting to Apple/OSX.
+kernel (cryptsetup and LUKS), plus a status tray application which
+integrates in your desktop.
** Who needs Tomb
@@ -47,8 +42,7 @@ be interoperable across popular GNU/Linux operating systems.
Tomb generates 'key files' and protects them with a password choosen
by the user; the key files are then used to encrypt loop-back mounted
partitions, like single files containing a filesystem inside: this way
-keys can be separated from data for safer transports when
-required.
+keys can be separated from data for safer transports when required.
** Stage of development
@@ -67,33 +61,8 @@ Code is pretty short and readable: start looking around it and the
materials found in doc/ which are good pointers at security measures
to be further implemented.
-Best of all at this stage would be if you like to code a Graphical
-Interface, possibly in QT4, that would use the script to make simple
-operations: something pretty easy and intuitive, with a few big
-buttons, for unexperienced users, can be a good start.
-
-** Aren't there enough encryption tools already?
-
-I've felt the urgency of publishing Tomb for other operating systems
-than dyne:bolic since the current situation with TrueCrypt[1] is far
-from optimal. TrueCrypt makes use of statically linked libraries, its
-code is not hosted on CVS nor considered free[2] by GNU/Linux
-distributions because of liability reasons, see Debian[3], Ubuntu[4],
-Suse[5], Gentoo[6] and Fedora[7].
-
-Seen from this perspective, Tomb is intended as a rewrite of most
-functionalities offered by TrueCrypt in a new application, confident
-it won't take much relying on previous experience and aiming at:
-
- - short and readable code, linking shared libs and common components
- - easy graphical interface, simple for ad-hoc (DIY-deniable)
- - transparent and distributed development hosted using GIT
- - GNU General Public License v3
-
-[1] [http://en.wikipedia.org/wiki/TrueCrypt]
-[2] [http://lists.freedesktop.org/archives/distributions/2008-October/000276.html]
-[3] [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034]
-[4] [https://bugs.edge.launchpad.net/ubuntu/+bug/109701]
-[5] [http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html]
-[6] [http://bugs.gentoo.org/show\_bug.cgi?id=241650]
-[7] [https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt]
+Enthusiastic ideas are in the TODO file.
+
+Donations are always welcome, see http://dyne.org/donate
+
+More about who is currently involved in the AUTHORS file.
diff --git a/README.muse b/README.muse
@@ -1,133 +0,0 @@
-#title Tomb - The Crypto Undertaker
-#author Jaromil
-
-<contents>
-
-* Tomb - RIP
-
-
-<example>
- ..... ..
- .H8888888h. ~-. . uW8"
- 888888888888x `> u. .. . : `t888
-X~ `?888888hx~ ...ue888b .888: x888 x888. 8888 .
-' x8.^"*88*" 888R Y888r ~`8888~'888X`?888f` 9888.z88N
- `-:- X8888x 888R I888> X888 888X '888> 9888 888E
- 488888> 888R I888> X888 888X '888> 9888 888E
- .. `"88* 888R I888> X888 888X '888> 9888 888E
- x88888nX" . u8888cJ888 X888 888X '888> 9888 888E
- !"*8888888n.. : "*888*P" "*88%""*88" '888!` .8888 888"
-' "*88888888* 'Y" `~ " `"` `%888*%"
- ^"***"` "`
-
- a simple commandline tool to manage encrypted storage v.0.9
- http://tomb.dyne.org by Jaromil @ dyne.org
-</example>
-
-** Introduction
-
-Tomb aims to be an 100% free and open source system for easy
-encryption and backup of personal files, written in code that is easy
-to review and links commonly shared components.
-
-At present time Tomb is easy to install and use, it mainly consists of
-a Shell script and some auxiliary C code for desktop integration,
-making use of GNU tools and the cryptographic API of the Linux kernel.
-
-*** Who needs Tomb
-
-Our target community are desktop users with no time to click around,
-sometimes using old or borrowed computers, operating in places
-endangered by conflict where a leak of personal data can be a threat.
-
-If you don't own a laptop then it's possible to go around with a USB
-stick and borrow computers, still leaving no trace and keeping your
-data safe during transports. Tomb aims to facilitate all this and to
-be interoperable across popular GNU/Linux operating systems.
-
-*** Aren't there enough encryption tools already?
-
-We've felt the urgency of publishing Tomb for other operating systems
-than dyne:bolic since the current situation with [[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] is far from
-optimal. TrueCrypt makes use of statically linked libraries, its code
-is not hosted on CVS and is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by GNU/Linux
-distributions because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]][4],
-Suse[5], Gentoo[6] and Fedora[7].
-
-Seen from this perspective, Tomb is intended as a rewrite of most
-functionalities offered by TrueCrypt in a new application, confident
-it won't take much relying on previous experience and aiming at:
-
- - short and readable code, linking shared libs and common components
- - easy graphical interface, simple for ad-hoc (DIY-deniable)
- - transparent and distributed development hosted using GIT
- - GNU General Public License v3
-
-[1] http://en.wikipedia.org/wiki/TrueCrypt
-[2] http://lists.freedesktop.org/archives/distributions/2008-October/000276.html
-[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034
-[4] https://bugs.edge.launchpad.net/ubuntu/+bug/109701
-[5] http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html
-[6] http://bugs.gentoo.org/show\_bug.cgi?id=241650
-[7] https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt
-
-*** How does it works
-
-Tomb generates 'key files' and protects them with a password choosen
-by the user; the key files are then used to encrypt loop-back mounted
-partitions, like single files containing a filesystem inside: this way
-keys can be separated from data for safer transports when
-required.
-
-** Downloads
-
-For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
-
-Below a list of formats you can download this application: ready to be
-run with some of the interfaces developed, as a library you can use to
-build your own application and as source code you can study.
-
-*** Code repository
-
-Latest stable release is 0.9 (25 January 2011) more about it in the
-[[ftp://ftp.dyne.org/tomb/NEWS][NEWS]] and [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]]
-
-Source releases are checked and signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]].
-
-On [[ftp://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you find all present and past Tomb releases,
-source code for extra plugins and more binaries that we occasionally
-build for various architectures.
-
-The bleeding edge version is developed on our [[http://code.dyne.org][code repository]] using
-**GIT**, you can clone the repository free and anonymously
-
-<example>
- git clone git://code.dyne.org/tomb.git
-</example>
-
-
-** Development
-
-
-*** Stage of development
-
-Tomb is an evolution of the 'mknest' tool developed for the dyne:bolic
-GNU/Linux distribution, which is used by its 'nesting' mechanism to
-encrypt the Home directory of users.
-
-As such, it uses well tested and reviewed routines and its shell code
-is pretty readable. The name transition from 'mknest' to 'tomb' is
-marked by the adaptation of mknest to work on the Debian operating
-system, used by its author in the past 3 years.
-
-*** How can you help
-
-Code is pretty short and readable: start looking around it and the
-materials found in doc/ which are good pointers at security measures
-to be further implemented.
-
-Have a look in the TODO file to see what our plans are.
-
-At the moment we can use some good help in porting this tool on
-M$/Windows and Apple/OSX, still keeping the minimal approach we all
-love.
diff --git a/doc/web/views/index.muse b/doc/web/views/index.muse
@@ -106,7 +106,7 @@ text terminal.
[*] Options:
. -h print this help
. -v print out the version information for this tool
- . -s size of the storage file when creating one (in MB)
+ . -s size of the storage file when creating one (MB)
. -k path to the key to use for decryption
. -S acquire super user rights if possible
.
diff --git a/src/tomb b/src/tomb
@@ -191,12 +191,12 @@ while true; do
case "$1" in
-h)
act ""
- notice "Syntax: tomb [options] command [file] [mountpoint | size]"
+ notice "Syntax: tomb [options] command [file] [mountpoint]"
act ""
notice "Options:"
act "-h print this help"
act "-v print out the version information for this tool"
- act "-s size of the storage file when creating one (in MBytes)"
+ act "-s size of the storage file when creating one (MB)"
act "-k path to the key to use for decryption"
act "-S acquire super user rights if possible"
act ""
@@ -271,7 +271,7 @@ tombdir=${HOME}/.tomb
tombtab=${tombdir}/fstab
if ! [ -r ${tombtab} ]; then
act "creating tomb filesystem tab in your home"
- mkdir -p ${HOME}/.tomb
+ mkdir -m 0700 -p ${HOME}/.tomb
echo "# entombed filesystem information, see man tomb (TODO)" > ${tombtab}
echo "# format here is similar to the system wide fstab" >> ${tombtab}
echo "# <file system> <mount point> <type> <options> <key>" >> ${tombtab}
@@ -279,6 +279,11 @@ fi
create_tomb() {
+ if [ -e "$FILE" ]; then
+ error "$FILE exists already. I'm not digging here."
+ exit 1
+ fi
+
notice "Creating a new tomb"
if [ -z $SIZE ]; then
if [ $MOUNT ]; then
@@ -294,7 +299,7 @@ create_tomb() {
# make sure the file has a .tomb extension
FILE="${FILE%\.*}.tomb"
- SIZE_4k=`expr \( $SIZE \* 1000 \) / 4`
+ SIZE_4k=`expr $SIZE \* 1000 / 4`
act "Generating ${FILE} of ${SIZE}Mb (${SIZE_4k} blocks of 4Kb)"
# TODO: use dd_rescue
$DD if=/dev/urandom bs=4k count=${SIZE_4k} of=${FILE}
@@ -357,7 +362,7 @@ create_tomb() {
if ! [ -e ${usbkey_mount} ]; then
error "cannot save the key in a separate place, move it yourself later."
else
- mkdir -p ${usbkey_mount}/.tomb
+ mkdir -m 0700 -p ${usbkey_mount}/.tomb
cp -v ${FILE}.gpg ${usbkey_mount}/.tomb/
chmod -R go-rwx ${usbkey_mount}/.tomb
${WIPE[@]} ${FILE}.gpg
@@ -469,6 +474,11 @@ mount_tomb() {
fsck -p -C0 /dev/mapper/${mapper}
mount -o rw,noatime,nodev /dev/mapper/${mapper} ${MOUNT}
+
+ # Ensure the user can write the disk
+ ME=${SUDO_USER:-$(whoami)}
+ chmod 0750 ${MOUNT}
+ chown $(id -u $ME):$(id -g $ME) ${MOUNT}
notice "encrypted storage $FILE succesfully mounted on $MOUNT"
( exec_as_user tomb-status ${mapper} ${FILE} ${MOUNT} ) &
@@ -480,16 +490,16 @@ umount_tomb() {
if [ -z $FILE ]; then
- how_many_tombs="`ls /dev/mapper/tomb* 2>/dev/null | wc -w`"
+ how_many_tombs=$(2>/dev/null (ls /dev/mapper/tomb.* | wc -w))
if [ $how_many_tombs = 0 ]; then
error "there is no open tomb to be closed"
exit 0
elif [ $how_many_tombs = 1 ]; then
- mapper=`ls /dev/mapper/tomb* 2>/dev/null`
+ mapper=`ls /dev/mapper/tomb.* 2>/dev/null`
FILE=`mount | grep $mapper | awk '{print $3}'`
else
error "too many tombs mounted, please specify which to unmount:"
- ls /dev/mapper/tomb*
+ ls /dev/mapper/tomb.*
exit 1
fi
@@ -501,7 +511,8 @@ umount_tomb() {
mapper=/dev/mapper/${FILE}
else
error "tomb not found: $FILE"
- error "please specify an existing /dev/mapper/tomb*"
+ error "please specify an existing /dev/mapper/tomb.*"
+ ls /dev/mapper/tomb.*
exit 1
fi
# FILE=`mount | grep $mapper | awk '{print $3}'`
