tintegrations from the work branch documentation updates for the 0.9 release - tomb - the crypto undertaker
 (HTM) git clone git://parazyd.org/tomb.git
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit 613fb37cc7cfcdd4274266be435e1d19d49397ee
 (DIR) parent 4727c052fae8bff398e479a7ad296aceb3799c79
 (HTM) Author: Jaromil <jaromil@dyne.org>
       Date:   Sun, 30 Jan 2011 23:25:01 +0100
       
       integrations from the work branch
       documentation updates for the 0.9 release
       
       Diffstat:
         M README                              |      51 ++++++-------------------------
         D README.muse                         |     133 -------------------------------
         M doc/web/views/index.muse            |       2 +-
         M src/tomb                            |      29 ++++++++++++++++++++---------
       
       4 files changed, 31 insertions(+), 184 deletions(-)
       ---
 (DIR) diff --git a/README b/README
       t@@ -13,11 +13,9 @@ X~     `?888888hx~  ...ue888b   .888: x888  x888.   8888   .
                ^"***"`                                        "`
        
          a simple commandline tool to manage encrypted storage  v.0.9
       -            http://crypto.dyne.org            by Jaromil @ dyne.org
        
       -  Tomb development is supported by: NOONE.
       -  Would you like to support it and engrave your name on this software?
       -  Contact me!
       +                   http://tomb.dyne.org
       +
        
        Tomb aims to be a free and open source system for easy encryption and
        backup of personal files, written in code that is easy to review and
       t@@ -25,11 +23,8 @@ links shared OS components.
        
        At present time, Tomb consists of a simple shell script (Zsh) using
        standard filesystem tools (GNU) and the cryptographic API of the Linux
       -kernel (cryptsetup and LUKS).
       -
       -In future Tomb will grow to facilitate proper use of encryption by
       -unexperienced users, probably also prividing a graphical user
       -interface, as well a porting to Apple/OSX.
       +kernel (cryptsetup and LUKS), plus a status tray application which
       +integrates in your desktop.
        
        ** Who needs Tomb
        
       t@@ -47,8 +42,7 @@ be interoperable across popular GNU/Linux operating systems.
        Tomb generates 'key files' and protects them with a password choosen
        by the user; the key files are then used to encrypt loop-back mounted
        partitions, like single files containing a filesystem inside: this way
       -keys can be separated from data for safer transports when
       -required.
       +keys can be separated from data for safer transports when required.
        
        ** Stage of development
        
       t@@ -67,33 +61,8 @@ Code is pretty short and readable: start looking around it and the
        materials found in doc/ which are good pointers at security measures
        to be further implemented.
        
       -Best of all at this stage would be if you like to code a Graphical
       -Interface, possibly in QT4, that would use the script to make simple
       -operations: something pretty easy and intuitive, with a few big
       -buttons, for unexperienced users, can be a good start.
       -
       -** Aren't there enough encryption tools already?
       -
       -I've felt the urgency of publishing Tomb for other operating systems
       -than dyne:bolic since the current situation with TrueCrypt[1] is far
       -from optimal.  TrueCrypt makes use of statically linked libraries, its
       -code is not hosted on CVS nor considered free[2] by GNU/Linux
       -distributions because of liability reasons, see Debian[3], Ubuntu[4],
       -Suse[5], Gentoo[6] and Fedora[7].
       -
       -Seen from this perspective, Tomb is intended as a rewrite of most
       -functionalities offered by TrueCrypt in a new application, confident
       -it won't take much relying on previous experience and aiming at:
       - 
       - - short and readable code, linking shared libs and common components 
       - - easy graphical interface, simple for ad-hoc (DIY-deniable)
       - - transparent and distributed development hosted using GIT
       - - GNU General Public License v3
       -
       -[1] [http://en.wikipedia.org/wiki/TrueCrypt]
       -[2] [http://lists.freedesktop.org/archives/distributions/2008-October/000276.html]
       -[3] [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034]
       -[4] [https://bugs.edge.launchpad.net/ubuntu/+bug/109701]
       -[5] [http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html]
       -[6] [http://bugs.gentoo.org/show\_bug.cgi?id=241650]
       -[7] [https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt]
       +Enthusiastic ideas are in the TODO file.
       +
       +Donations are always welcome, see http://dyne.org/donate
       +
       +More about who is currently involved in the AUTHORS file.
 (DIR) diff --git a/README.muse b/README.muse
       t@@ -1,133 +0,0 @@
       -#title Tomb - The Crypto Undertaker
       -#author Jaromil
       -
       -<contents>
       -
       -* Tomb - RIP
       -
       -
       -<example>
       -    .....                                                ..
       - .H8888888h.  ~-.                                  . uW8"
       - 888888888888x  `>        u.      ..    .     :    `t888
       -X~     `?888888hx~  ...ue888b   .888: x888  x888.   8888   .
       -'      x8.^"*88*"   888R Y888r ~`8888~'888X`?888f`  9888.z88N
       - `-:- X8888x        888R I888>   X888  888X '888>   9888  888E
       -      488888>       888R I888>   X888  888X '888>   9888  888E
       -    .. `"88*        888R I888>   X888  888X '888>   9888  888E
       -  x88888nX"      . u8888cJ888    X888  888X '888>   9888  888E
       - !"*8888888n..  :   "*888*P"    "*88%""*88" '888!` .8888  888"
       -'    "*88888888*      'Y"         `~    "    `"`    `%888*%"
       -        ^"***"`                                        "`
       -
       -  a simple commandline tool to manage encrypted storage  v.0.9
       -            http://tomb.dyne.org            by Jaromil @ dyne.org
       -</example>
       -
       -** Introduction
       -
       -Tomb aims to be an 100% free and open source system for easy
       -encryption and backup of personal files, written in code that is easy
       -to review and links commonly shared components.
       -
       -At present time Tomb is easy to install and use, it mainly consists of
       -a Shell script and some auxiliary C code for desktop integration,
       -making use of GNU tools and the cryptographic API of the Linux kernel.
       -
       -*** Who needs Tomb
       -
       -Our target community are desktop users with no time to click around,
       -sometimes using old or borrowed computers, operating in places
       -endangered by conflict where a leak of personal data can be a threat.
       -
       -If you don't own a laptop then it's possible to go around with a USB
       -stick and borrow computers, still leaving no trace and keeping your
       -data safe during transports. Tomb aims to facilitate all this and to
       -be interoperable across popular GNU/Linux operating systems.
       -
       -*** Aren't there enough encryption tools already?
       -
       -We've felt the urgency of publishing Tomb for other operating systems
       -than dyne:bolic since the current situation with [[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] is far from
       -optimal.  TrueCrypt makes use of statically linked libraries, its code
       -is not hosted on CVS and is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by GNU/Linux
       -distributions because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]][4],
       -Suse[5], Gentoo[6] and Fedora[7].
       -
       -Seen from this perspective, Tomb is intended as a rewrite of most
       -functionalities offered by TrueCrypt in a new application, confident
       -it won't take much relying on previous experience and aiming at:
       - 
       - - short and readable code, linking shared libs and common components 
       - - easy graphical interface, simple for ad-hoc (DIY-deniable)
       - - transparent and distributed development hosted using GIT
       - - GNU General Public License v3
       -
       -[1] http://en.wikipedia.org/wiki/TrueCrypt
       -[2] http://lists.freedesktop.org/archives/distributions/2008-October/000276.html
       -[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034
       -[4] https://bugs.edge.launchpad.net/ubuntu/+bug/109701
       -[5] http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html
       -[6] http://bugs.gentoo.org/show\_bug.cgi?id=241650
       -[7] https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt
       -
       -*** How does it works
       -
       -Tomb generates 'key files' and protects them with a password choosen
       -by the user; the key files are then used to encrypt loop-back mounted
       -partitions, like single files containing a filesystem inside: this way
       -keys can be separated from data for safer transports when
       -required.
       -
       -** Downloads
       -
       -For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
       -
       -Below a list of formats you can download this application: ready to be
       -run with some of the interfaces developed, as a library you can use to
       -build your own application and as source code you can study.
       -
       -*** Code repository
       -
       -Latest stable release is 0.9 (25 January 2011) more about it in the
       -[[ftp://ftp.dyne.org/tomb/NEWS][NEWS]] and [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]]
       -
       -Source releases are checked and signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]].
       -
       -On [[ftp://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you find all present and past Tomb releases,
       -source code for extra plugins and more binaries that we occasionally
       -build for various architectures.
       -
       -The bleeding edge version is developed on our [[http://code.dyne.org][code repository]] using
       -**GIT**, you can clone the repository free and anonymously
       -
       -<example>
       -       git clone git://code.dyne.org/tomb.git
       -</example>
       -
       -
       -** Development
       -
       -
       -*** Stage of development
       -
       -Tomb is an evolution of the 'mknest' tool developed for the dyne:bolic
       -GNU/Linux distribution, which is used by its 'nesting' mechanism to
       -encrypt the Home directory of users.
       -
       -As such, it uses well tested and reviewed routines and its shell code
       -is pretty readable. The name transition from 'mknest' to 'tomb' is
       -marked by the adaptation of mknest to work on the Debian operating
       -system, used by its author in the past 3 years.
       -
       -*** How can you help
       -
       -Code is pretty short and readable: start looking around it and the
       -materials found in doc/ which are good pointers at security measures
       -to be further implemented.
       -
       -Have a look in the TODO file to see what our plans are.
       -
       -At the moment we can use some good help in porting this tool on
       -M$/Windows and Apple/OSX, still keeping the minimal approach we all
       -love.
 (DIR) diff --git a/doc/web/views/index.muse b/doc/web/views/index.muse
       t@@ -106,7 +106,7 @@ text terminal.
        [*] Options:
         .  -h     print this help
         .  -v     print out the version information for this tool
       - .  -s     size of the storage file when creating one (in MB)
       + .  -s     size of the storage file when creating one (MB)
         .  -k     path to the key to use for decryption
         .  -S     acquire super user rights if possible
         .  
 (DIR) diff --git a/src/tomb b/src/tomb
       t@@ -191,12 +191,12 @@ while true; do
            case "$1" in
                -h)
                    act ""
       -            notice "Syntax: tomb [options] command [file] [mountpoint | size]"
       +            notice "Syntax: tomb [options] command [file] [mountpoint]"
                    act ""
                    notice "Options:"
                    act "-h     print this help"
                    act "-v     print out the version information for this tool"
       -            act "-s     size of the storage file when creating one (in MBytes)"
       +            act "-s     size of the storage file when creating one (MB)"
                    act "-k     path to the key to use for decryption"
                    act "-S     acquire super user rights if possible"
                    act ""
       t@@ -271,7 +271,7 @@ tombdir=${HOME}/.tomb
        tombtab=${tombdir}/fstab
        if ! [ -r ${tombtab} ]; then
            act "creating tomb filesystem tab in your home"
       -    mkdir -p ${HOME}/.tomb
       +    mkdir -m 0700 -p ${HOME}/.tomb
            echo "# entombed filesystem information, see man tomb (TODO)" >          ${tombtab}
            echo "# format here is similar to the system wide fstab" >>       ${tombtab}
            echo "# <file system> <mount point> <type> <options> <key>" >>    ${tombtab}
       t@@ -279,6 +279,11 @@ fi
        
        create_tomb() {
        
       +    if [ -e "$FILE" ]; then
       +        error "$FILE exists already. I'm not digging here."
       +        exit 1
       +    fi
       +    
            notice "Creating a new tomb"
            if [ -z $SIZE ]; then
                if [ $MOUNT ]; then
       t@@ -294,7 +299,7 @@ create_tomb() {
        # make sure the file has a .tomb extension
            FILE="${FILE%\.*}.tomb"
        
       -    SIZE_4k=`expr \( $SIZE \* 1000 \) / 4`
       +    SIZE_4k=`expr $SIZE \* 1000 / 4`
            act "Generating ${FILE} of ${SIZE}Mb (${SIZE_4k} blocks of 4Kb)"
        #   TODO: use dd_rescue 
            $DD if=/dev/urandom bs=4k count=${SIZE_4k} of=${FILE}
       t@@ -357,7 +362,7 @@ create_tomb() {
                if ! [ -e ${usbkey_mount} ]; then
                    error "cannot save the key in a separate place, move it yourself later."
                else
       -            mkdir -p ${usbkey_mount}/.tomb
       +            mkdir -m 0700 -p ${usbkey_mount}/.tomb
                    cp -v ${FILE}.gpg ${usbkey_mount}/.tomb/
                    chmod -R go-rwx ${usbkey_mount}/.tomb
                    ${WIPE[@]} ${FILE}.gpg
       t@@ -469,6 +474,11 @@ mount_tomb() {
            fsck -p -C0 /dev/mapper/${mapper}
            
            mount -o rw,noatime,nodev /dev/mapper/${mapper} ${MOUNT}
       +
       +    # Ensure the user can write the disk
       +    ME=${SUDO_USER:-$(whoami)}
       +    chmod 0750 ${MOUNT}
       +    chown $(id -u $ME):$(id -g $ME) ${MOUNT}
            
            notice "encrypted storage $FILE succesfully mounted on $MOUNT"
            ( exec_as_user tomb-status ${mapper} ${FILE} ${MOUNT} ) &
       t@@ -480,16 +490,16 @@ umount_tomb() {
        
            if [ -z $FILE ]; then
        
       -        how_many_tombs="`ls /dev/mapper/tomb* 2>/dev/null | wc -w`"
       +        how_many_tombs=$(2>/dev/null (ls /dev/mapper/tomb.* | wc -w))
                if [ $how_many_tombs = 0 ]; then
                    error "there is no open tomb to be closed"
                    exit 0
                elif [ $how_many_tombs = 1 ]; then
       -            mapper=`ls /dev/mapper/tomb* 2>/dev/null`
       +            mapper=`ls /dev/mapper/tomb.* 2>/dev/null`
                    FILE=`mount | grep $mapper | awk '{print $3}'`
                else
                    error "too many tombs mounted, please specify which to unmount:"
       -            ls /dev/mapper/tomb*
       +            ls /dev/mapper/tomb.*
                    exit 1
                fi
        
       t@@ -501,7 +511,8 @@ umount_tomb() {
                    mapper=/dev/mapper/${FILE}
                else
                    error "tomb not found: $FILE"
       -            error "please specify an existing /dev/mapper/tomb*"
       +            error "please specify an existing /dev/mapper/tomb.*"
       +            ls /dev/mapper/tomb.*
                    exit 1
                fi
        #        FILE=`mount | grep $mapper | awk '{print $3}'`