Package: tomb
Version: 2.11+dfsg-1
Severity: normal
Tags: patch
X-Debbugs-Cc: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear maintainer,
tomb has a hard Depends: on sudo. Please consider changing this to
Depends: sudo | doas, since doas has the same functionality as sudo
(gaining superuser priviledges).
See attached patch implementing this.
- -- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.8-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: OpenRC (via /run/openrc), PID 1: init
LSM: AppArmor: enabled
Versions of packages tomb depends on:
ii cryptsetup-bin 2:2.7.5-1
ii e2fsprogs 1.47.2-1
ii file 1:5.45-3+b1
ii gettext-base 0.22.5-4
ii gnupg 2.2.46-1
ii libc6 2.40-5
ii libgcrypt20 1.11.0-7
ii pinentry-curses [pinentry] 1.3.1-2
ii pinentry-gnome3 [pinentry] 1.3.1-2
ii python3 3.13.1-2
ii sudo 1.9.16p1-1
ii zsh 5.9-8+b3
Versions of packages tomb recommends:
ii lsof 4.99.3+dfsg-2
Versions of packages tomb suggests:
pn argon2 <none>
ii btrfs-progs 6.12-1+b1
pn dcfldd <none>
pn plocate <none>
pn pwdsphinx <none>
pn qrencode <none>
pn recoll <none>
pn steghide <none>
pn unoconv <none>
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iIsEARYIADMWIQQUWTv/Sl6/b+DpcW7svtu2B7myvgUCZ4KudxUcd2VyZGFoaWFz
QGRlYmlhbi5vcmcACgkQ7L7btge5sr6CHAEAmsD0w2i7v0Nh75mkbQ/Blpv8zhM+
sEIeJZ6hZN8hEd4BANlPC/PvDtFR9Qrln8v98Z+oL32wJOBiP4fp3+3VwV0I
=LGD8
-----END PGP SIGNATURE-----
diff --git a/debian/control b/debian/control
index 2de66ae..04525d0 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Depends: ${misc:Depends},
# a dependency. Call 'lintian-explain-tags depends-on-python-minimal' for
# further details.
python3,
- sudo,
+ sudo | doas,
zsh
Recommends: lsof
Suggests: argon2,
diff --git a/doc/tomb.1 b/doc/tomb.1
index 767688c..dad2465 100644
--- a/doc/tomb.1
+++ b/doc/tomb.1
@@ -49,8 +49,7 @@ more recipient GPG ids can be indicated (comma separated).
The default cipher
to protect the key is AES256, a custom one can be specified using the \fI-o\fR
option, for a list of supported ciphers use \fI-v\fR. For additional protection
against dictionary attacks on keys, the \fI--kdf\fR option can be used when
-forging a key, making sure that the binaries in \fIextras/kdf\fR were compiled
-and installed on the system.
+forging a key.
.B
.IP "lock"
@@ -219,11 +218,12 @@ key is buried in any image or not.
.B
.IP "cloak"
-Cloaks a tomb key (\fI-k\fR) disguising it as a text file using a
-cipher from \fIextras/cloak/ciphers\fR (second argument) using
-\fIcloakify\fR. This option is useful to backup tomb keys in
-unsuspected places; it needs \fIextras/cloak\fR installed and
-\fIpython3\fR.
+Cloaks a tomb key (\fI-k\fR) disguising it as text using a cipher file
+(first argument) writing the result to stdout or optionally an output
+file (second argument). See
+\fI/usr/share/doc/tomb/examples/cloak-ciphers\fR for potential cipher
+files. However, it is recommended to create and use one's own ciphers.
+This option is useful to backup tomb keys in unsuspected places.
.B
.IP "uncloak"
diff --git a/extras/cloak/Makefile b/extras/cloak/Makefile
index 740e37c..b16c001 100644
--- a/extras/cloak/Makefile
+++ b/extras/cloak/Makefile
@@ -1,5 +1,6 @@
PREFIX ?= /usr/local
+BINDIR = /libexec/tomb
install:
- install -Dm755 cloakify.py ${DESTDIR}${PREFIX}/bin/cloakify
- install -Dm755 decloakify.py ${DESTDIR}${PREFIX}/bin/decloakify
+ install -Dm755 cloakify.py ${DESTDIR}${PREFIX}${BINDIR}/cloakify
+ install -Dm755 decloakify.py ${DESTDIR}${PREFIX}${BINDIR}/decloakify
diff --git a/extras/cloak/ciphers/starTrek b/extras/cloak/ciphers/starTrek
index ea0bfd4..6f77e37 100644
--- a/extras/cloak/ciphers/starTrek
+++ b/extras/cloak/ciphers/starTrek
@@ -1,147 +1,147 @@
-Ishka
-Nog
-Charles Tucker
-William Riker
-Dolim
-Lon Suder
-Brunt
-Hogan
-J. M. Colt
-Winn Adami
-Leonardo da Vinci
-Jake Sisko
-Azan
-Amanda Grayson
-Weyoun
-Ayala
-Nyota Uhura
-Tuvok
-Saavik
-Lwaxana Troi
-Gowron
-José Tyler
-Miles O'Brien
-Kashimuro Nozawa
-Soval
-William Ross
-Shakaar Edon
-Kathryn Janeway
-Jonathan Archer
-Keiko O'Brien
-Kimara Cretak
-Julian Bashir
-Dukat
-Spock
-Alexander Rozhenko
-Seska
-Evek
-Sonya Gomez
-Tora Ziyal
-Damar
-Chakotay
-Mezoti
-Hugh of Borg
-Sela
-Thy'lek Shran
-Leonard McCoy
-Michael Rostov
-Jennifer Sisko
-Janice Rand
-Daniels
-Degra
-Beverly Crusher
-Kasidy Yates
-Reginald Barclay
-The Doctor
-Kes
-Jal Culluh
-Rom
-Mallora
-Elim Garak
-Silik
-Neelix
-Michael Jonas
-Phlox
-The Borg Queen
-Benjamin Sisko
-Kurn
-Hoshi Sato
-Mot
-K'Ehleyr
-Guinan
-Erika Hernandez
-B'Etor
-Leeta
-Harry Kim
-James T. Kirk
-Joseph Sisko
-Tal Celes
-The Traveler
-Samantha Wildman
-Rebi
-Morn
-Lursa
-Luther Sloan
-Female Changeling
-Susan Nicoletti
-Naomi Wildman
-Mr. Homn
-Katherine Pulaski
-Phillip Boyce
-Ezri Dax
-Christopher Pike
-Carol Marcus
-Mora Pol
-Kira Nerys
-Vash
-T'Pol
-Hikaru Sulu
-Jean-Luc Picard
-Bareil Antos
-Wesley Crusher
-Number One
-Geordi La Forge
-Montgomery Scott
-Lore
-Garrison
-Jannar
-Ro Laren
+Ishka
+Nog
+Charles Tucker
+William Riker
+Dolim
+Lon Suder
+Brunt
+Hogan
+J. M. Colt
+Winn Adami
+Leonardo da Vinci
+Jake Sisko
+Azan
+Amanda Grayson
+Weyoun
+Ayala
+Nyota Uhura
+Tuvok
+Saavik
+Lwaxana Troi
+Gowron
+José Tyler
+Miles O'Brien
+Kashimuro Nozawa
+Soval
+William Ross
+Shakaar Edon
+Kathryn Janeway
+Jonathan Archer
+Keiko O'Brien
+Kimara Cretak
+Julian Bashir
+Dukat
+Spock
+Alexander Rozhenko
+Seska
+Evek
+Sonya Gomez
+Tora Ziyal
+Damar
+Chakotay
+Mezoti
+Hugh of Borg
+Sela
+Thy'lek Shran
+Leonard McCoy
+Michael Rostov
+Jennifer Sisko
+Janice Rand
+Daniels
+Degra
+Beverly Crusher
+Kasidy Yates
+Reginald Barclay
+The Doctor
+Kes
+Jal Culluh
+Rom
+Mallora
+Elim Garak
+Silik
+Neelix
+Michael Jonas
+Phlox
+The Borg Queen
+Benjamin Sisko
+Kurn
+Hoshi Sato
+Mot
+K'Ehleyr
+Guinan
+Erika Hernandez
+B'Etor
+Leeta
+Harry Kim
+James T. Kirk
+Joseph Sisko
+Tal Celes
+The Traveler
+Samantha Wildman
+Rebi
+Morn
+Lursa
+Luther Sloan
+Female Changeling
+Susan Nicoletti
+Naomi Wildman
+Mr. Homn
+Katherine Pulaski
+Phillip Boyce
+Ezri Dax
+Christopher Pike
+Carol Marcus
+Mora Pol
+Kira Nerys
+Vash
+T'Pol
+Hikaru Sulu
+Jean-Luc Picard
+Bareil Antos
+Wesley Crusher
+Number One
+Geordi La Forge
+Montgomery Scott
+Lore
+Garrison
+Jannar
+Ro Laren
Zek
-Icheb
-Tomalak
-Vorik
-Elizabeth Cutler
-Maxwell Forrest
-Maihar'du
-Vic Fontaine
-Owen Paris
-Michael Eddington
-Malcolm Reed
-Li Nalas
-Pavel Chekov
-Travis Mayweather
-B'Elanna Torres
-Worf
-Tom Paris
-Sarah Sisko
-Jadzia Dax
-Mila
-Data
-Q
-Seven of Nine
-Christine Chapel
-Alyssa Ogawa
-Joseph Carey
-Molly O'Brien
-Sarek
-Martok
-J. Hayes
-Kor
-Enabran Tain
-Robin Lefler
-Deanna Troi
-Quark
-Chell
-Tasha Yar
-Opaka Sulan
-Odo
+Icheb
+Tomalak
+Vorik
+Elizabeth Cutler
+Maxwell Forrest
+Maihar'du
+Vic Fontaine
+Owen Paris
+Michael Eddington
+Malcolm Reed
+Li Nalas
+Pavel Chekov
+Travis Mayweather
+B'Elanna Torres
+Worf
+Tom Paris
+Sarah Sisko
+Jadzia Dax
+Mila
+Data
+Q
+Seven of Nine
+Christine Chapel
+Alyssa Ogawa
+Joseph Carey
+Molly O'Brien
+Sarek
+Martok
+J. Hayes
+Kor
+Enabran Tain
+Robin Lefler
+Deanna Troi
+Quark
+Chell
+Tasha Yar
+Opaka Sulan
+Odo
diff --git a/extras/kdf-keys/Makefile b/extras/kdf-keys/Makefile
index 26872b9..3fee651 100644
--- a/extras/kdf-keys/Makefile
+++ b/extras/kdf-keys/Makefile
@@ -1,11 +1,11 @@
PREFIX ?= /usr/local
+BINDIR = /libexec/tomb
all:
- $(CC) -O2 $(CFLAGS) -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
- $(CC) -O2 $(CFLAGS) -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
- $(CC) -O2 $(CFLAGS) -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
- $(CC) -O2 $(CFLAGS) -o tomb-kdb-hexencode hexencode.c
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tomb-kdb-pbkdf2 pbkdf2.c
-lgcrypt
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tomb-kdb-pbkdf2-getiter
benchmark.c -lgcrypt
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tomb-kdb-pbkdf2-gensalt
gen_salt.c -lgcrypt
test:
@echo "Running Tomb-kdb tests"
@@ -15,8 +15,7 @@ clean:
rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt
tomb-kdb-hexencode
install:
- install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2
- install -Dm755 tomb-kdb-pbkdf2-getiter
${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter
- install -Dm755 tomb-kdb-pbkdf2-gensalt
${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt
- install -Dm755 tomb-kdb-hexencode
${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode
- @echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin"
+ install -Dm755 tomb-kdb-pbkdf2
${DESTDIR}${PREFIX}${BINDIR}/tomb-kdb-pbkdf2
+ install -Dm755 tomb-kdb-pbkdf2-getiter
${DESTDIR}${PREFIX}${BINDIR}/tomb-kdb-pbkdf2-getiter
+ install -Dm755 tomb-kdb-pbkdf2-gensalt
${DESTDIR}${PREFIX}${BINDIR}/tomb-kdb-pbkdf2-gensalt
+ @echo "Tomb-kdb auxiliary binaries installed in
${DESTDIR}${PREFIX}${BINDIR}"
diff --git a/tomb b/tomb
index 34b4102..6bf4778 100755
--- a/tomb
+++ b/tomb
@@ -101,6 +101,8 @@ typeset _MSG_FD_OVERRIDE # if set, _msg will write to this
file descriptor
# Make sure sbin is in PATH (man zshparam)
path+=( /sbin /usr/sbin )
+# Make sure location of helper tools is in PATH
+path+=( /usr/libexec/tomb )
# For gettext
export TEXTDOMAIN=tomb
