tmeditation - coffin - secure lan file storage on a device
(HTM) git clone git://parazyd.org/coffin.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) Submodules
(DIR) README
(DIR) LICENSE
---
(DIR) commit 80b539b360ebc00c063e06cba6324aa28740d0e3
(DIR) parent ebb5d5c4ec031e2a774a97301db08f918e6146cd
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Wed, 30 Mar 2016 00:57:37 +0200
meditation
Diffstat:
M Makefile | 5 ++---
M conf/config.sh | 82 ++++++++++++++++++-------------
A conf/init.skel | 21 +++++++++++++++++++++
D conf/initscript-deb | 95 ------------------------------
M src/Tomb/Makefile | 33 +++++++++++++------------------
R src/Tomb/kdf-keys/benchmark.c -> s… | 0
D src/Tomb/doc/Makefile.am | 6 ------
D src/Tomb/doc/tomb.1 | 467 -------------------------------
R src/Tomb/kdf-keys/gen_salt.c -> sr… | 0
R src/Tomb/kdf-keys/hexencode.c -> s… | 0
D src/Tomb/kdf-keys/.gitignore | 4 ----
D src/Tomb/kdf-keys/Makefile | 19 -------------------
D src/Tomb/kdf-keys/README | 27 ---------------------------
D src/Tomb/kdf-keys/test.sh | 22 ----------------------
D src/Tomb/kdf-keys/test.txt | 0
R src/Tomb/kdf-keys/pbkdf2.c -> src/… | 0
A src/coffin | 25 +++++++++++++++++++++++++
D src/coffinrc | 15 ---------------
D src/mourner | 23 -----------------------
M src/sacrist | 13 ++++++-------
D src/zlibs/config | 19 -------------------
M src/zlibs/features | 8 ++++----
22 files changed, 119 insertions(+), 765 deletions(-)
---
(DIR) diff --git a/Makefile b/Makefile
t@@ -1,14 +1,13 @@
all:
- make -C src/Tomb/kdf-keys
+ make -C src/Tomb
@./conf/config.sh checkdep
install:
make -C src/Tomb install
- make -C src/Tomb/kdf-keys install
@./conf/config.sh snowman
clean:
- make -C src/Tomb/kdf-keys clean
+ make -C src/Tomb clean
uninstall:
@./conf/config.sh unsnowman
(DIR) diff --git a/conf/config.sh b/conf/config.sh
t@@ -31,25 +31,45 @@
}
# `make install`
-[[ $1 == "snowman" || $1 == "unsnowman" ]] && {
- [[ $UID = 0 ]] || {
- print "You must run this as root!"
- return 1
- }
-}
+#[[ $1 == "snowman" || $1 == "unsnowman" ]] && {
+# [[ $UID = 0 ]] || {
+# print "You must run this as root!"
+# return 1
+# }
+#}
edit-sudo() {
if [[ $1 == "add" ]]; then
print "%coffin `hostname`=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
[[ $? = 0 ]] && print "Added coffin group to sudoers"
elif [[ $1 == "remove" ]]; then
- # FIXME: doesn't write to sudoers
- tmp=`sed '/^%coffin / d' /etc/sudoers`
+ tmp=`sed '/^%coffin / d' /etc/sudoers`
print $tmp | (EDITOR="tee" visudo)
[[ $? = 0 ]] && print "Removed coffin group from sudoers"
fi
}
+generate-init() {
+ cat <<EOF | tee tempinit
+#!/bin/bash
+
+### BEGIN INIT INFO
+# Provides: coffin
+# Required-Start: \$local_fs \$network
+### END INIT INFO
+
+# Author: parazyd <parazyd@dyne.org>
+
+NAME=coffin
+DESC="coffin daemon"
+COFFINDIR=/usr/local/share/coffin
+DAEMON=\$COFFINDIR/bin/\$NAME
+COFFINPID=\$COFFINPIDDIR/coffin.pid
+EOF
+ cat tempinit init.skel > initscript-$distro
+ rm tempinit
+}
+
update-init() {
# TODO: rearrange this into another function and add other distros
update-rc.d
t@@ -71,7 +91,6 @@ ckdistro() {
gpasswd -a www-data coffin && print "added www-data to coffin group"
# ssl
- print "Generating ssl certificate..."
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
-keyout coffin.key -out coffin.pem
[[ $? = 0 ]] || {
t@@ -79,18 +98,17 @@ ckdistro() {
return 1
}
- install -Dm640 -d /etc/ssl/coffin
- install -Dm440 coffin.pem /etc/ssl/coffin/
- install -Dm400 coffin.key /etc/ssl/coffin/
+ install -Dm440 coffin.pem /etc/ssl/coffin/coffin.pem
+ install -Dm400 coffin.key /etc/ssl/coffin/coffin.key
print "Done!"
- # Apache
- install -Dm774 -g www-data -d /etc/apache2/DAV
+ # apache
+ install -Dm775 -g www-data -d /etc/apache2/DAV
[[ `grep '^DAVLockDB ' /etc/apache2/apache2.conf` ]] || {
print "DAVLockDB /etc/apache2/DAV/DAVLock" >> /etc/apache2/apache2.conf
}
- install -Dm600 davpasswd /etc/apache2/DAV/
- install -Dm640 coffindav.conf /etc/apache2/sites-available/
+ install -Dm600 davpasswd /etc/apache2/DAV/davpasswd
+ install -Dm640 coffindav.conf /etc/apache2/sites-available/coffindav.conf
apachemods=(dav dav_fs dav_lock ssl)
print "Enabling Apache modules..."
t@@ -107,9 +125,10 @@ ckdistro() {
edit-sudo add
install -Dm770 -g coffin -d /home/graveyard
- install -Dm755 initscript-$distro /etc/init.d/coffin
+ generate-init
update-init
+ install -Dm755 initscript-$distro /etc/init.d/coffin
print "Successfully installed and configured coffin!"
print "You can start it with '/etc/init.d/coffin start'"
t@@ -123,7 +142,7 @@ ckdistro() {
print ""
popd
- return 0
+ #return 0
}
# `make uninstall`
t@@ -133,36 +152,29 @@ ckdistro() {
/etc/init.d/coffin stop
- # uncomment if you wish to revert apache
- #revert=true
+ # comment if you wish to keep apache
+ revert=true
[[ $revert == "true" ]] && {
a2dissite coffindav.conf
a2ensite 000-default.conf
rm -rv /home/graveyard/DAV
rm -v /etc/apache2/sites-available/coffindav.conf
- #apachemods=(dav dav_fs dav_lock ssl)
- #print "Enabling Apache modules..."
- #for i in $apachemods; do
- # a2enmod $i
- #done
+ apachemods=(dav dav_fs dav_lock ssl)
+ print "Enabling Apache modules..."
+ for i in $apachemods; do
+ a2enmod $i
+ done
+ sed -i '/^DAVLockDB / d' /etc/apache2/apache2.conf
+ [[ $? = 0 ]] && print "removed entry from apache2.conf"
/etc/init.d/apache2 restart
}
- sed -i '/^DAVLockDB / d' /etc/apache2/apache2.conf
- [[ $? = 0 ]] && print "removed entry from apache2.conf"
# groupdel coffin
edit-sudo remove
- # rm -v /etc/init.d/coffin
- rm -rv /etc/ssl/coffin
- rm -v src/tomb-kdb-hexencode
- rm -v src/tomb-kdb-pbkdf2
- rm -v src/tomb-kdb-pbkdf2-gensalt
- rm -v src/tomb-kdb-pbkdf2-getiter
- rm -v src/tomb
- rm -v /etc/init.d/coffin
+ rm -rv /usr/local/share/coffin
update-init
}
(DIR) diff --git a/conf/init.skel b/conf/init.skel
t@@ -0,0 +1,21 @@
+text -x $DAEMON || exit 0
+
+case "$1" in
+ start)
+ log_action_begin_msg "Starting $DESC"
+ nohup $DAEMON &
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC"
+ pid=`cat $COFFINPID 2>/dev/null`
+ kill $pid && rm $COFFINPID
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+esac
+exit 0
+
+# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
(DIR) diff --git a/conf/initscript-deb b/conf/initscript-deb
t@@ -1,95 +0,0 @@
-#!/bin/bash
-
-### BEGIN INIT INFO
-# Provides: coffin
-# Required-Start: $local_fs $network $
-# Required-Stop: $remote_fs $syslog
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Example initscript
-# Description: This file should be used to construct scripts to be
-# placed in /etc/init.d. This example start a
-# single forking daemon capable of writing a pid
-# file. To get other behavoirs, implemend
-# do_start(), do_stop() or other functions to
-# override the defaults in /lib/init/init-d-script.
-### END INIT INFO
-
-# Author: parazyd <parazyd@dyne.org>
-
-DAEMON=/usr/src/coffin/run/coffin
-NAME=coffin
-DESC="coffin daemon"
-COFFINPIDDIR=/usr/src/coffin/run
-COFFINPID=$COFFINPIDDIR/coffin.pid
-WAITFORDAEMON=20
-
-text -x $DAEMON || exit 0
-
-wait-for-dead-daemon() {
- pid=$1
- sleep 1
- if test -n "$pid"; then
- if kill -0 $pid 2>/dev/null ; then
- cnt=0
- while kill -0 $pid 2>/dev/null ; do
- cnt=`expt $cnt + 1`
- if [ $cnt -gt $WAITFORDAEMON ]; then
- log_action_end_msg 1 "still running"
- exit 1
- fi
- sleep 1
- [ "`expt $cnt % 3`" != 2 ] || log_action_cont_msg ""
- done
- fi
- fi
- log_action_end_msg 0
-}
-
-case "$1" in
- start)
- log_action_begin_msg "Starting $DESC"
-
- if start-stop-daemon --stop --signal 0 --quiet --pidfile $COFFINPID --exec $DAEMON; then
- log_action_end_msg 0 "already running"
- else
- if start-stop-daemon --start --quiet \
- --pidfile $COFFINPID \
- --exec $DAEMON --
- then
- log_action_end_msg 0
- else
- log_action_end_msg 1
- exit 1
- fi
- fi
- ;;
- stop)
- log_daemon_msg "Stopping $DESC"
- pid=`cat $COFFINPID 2>/dev/null` || true
-
- if test ! -f $COFFINPID -o -z "$pid"; ten
- log_action_end_msg 0 "not running - there is no $COFFINPID"
- exit 0
- fi
-
- if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON; then
- wait-for-dead-daemon $pid
- elif kill -0 $pid 2>/dev/null; then
- log_action_end_msg 1 "is $pid not $NAME? is $DAEMON a different binary now?"
- exit 1
- else
- log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
- exit 1
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
-esac
-
-exit 0
-
-# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
(DIR) diff --git a/src/Tomb/Makefile b/src/Tomb/Makefile
t@@ -1,25 +1,20 @@
-PROG = tomb
-PREFIX = ../
-REALPREFIX = $(realpath $(PREFIX))
+PREFIX = /usr/local/share/coffin/bin
all:
- @echo
- @echo "Tomb is a script and does not need compilation, it can be simply executed."
- @echo
- @echo "To install it in /usr/local together with its manpage use 'make install'."
- @echo
- @echo "To run Tomb one needs to have some tools installed on the system:"
- @echo "Sudo, cryptsetup, pinentry and gnupg. Also wipe is recommended."
- @echo
+ $(CC) -Os -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
+ $(CC) -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
+ $(CC) -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
+ $(CC) -O2 -o tomb-kdb-hexencode hexencode.c
+
+clean:
+ rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
install:
- install -Dm755 ${PROG} ${REALPREFIX}/${PROG}
- @echo
- @echo "Tomb is installed succesfully. To install language translations, make sure"
- @echo "gettext is also installed, then 'cd extras/translations' and 'make install' there."
+ install -Dm755 tomb ${PREFIX}/tomb
+ install -Dm755 tomb-kdb-pbkdf2 ${PREFIX}/tomb-kdb-pbkdf2
+ install -Dm755 tomb-kdb-pbkdf2-getiter ${PREFIX}/tomb-kdb-pbkdf2-getiter
+ install -Dm755 tomb-kdb-pbkdf2-gensalt ${PREFIX}/tomb-kdb-pbkdf2-gensalt
+ install -Dm755 tomb-kdb-hexencode ${PREFIX}/tomb-kdb-hexencode
@echo
- @echo "Look around the extras/ directory, it contains other interesting modules."
+ @echo "Tomb is installed succesfully."
@echo
-
-test:
- make -C extras/test
(DIR) diff --git a/src/Tomb/kdf-keys/benchmark.c b/src/Tomb/benchmark.c
(DIR) diff --git a/src/Tomb/doc/Makefile.am b/src/Tomb/doc/Makefile.am
t@@ -1,6 +0,0 @@
-
-man_MANS = tomb.1 tomb-open.1 tomb-status.1
-
-EXTRA_DIST = tomb.1 tomb-open.1 tomb-status.1 Luks_on_disk_format.pdf \
- New_methods_in_HD_encryption.pdf TKS1-draft.pdf
-
(DIR) diff --git a/src/Tomb/doc/tomb.1 b/src/Tomb/doc/tomb.1
t@@ -1,467 +0,0 @@
-.TH tomb 1 "November 26, 2014" "tomb"
-
-.SH NAME
-Tomb \- the Crypto Undertaker
-
-.SH SYNOPSIS
-.B
-.IP "tomb [options] command [arguments]"
-
-.SH DESCRIPTION
-
-Tomb is an application to manage the creation and access of encrypted
-storage files: it can be operated from commandline and it can
-integrate with a user's graphical desktop.
-
-Tomb generates encrypted storage files to be opened and closed using
-their associated keys, which are also protected with a password chosen
-by the user. To create, open and close tombs a user will need super
-user rights to execute the tomb commandline utility.
-
-A tomb is like a locked folder that can be safely transported and
-hidden in a filesystem; it encourages users to keep their keys
-separate from tombs, for instance keeping a tomb file on your computer
-harddisk and its key file on a USB stick.
-
-
-.SH COMMANDS
-
-.B
-.IP "dig"
-Generates a file that can be used as a tomb and will occupy as much
-space as its desired initial size, the unlocked \fI.tomb\fR file can
-then be locked using a \fIkey\fR. It takes a mandatory \fI-s\fR option which is
-the size in megabytes (MiB). Tombs are digged using
-low-quality random data (/dev/urandom).
-
-.B
-.IP "forge"
-Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to
-protect its usage. This operation requires high quality random data
-(/dev/random) which can take quite some time to be gathered on a
-server: it works better on a desktop where the mouse can be moved
-around for entropy. The default cipher to protect the key is AES256, a
-custom one can be specified using the \fI-o\fR option, for a list of
-supported ciphers use \fI-v\fR. For additional protection against
-dictionary attacks on keys, the (experimental) \fI--kdf\fR option can
-be used when forging a key, making sure that the \fItomb-kdb-pbkdf2\fR
-binaries in \fIextras/kdf\fR were compiled and installed on the
-system.
-
-.B
-.IP "lock"
-Initializes and locks an empty tomb (made with \fIdig\fR) using a key
-(made with \fIforge\fR), making it ready for usage. After this
-operation, the tomb can only be opened in possession of the key and
-knowing its password. As in any other command requiring a key, the
-option \fI-k\fR should be used to specify a key file. The \fI-o\fR
-option can be used to specify the cipher specification: default is
-"aes-xts-plain64:sha256", old versions of Tomb used "aes-cbc-essiv:sha256".
-If you are looking for something exotic, also try "serpent-xts-plain64".
-More options may be found in cryptsetup(8) and Linux documentation.
-This operation requires root privileges to loopback mount, format the tomb (using
-LUKS and Ext4), then set the key in its first LUKS slot.
-
-.B
-.IP "open"
-Opens an existing \fI.tomb\fR (first argument) using a key (\fI-k\fR),
-if a second argument is given it will indicate the \fImountpoint\fR
-where the tomb should be made accessible, else the tomb is mounted in
-a directory inside /media (if not available it uses /run/media/$USER).
-The option \fI-o\fR can be used to pass mount(8) options
-(default: rw,noatime,nodev).
-
-.B
-.IP "list"
-List all the tombs found open, including information about the time
-they were opened and the hooks that they mounted. If the first
-argument is present, then shows only the tomb named that way or
-returns an error if it's not found. If the option
-\fI--get-mountpoint\fR is used then print a simple list of currently
-open tomb mountpoint paths.
-
-.B
-.IP "index"
-Creates or updates the search indexes of all tombs currently open:
-enables use of the \fIsearch\fR command using simple word patterns on
-file names. Indexes are created using mlocate's updatedb(8) and
-swish-e(1) if they are found on the system. Indexes allow to search
-very fast for filenames and contents inside a tomb, they are stored
-inside it and are not accessible if the Tomb is closed. To avoid
-indexing a specific tomb simply touch a \fI.noindex\fR file in it.
-
-.B
-.IP "search"
-Takes any string as argument and searches for them through all tombs
-currently open and previously indexed using the \fIindex\fR command.
-The search matches filenames if mlocate is installed and then also
-file contents if swish++ is present on the system, results are listed
-on the console.
-
-.B
-.IP "close"
-Closes a currently open tomb. If more tombs are open, the first
-argument should be used to specify the name of the tomb to be closed,
-or \fIall\fR to close all currently open tombs. This command fails if
-the tomb is in use by running processes (to force close, see
-\fIslam\fR below).
-
-.B
-.IP "slam"
-Closes a tomb like the command \fIclose\fR does, but it doesn't fail
-even if the tomb is in use by other application processes: it looks
-for and violently kills \-9 each of them. This command may
-provoke unsaved data loss, but assists users to face surprise
-situations.
-
-
-.B
-.IP "passwd"
-Changes the password protecting a key file specified using
-\fI-k\fR. The user will need to know the key's current password, then
-its content will be decoded and reencoded using the new one. This
-action can't be forced if the current password is not known. If the
-key file is broken (missing headers) this function also attempts its
-recovery.
-
-.B
-.IP "setkey"
-Changes the key file that locks a tomb, substituting the old one with
-a new one. Both the old and the new key files are needed for this
-operation and their passwords must be known. The new key must be
-specified using the \fI-k\fR option, the first argument should be the old
-key and the second and last argument the tomb file.
-
-.B
-.IP "resize"
-Increase the size of a tomb file to the amount specified by the
-\fI-s\fR option, which is the new size in megabytes (MiB). Full access to the tomb using
-a key (\fI-k\fR) and its password is required. Tombs can only grow and
-can never be made smaller. This command makes use of the cryptsetup(8)
-resize feature and the resize2fs command: its much more practical than
-creating a new tomb and moving everything into it.
-
-.B
-.IP "engrave"
-This command transforms a tomb key into an image that can be printed
-on paper and physically stored as backup, i.e. hidden in a book. It
-Renders a QRCode of the tomb key, still protected by its password: a
-PNG image (extension \fI.qr.png\fR) will be created in the current
-directory and can be later printed (fits an A4 or Letter format). To
-recover an engraved key one can use any QRCode reader on a smartphone:
-save it into a file and then use that file as a key (\fI-k\fR).
-
-.B
-.IP "bury"
-Hides a tomb key (\fI-k\fR) inside a \fIjpeg image\fR (first argument)
-using \fIsteganography\fR: the image will change in a way that cannot
-be noticed by human eye and hardly detected by data analysis. This
-option is useful to backup tomb keys in unsuspected places; it depends
-from the availability of \fIsteghide\fR.
-
-.B
-.IP "exhume"
-This command recovers from jpeg images the keys that were previously
-hidden into them using \fIbury\fR. Exhume requires a key filename
-(\fI-k\fR) and a \fIjpeg image\fR file (first argument) known to be
-containing a key. If the right key password is given, the key will be
-exhumed. If the password is not known, it is very hard to verify if a
-key is buried in any image or not.
-
-.SH OPTIONS
-.B
-.B
-.IP "-k \fI<keyfile>\fR"
-For all operations requiring a key, this option specifies the location
-of the key file to use. Arguments can also be \fIjpeg image\fR files
-where keys have been hidden using the \fIbury\fR command, or text
-files retrieved from \fIengraved\fR QR codes. If the \fIkeyfile\fR
-argument is "-" (dash), Tomb will read the key from stdin (blocking).
-.B
-.IP "-n"
-Skip processing of post-hooks and bind-hooks if found inside the tomb.
-See the \fIHOOKS\fR section in this manual for more information.
-.B
-.IP "-o"
-Manually specify mount options to be used when opening a tomb instead
-of the default \fIrw,noatime,nodev\fR, i.e. to mount a tomb read-only
-(ro) to prevent any modification of its data. Can also be used to
-change the symmetric encryption algorithm for keys during \fIforge\fR
-operations (default \fIAES256\fR) or the LUKS encryption method during
-\fIlock\fR operations (default \fIaes-xts-plain64:sha256\fR).
-.B
-.IP "-f"
-Force flag, currently used to override swap checks, might be
-overriding more wimpy behaviours in future, but make sure you know
-what you are doing if you force an operation.
-.B
-.IP "-s \fI<MBytes>\fR"
-When digging or resizing a tomb, this option must be used to specify
-the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
-.B
-.IP "--kdf \fI<itertime>\fR"
-Activate the KDF feature against dictionary attacks when creating a
-key: forces a delay of \fI<itertime>\fR seconds every time this key is used.
-You should keep in mind that the actual iteration count is calculated based on
-the performance of the computer where you forge the key.
-The argument must be an integer, so you cannot say \fI--kdf 0.3\fR for 300ms.
-.B
-.IP "-h"
-Display a help text and quit.
-.B
-.IP "-v"
-Display version and quit.
-.B
-.IP "-q"
-Run more quietly
-.B
-.IP "-D"
-Print more information while running, for debugging purposes
-
-.SH DEV MODE
-.B
-.IP "--no-color"
-Suppress colors in console output (needed for string parsing by
-wrappers).
-.B
-.IP "--unsafe"
-Enable using dev-mode arguments, i.e. to pass passwords from
-commandline options. This is mostly used needed for execution by
-wrappers and testing suite.
-.B
-.IP "--use-urandom"
-Use an inferior quality random source to improve the speed of key
-generation at the cost of security (needed for the testing suite).
-.B
-.IP "--tomb-pwd <string>"
-Use string as password when needed on tomb.
-.B
-.IP "--tomb-old-pwd <string>"
-Use string as old password when needed in tomb commands requiring
-multiple keys, like \fIpasswd\fR or \fIsetkey\fR.
-.B
-.IP "-U"
-Switch to this user ID when dropping privileges.
-.B
-.IP "-G"
-Switch to this group ID when dropping privileges.
-.B
-.IP "-T"
-Switch to this TTY terminal when dropping privileges.
-
-.SH HOOKS
-
-Hooks are special files that can be placed inside the tomb and trigger
-actions when it is opened and closed; there are two kinds of such
-files: \fIbind-hooks\fR and \fIpost-hooks\fR can be placed in the
-base root of the tomb.
-
-.B
-.IP "bind-hooks"
-This hook file consists of a simple two column list of files or
-directories inside the tomb to be made directly accessible inside the
-current user's home directory. Tomb will use the "mount \-o bind"
-command to bind locations inside the tomb to locations found in $HOME
-so in the first column are indicated paths relative to the tomb and in
-the second column are indicated paths relative to $HOME contents, for
-example:
-.EX
- mail mail
- .gnupg .gnupg
- .fmrc .fetchmailrc
- .mozilla .mozilla
-.EE
-
-.B
-.IP "post-hooks"
-This hook file gets executed as user by tomb right after opening it;
-it should be a regular shell script, starting with a shebang. Tomb
-executes this hook as user (dropping root privileges) and giving it
-two arguments: "$1" is "open" or "close" depending from the tomb
-command given, "$2" is the full path to the mountpoint where the tomb
-is open.
-
-.SH PRIVILEGE ESCALATION
-
-The tomb commandline tool needs to acquire super user rights to
-execute most of its operations: to do so it uses sudo(8), while
-pinentry(1) is adopted to collect passwords from the user. Tomb
-executes as super user only when required.
-
-To be made available on multi user systems, the superuser execution of
-the tomb script can be authorized for users without jeopardizing the
-whole system's security: just add such a line to \fI/etc/sudoers\fR:
-
-.EX
- username ALL=NOPASSWD: /usr/local/bin/tomb
-.EE
-
-Password input is handled by the pinentry program: it can be text
-based or graphical and is usually configured with a symlink. When
-using Tomb in X11 it is better to use a graphical pinentry-gtk2 or
-pinentry-qt because it helps preventing keylogging by other X
-clients. When using it from a remote ssh connection it might be
-necessary to force use of pinentry-curses for instance by unsetting
-the DISPLAY environment var.
-
-
-.SH SWAP
-
-On execution of certain commands Tomb will complain about swap memory
-on disk when present and \fIabort if your system has swap
-activated\fR. You can disable this behaviour using the
-\fI--force\fR. Before doing that, however, you may be interested in
-knowing the risks of doing so:
-.IP \(bu
-During such operations a lack of available memory could cause the swap
-to write your secret key on the disk.
-.IP \(bu
-Even while using an opened tomb, another application could occupy too
-much memory so that the swap needs to be used, this way it is possible
-that some contents of files contained into the tomb are physically
-written on your disk, not encrypted.
-.P
-
-If you don't need swap, execute \fI swapoff -a\fR. If you really need
-it, you could make an encrypted swap partition. Tomb doesn't detect if
-your swap is encrypted, and will complain anyway.
-
-.SH EXAMPLES
-
-.IP \(bu
-Create a 128MB large "secret" tomb and its keys, then open it:
-
-.EX
- tomb dig -s 128 secret.tomb
-
- tomb forge secret.tomb.key
-
- tomb lock secret.tomb -k secret.tomb.key
-
- tomb open secret.tomb -k secret.tomb.key
-.EE
-
-.IP \(bu
-Open a Tomb using the key from a remote SSH shell, without saving any
-local copy of it:
-
-.EX
- ssh user@my.shell.net 'cat .secrets/tomb.key' | tomb open secret.tomb -k -
-.EE
-
-.IP \(bu
-Open a Tomb on a remote server passing the unencrypted local key on stdin via SSH,
-without saving any remote copy of it:
-
-.EX
- gpg -d .secrets/tomb.key | ssh server tomb open secret.tomb -k cleartext --unsafe
-.EE
-
-.IP \(bu
-Create a bind hook that places your GnuPG folder inside the tomb, but
-makes it reachable from the standard $HOME/.gnupg location every time
-the tomb will be opened:
-
-.EX
- tomb open GPG.tomb -k GPG.tomb.key
- echo ".gnupg .gnupg" > /media/GPG.tomb/bind-hooks
- mv ~/.gnupg /media/GPG.tomb/.gnupg && mkdir ~/.gnupg
- tomb close GPG && tomb open GPG.tomb -k GPG.tomb.key
-.EE
-
-.IP \(bu
-Script a tomb to launch the Firefox browser every time is opened,
-keeping all its profile data inside it:
-
-.EX
- tomb open FOX.tomb -k FOX.tomb.key
- cat <<EOF > /media/FOX.tomb/post-hooks
-#!/bin/sh
-if [ "$1" = "open" ]; then
- firefox -no-remote -profile "$2"/firefox-pro &
-fi
-EOF
- chmod +x /media/FOX.tomb/post-hooks
-.EE
-
-.IP \(bu
-Script a tomb to archive Pictures using Shotwell, launching it on open:
-
-.EX
- tomb open Pictures.tomb -k Pictures.tomb.key
- cat <<EOF > /media/Pictures.tomb/bind-hooks
-Pictures Pictures
-EOF
- cat <<EOF > /media/Pictures.tomb/post-hooks
-#!/bin/sh
-if [ "$1" = "open" ]; then
- which shotwell > /dev/null
- if [ "$?" = "0" ]; then
- shotwell -d "$2"/Pictures/.shotwell &
- fi
-fi
-EOF
- chmod +x /media/Pictures.tomb/post-hooks
-.EE
-
-.SH BUGS
-Please report bugs on the Github issue tracker at
-.UR https://github.com/dyne/Tomb/issues
-.UE
-
-One can also try to get in touch with developers via the #dyne chat channel on \fIhttps://irc.dyne.org\fR.
-
-.SH AUTHORS
-
-Tomb is designed, written and maintained by Denis Roio aka Jaromil.
-
-Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
-
-Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
-
-Gettext internationalization and Spanish translation is contributed by
-GDrooid, French translation by Hellekin, Russian translation by fsLeg,
-German translation by x3nu.
-
-Testing, reviews and documentation are contributed by Dreamer, Shining
-the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
-Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
-Linux Action Show!
-
-Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
-
-.SH COPYING
-
-This manual is Copyright (c) 2011-2015 by Denis Roio <\fIjaromil@dyne.org\fR>
-
-This manual includes contributions by Boyska and Hellekin O. Wolf.
-
-Permission is granted to copy, distribute and/or modify this manual
-under the terms of the GNU Free Documentation License, Version 1.1 or
-any later version published by the Free Software Foundation.
-Permission is granted to make and distribute verbatim copies of this
-manual page provided the above copyright notice and this permission
-notice are preserved on all copies.
-
-.SH AVAILABILITY
-
-The most recent version of Tomb sourcecode and up to date
-documentation is available for download from its website on
-\fIhttps://tomb.dyne.org\fR.
-
-.SH SEE ALSO
-
-.B
-.IP cryptsetup(8)
-
-GnuPG website:
-.br
-https://www.gnupg.org
-
-DM-Crypt website:
-.br
-https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
-
-LUKS website:
-.br
-https://gitlab.com/cryptsetup/cryptsetup/wikis/home
(DIR) diff --git a/src/Tomb/kdf-keys/gen_salt.c b/src/Tomb/gen_salt.c
(DIR) diff --git a/src/Tomb/kdf-keys/hexencode.c b/src/Tomb/hexencode.c
(DIR) diff --git a/src/Tomb/kdf-keys/.gitignore b/src/Tomb/kdf-keys/.gitignore
t@@ -1,4 +0,0 @@
-tomb-kdf-pbkdf2
-tomb-kdf-pbkdf2-gensalt
-tomb-kdf-pbkdf2-getiter
-tomb-utils-hexencode
(DIR) diff --git a/src/Tomb/kdf-keys/Makefile b/src/Tomb/kdf-keys/Makefile
t@@ -1,19 +0,0 @@
-
-PREFIX ?= ../../
-REALPREFIX = $(realpath $(PREFIX))
-
-all:
- $(CC) -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
- $(CC) -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
- $(CC) -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
- $(CC) -O2 -o tomb-kdb-hexencode hexencode.c
-
-clean:
- rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
-
-install:
- install -Dm755 tomb-kdb-pbkdf2 ${REALPREFIX}/tomb-kdb-pbkdf2
- install -Dm755 tomb-kdb-pbkdf2-getiter ${REALPREFIX}/tomb-kdb-pbkdf2-getiter
- install -Dm755 tomb-kdb-pbkdf2-gensalt ${REALPREFIX}/tomb-kdb-pbkdf2-gensalt
- install -Dm755 tomb-kdb-hexencode ${REALPREFIX}/tomb-kdb-hexencode
- @echo "Tomb-kdb auxiliary binaries installed in ${REALPREFIX}"
(DIR) diff --git a/src/Tomb/kdf-keys/README b/src/Tomb/kdf-keys/README
t@@ -1,27 +0,0 @@
-
-BUILD
-------
-
-Just type make.
-You need a recent development version of libgcrypt installed.
-On Debian 7 (not earlier) the libgcrypt11-dev package works:
- # apt-get install libgcrypt11-dev
-
-PLANS
-------
-
-While this can be useful for general purpose, it specially fits tomb, and it's designed for easy integration and compilation.
-
-Binary name will then be:
-tomb-kdb-${algo}
-tomb-kdb-${algo}-gensalt
-tomb-kdb-${algo}-getiter
-tomb-kdb-hexencode
-
-Base64 vs hexencode
--------------------
-
-While base64 is easier to use (shell command, more compact), pbkdf2 use hex
-in its specifications.
-This could be solved with an option (-x for hex, defaults to base64)
-
(DIR) diff --git a/src/Tomb/kdf-keys/test.sh b/src/Tomb/kdf-keys/test.sh
t@@ -1,22 +0,0 @@
-#!/usr/bin/env zsh
-
-error=0
-while read line; do
- pass=`cut -f1 <<<$line`
- salt=`cut -f2 <<<$line`
- iter=`cut -f3 <<<$line`
- keylen=`cut -f4 <<<$line`
- expected=`cut -f5 <<<$line`
- hexsalt=`cut -f6 <<<$line`
- #TODO: check!
- derived=`./pbkdf2 $hexsalt $iter $keylen <<<$pass`
- if [[ $derived != $expected ]]; then
- echo ./pbkdf2 $hexsalt $iter $keylen "<<<$pass"
- echo "Expected $expected, got $derived" >&2
- error=$((error + 1))
- fi
-done < test.txt
-
-if [[ $error == 1 ]]; then
- exit $error
-fi
(DIR) diff --git a/src/Tomb/kdf-keys/test.txt b/src/Tomb/kdf-keys/test.txt
Binary files differ.
(DIR) diff --git a/src/Tomb/kdf-keys/pbkdf2.c b/src/Tomb/pbkdf2.c
(DIR) diff --git a/src/coffin b/src/coffin
t@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# coffin - inotify script to watch /dev for new keys
+#
+# ~ parazyd
+
+pattern='sd[a-z][1-9]$'
+coproc inotifywait --monitor --event create,delete --format '%e %w%f' /dev
+
+echo $$ > `pwd`/coffin.pid # pidfile
+
+while read -r -u "${COPROC[0]}" event file; do
+ if [[ $file =~ $pattern ]]; then
+ case $event in
+ CREATE)
+ echo "Created $file..." #; sleep 1
+ `pwd`/coffin $file $event
+ ;;
+ DELETE)
+ echo "Removed $file..." #; sleep 1
+ `pwd`/coffin $file $event
+ ;;
+ esac
+ fi
+done
(DIR) diff --git a/src/coffinrc b/src/coffinrc
t@@ -1,15 +0,0 @@
-# Configuration file for coffin. If you want to override any defaults,
-# please do so here, and rename the file to '.coffinrc'.
-# Careful!
-
-# Directory where you keep all your tombs and data
-# Reminder that the default is already installed,
-# and the directory group owner must be 'coffin'
-# with permissions 770
-GRAVEYARD /home/graveyard
-
-# Directory where your keys get mounted
-KEYMOUNT /media/tombkey
-
-# Path to tomb executable
-TOMB /usr/local/bin/tomb
(DIR) diff --git a/src/mourner b/src/mourner
t@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-#
-# mourner - inotify script to watch /dev for new keys
-#
-# ~ parazyd
-
-pattern='sd[a-z][1-9]$'
-coproc inotifywait --monitor --event create,delete --format '%e %w%f' /dev
-
-while read -r -u "${COPROC[0]}" event file; do
- if [[ $file =~ $pattern ]]; then
- case $event in
- CREATE)
- echo "Created $file..." #; sleep 1
- `pwd`/sacrist $file $event
- ;;
- DELETE)
- echo "Removed $file..." #; sleep 1
- `pwd`/sacrist $file $event
- ;;
- esac
- fi
-done
(DIR) diff --git a/src/sacrist b/src/sacrist
t@@ -1,6 +1,6 @@
#!/usr/bin/env zsh
#
-# sacrist - script called by mourner, for our graveyard administration
+# sacrist - script called by coffin, for our graveyard administration
#
# ~ parazyd
t@@ -33,28 +33,28 @@ source $R/zlibs/hooks
source $R/zlibs/keyfiles
source $R/zlibs/mounts
source $R/zlibs/ttab
-source $R/zlibs/config
+#source $R/zlibs/config
LOCK=$R/.lock
[[ -f $LOCK ]] && { warn "Lock found. Wait until finished." && exit }
touch $LOCK
# Check for a configuration file
-[[ -f ".coffinrc" ]] && parse-config
+# [[ -f ".coffinrc" ]] && parse-config
device=$1 && xxx "Device: $device"
happenz=$2 && xxx "Happenz: $happenz"
keyuuid=$(lsblk -no uuid $device) && xxx "Key UUID: $keyuuid"
-GRAVEYARD="${GRAVEYARD:-/home/graveyard}" # Our graveyard, with all the tombs
+GRAVEYARD="/home/graveyard" # Our graveyard, with all the tombs
TOMBS="$GRAVEYARD/tombs" # Info about opened tombs, holds keyuuid, keyhash and tombid
TMPTOMBS="$GRAVEYARD/tmptombs" # Temp tempfile, for updating $tombs
TOMBPASSWD="$GRAVEYARD/passwd"
-KEYMOUNT="${KEYMOUNT:-/media/tombkey}" # Directory where keys get mounted
+KEYMOUNT="/media/tombkey" # Directory where keys get mounted
COFFINDOT="$KEYMOUNT/.coffin" # .coffin directory on the usb key
TTAB="$COFFINDOT/ttab" # Our ttab
HOOKS="$COFFINDOT/hook"
-TOMB="$R/src/tomb/tomb"
+TOMB="/usr/local/share/coffin/bin/tomb"
# Main
req=(happenz device)
t@@ -90,4 +90,3 @@ act "Version: $coffin_version, $coffin_release_date"
# TODO: Some kind of endgame
rm $LOCK
}
-
(DIR) diff --git a/src/zlibs/config b/src/zlibs/config
t@@ -1,19 +0,0 @@
-#!/usr/bin/env zsh
-
-parse-config() {
- act "Found config file. Parsing..."
-
- ttmp=`awk '
- /^#/ { next }
- /^GRAVEYARD / { printf "GRAVEYARD=\"%s\";", $2 }
- /^KEYMOUNT / { printf "KEYMOUNT=\"%s\";", $2 }
- /^TOMB / { printf "TOMB=\"%s\";", $2 }
- ' "$R/.coffinrc"`
- { test $? = 0 } || {
- die "Error parsing config file."
- return 1
- }
-
- eval "$ttmp"
- act "Success parsing config file!"
-}
(DIR) diff --git a/src/zlibs/features b/src/zlibs/features
t@@ -8,11 +8,11 @@ create-webdav-hook() {
if [[ $entry =~ webdav && -f $COFFINDOT/webdav.conf ]]; then
act "Found WebDAV data. Setting up..."
- [[ -f $COFFINDOT/davinfo ]] && {
- cat $COFFINDOT/davinfo >> /etc/apache2/davpasswd
+ [[ -f $COFFINDOT/davpasswd ]] && {
+ cat $COFFINDOT/davpasswd >> /etc/apache2/davpasswd
[[ $? = 0 ]] && {
- rm $COFFINDOT/davinfo
- gpasswd -a www-data $undertaker
+ rm $COFFINDOT/davpasswd
+ gpasswd -a www-data $undertaker # NOTE: consider standalone group
act "Added new WebDAV user"
}
}