MacTomb is a kind of Tomb porting for Mac OS X. It allows you to create encrypted DMG file (called mactomb), copy files and folders into it and setup a couple of scripts needed to easily mount & run apps that use files stored inside the mactomb.
Read about MacTomb on dyne and Lost in ICT blog
- added
encryptcommand: you can now encrypt an unencrypted tomb renamecommand now updates also the bash script (if specified)- added the
-tflag: you can specify two types of image format: SPARSEBUNDLE (default) and DMG - nicer output
- moar checks
- added
renamecommand: you can now change your volume label withinmactomband by specify the flag-balso in the bash script (N.B. you may need to replace the volume label in other files like, in example, Firefox or Thunderbird profiles) - more robust checks to ensure everything works fine
- compression/decompression support: mactomb is able to compress and decompress mactomb files. See the related section
listcommand: it will list all the open mactombs- change password: with
chpassyou can change your mactomb's password - bug fixes and improvements
- changing flags (again!): now
-nspecify the name of the volume (the famous$VOLNAME) while-venables Mac OS X notification - now the bash script umount the mactomb when closing the application. It means that when you close the Automatr App, the mactomb will be umounted
- added strong checks to verify if bash script and Automator App already exist or they are a directory
- added a check for the filename to ensure it contains/adds the
.dmgextension - better error messages
Version 1.0 released! Yes, from 0.1 to 1.0. Why? Big improvements has been made. Read below:
- there was a conflict between two
-soptions (size and Automator app). Now the Automator app has the-oflag and the bash script (that previously was-o) becomes-b. - possibility to call
forgewithout automatically firecreateandapp. This means: you can useforgeto create only the Automator app. For a better explaination onforge, see the related paragrah - you can now specify a command (binary + arguments) with the
-aflag, that will be outputted in the bash script created with the-bflag -oensure the Automator app has .app extension so Mac OS X can recognise it (you don't need to specify it via command line)- introduced the
VOLNAMEvariable (line 305). By default, the encrypted DMG is labeleduntitled. You can rename it by changing the value of that variable. - the
VOLNAMEvariable can be used also inside the-aargument to specify an action that has to access file(s) inside the mactomb. As in example, the following line works:-a /Applications/Firefox.app/Contents/MacOS/firefox-bin \$VOLNAME/index.html(will tell Firefox to open /Volumes/$VOLNAME/index.html). Please note the\$VOLNAME: it will be automatically translated to the value of theVOLNAMEvariable defined in the script - more robust errors checking
The help is quite explicit:
$ bash mactomb.sh help
..:: MacTomb v.1.3 ::..
by Davide Barbato
Help!
list:
list all opened mactombs
chpass:
-f <file> Change passphrase of mactomb <file>
compress:
-f <file> Compress a mactomb <file> (will make it read-only)
decompress:
-f <file> Decompress a mactomb <file>
rename:
-f <file> mactomb file (already created)
Optional:
-n <volname> Specify the new volume name to assign to the mactomb <file> (default is "untitled")
-b <script>\tThe bash script in which replaces all the occurence of the old volum name with the new one
create:
-f <file> File to create (the mactomb file)
-s <size[m|g|t] Size of the file (m=mb, g=gb, t=tb)
Optional:
-p <profile> Folder/file to copy into the newly created mactomb <file>
-c Create a zlib compressed mactomb <file> (will make it read-only)
-n <volname> Specify the volume name to assign to the mactomb <file>
app:
-f <file> Encrypted DMG to use as mactomb file (already created)
-a <app> Binary and arguments of the app you want to use inside the mactomb file
-b <output> The bash script used to launch the <app> inside the mactomb file <file>
forge:
Will call both "create" and "app" if all flags are specified. Can be called on already created files, in this case skipping "create" and/or "app"
Optional:
-o <output> The Automator app used to launch the bash <output> script by Mac OS X
Ok, let's imagine this situation: you want to run Thunderbird or Firefox with a profile inside your mactomb. And since you're on a Mac, you want to do it in a fancy way and easily, painless.
What the script does for you with the forge command (including all the optional parameters) is to:
- create an encrypted DMG file
- copy the Thunderbird/Firefox profile folder
- creating a bash script that will mount the mactomb and run the app (selecting the profile inside the mactomb if not already done)
- create the Automator script that call the previously created bash script, so all you need to do is clicking on this script.
In this way with a simple click you can enjoy your app with sensitive data stored inside an encrypted AES256 CBC container, ready to be uploaded on some cloud storage provider to have a backup and portable data backup.
You can drag the Automator app in the Dock and add an icon, so it will looks like a normal app.
The forge command is most likely the command you want to use or you'll use mostly.
If you need to create your mactomb from scratch and use an app inside, this command will be your first choice, since it avoids you to call create and app. Plus, forge creates the Automatr app that it's useful if you want to run your bash script (created with app) in a Mac OS X way.
A good use of forge is the following:
$ bash mactomb.sh forge -f ~/mytomb.dmg -s 100m -a "/Applications/Firefox.app/Contents/MacOS/firefox-bin -p test" -b ~/run.sh -o ~/runmy.app
With the command above we're creating a mactomb file of 100 MB, a bash script (run.sh) that will mount the mactomb and will call /Applications/Firefox.app/Contents/MacOS/firefox-bin -p test, and the Automator app runmy.app that will call run.sh. To make a sense of this command, you probably want to create the Firefox profile test inside the mactomb, so everytime you run runmy.app you'll use Firefox with a profile that runs inside an encrypted container.
Now, what if you have already created a mactomb with create or app but you need to create the Automator app. The following command will be handy (new in version 1.0):
$ bash mactomb.sh forge -b ~/run.sh -o ~/runmy.app
That command can be used even outside the mactomb concept: it can be used to create an Automator app that will call any bash script passed as -b argument.
New in version 1.2, you are now able to compress and decompress your mactomb. Compressing a mactomb will help you save some space: it uses zlib compression at the higest level (9).
Please note that compressing a mactomb will make it read-only
While this can be seen as a disadvantage, it can be quite useful in the following scenarios:
- you need to transfer a big mactomb and don't have much space/bandwith available
- you need only to read the mactomb's content, so there is no need for writing support
mactomb provides also a decompress command that decompress a compressed mactomb file, making it read-write
If you have your original folder, move there and type git pull. If not, you'd do better to clone the repository or download the zip file.
Using the -v flag, you can have the final result printed as a Mac OS X notification.
MacTomb uses hdiutil to create the encrypted DMG. The parameters are specified at the bottom of the script. As previously stated, it uses AES256 and by default hdiutil uses CBC mode. The file system is HFS+, the native and well supported one by Mac OS X.
The template.app directory is used to create the Automator script. If you don't know what Automator is, this is a good start: http://www.raywenderlich.com/58986/automator-for-mac-tutorial-and-examples