Package Details: tomb 2.9-2

Git Clone URL: (read-only, click to copy)
Package Base: tomb
Description: Crypto Undertaker, a simple tool to manage encrypted storage
Upstream URL:
Licenses: GPL3
Submitter: None
Maintainer: parazyd (roddhjav)
Last Packager: roddhjav
Votes: 48
Popularity: 0.015072
First Submitted: 2011-04-15 15:20 (UTC)
Last Updated: 2021-07-04 15:18 (UTC)

Pinned Comments

roddhjav commented on 2020-05-24 12:13 (UTC) (edited on 2020-05-24 12:16 (UTC) by roddhjav)

To install the package first import jaromil PGP key:

gpg --recv-keys 6113D89CA825C5CEDD02C87273B35DA54ACB7D10

Alternatively add keyserver-options auto-key-retrieve to your ~/.gnupg/gpg.conf.

This key can also be found on

Latest Comments

roddhjav commented on 2020-05-24 12:13 (UTC) (edited on 2020-05-24 12:16 (UTC) by roddhjav)

To install the package first import jaromil PGP key:

gpg --recv-keys 6113D89CA825C5CEDD02C87273B35DA54ACB7D10

Alternatively add keyserver-options auto-key-retrieve to your ~/.gnupg/gpg.conf.

This key can also be found on

mmkodali commented on 2020-05-24 08:45 (UTC) (edited on 2020-05-24 08:46 (UTC) by mmkodali)

PKGBUILD giving following error :

==> Verifying source file signatures with gpg...

    Tomb-2.7.tar.gz ... FAILED (unknown public key 73B35DA54ACB7D10)

==> ERROR: One or more PGP signatures could not be verified!

grcancelliere commented on 2020-01-01 16:06 (UTC)

When opening a tomb the command writes this to stdout:

mount_tomb:142: command not found: hostname

This should be because the base installation no longer contains inetutils, could you add it as a dependency?

commented on 2019-07-22 11:29 (UTC)

@hcra: edit PKGBUILD file and add /releases to every source url (you can preview links in browser:${pkgname}/Tomb-...

should be changed to:${pkgname}/releases/Tomb-...

hcra commented on 2019-07-21 10:09 (UTC)

I get this.

curl: (22) The requested URL returned error: 404 Not Found ==> ERROR: Failure while downloading Aborting... Error downloading sources: tomb

Maybe you can take a look at it. Thanks.

hcra commented on 2019-07-21 08:13 (UTC)

Please update the package.

deleted commented on 2019-06-08 11:17 (UTC) (edited on 2019-06-08 13:45 (UTC) by deleted)


pkgver=2.5   ===>    pkgver=2.6
The public key is found at => 404 Not found.

Change to

archprophetpippi commented on 2018-07-30 21:29 (UTC) (edited on 2018-07-30 21:29 (UTC) by archprophetpippi)

Please add "lsof" as a dependency. Most installations have it already, but I just did a clean install and one of the first things I added was tomb and found out it wasn't already there. Tomb needs it to properly kill processes working in the encrypted files when they're being closed rather than just closing the file and some processes are left "high and dry" with nothing to work on.

redfish commented on 2018-07-08 16:44 (UTC) (edited on 2018-07-08 16:51 (UTC) by redfish)

Upstream URL times out for me. Alternative URL: (same hash, but no .asc,.sha files.)

Also, without gtk2 installed (which is not a dep), pinentry fails to find and fails. Workaround: DISPLAY="" tomb .... Best would be to change the pinentry to default to console, but don't know how.

hmfung commented on 2018-07-07 07:14 (UTC)

@anilg: Same problem here but I got pinentry working without using sudo before tomb

anilg commented on 2018-03-19 07:55 (UTC)

I'm getting a problem with pinentry. It seems to be returning an error that prevents tomb forge from going ahead. Returns "Pinentry error: Permission" and aborts, and it looks like pinentry emits "No protocol specified"

TrialnError commented on 2018-01-28 18:20 (UTC)

Optdepends need an adjustment, since your PR for dropping wipe got included into 2.5, parazyd.

kaymio commented on 2017-07-06 20:59 (UTC)

@TrialnError: After importing this key I've still not been able to install tomb, but tomb-git ran and finished...

TrialnError commented on 2017-07-01 20:25 (UTC)

@kaymio: Either import this key (after verifying it) into your personal gnupg keyring (the user that issues makepkg/whatever) or pass --skippgpcheck to the makepkg call

kaymio commented on 2017-07-01 17:06 (UTC)

Validating source files with sha256sums... Tomb-2.4.tar.gz ... Passed Tomb-2.4.tar.gz.sha ... Passed Tomb-2.4.tar.gz.asc ... Passed ==> Verifying source file signatures with gpg... Tomb-2.4.tar.gz ... FAILED (unknown public key 73B35DA54ACB7D10) ==> ERROR: One or more PGP signatures could not be verified!

parazyd commented on 2017-01-03 14:34 (UTC)

@gian: no, not really. If you're up for it, feel free to make your own...

parazyd commented on 2017-01-03 14:33 (UTC)

Updated to 2.3. Sorry for the incovenience, the code is now more secure and was fixed :)

elif commented on 2016-12-30 00:08 (UTC)

heads up, 2.2.3 cannot open existing tombs with zsh 5.3. See this thread for details: patch landed in master.

gian commented on 2016-10-12 15:49 (UTC)

Are you planning to add also the extras, maybe as separated packages ?

parazyd commented on 2016-02-05 00:00 (UTC)

@poorman This shouldn't be happening. Have you been editing your makepkg.conf?

poorman commented on 2016-02-04 23:45 (UTC)

In case anyone else gets this error (and the install fails): error: '/home/poorman/builds/tomb/tomb-2.2-3-x86_64.pkg.tar.xz': could not find or read package the fix that worked for me was to edit line 51 in PKGBUILD: change "arch='any'" to "arch='x84_64'" (or whatever is your actual arch). This one may be obvious to experienced AUR users but I still thought I'd share (this is my first comment in AUR).

JP-Ellis commented on 2016-01-15 12:48 (UTC)

Yup, having ${pkgbase} works: build() { cd ${srcdir}/${pkgbase}-${pkgver}/extras/kdf-keys make }

parazyd commented on 2016-01-14 08:25 (UTC)

Okay, edit line 32 (the build function) to use pkgbase instead of pkgname and try this way. Let me know if it works, then I will update the package.

JP-Ellis commented on 2016-01-14 07:46 (UTC)

I have not modified the PKGBUILD file in any way, it just runs through yaourt. The problem arises because yaourt is trying to install tomb-kdf and the `build()` function has `cd ${srcdir}/${pkgname}-${pkgver}/extras/kdf-keys`. In the case of building tomb-kdf, this expands to `${srcdir}/tomb-kdf-2.2/extras/kdf-keys`; however, the source is actually located in `${srcdir}/tomb-2.2/extras/kdf-keys`, hence the error.

parazyd commented on 2016-01-10 16:22 (UTC) (edited on 2016-01-10 16:23 (UTC) by parazyd)

Have you edited the PKGBUILD? I can install just fine. You have to install both tomb and tomb-kdf though. The -kdf is just additions to tomb, not standalone.

JP-Ellis commented on 2016-01-10 11:16 (UTC)

This fails to compile for me due to the following error: ``` ./PKGBUILD: line 32: cd: /tmp/makepkg/tomb/src/tomb-kdf-2.2/extras/kdf-keys: No such file or directory ```

parazyd commented on 2016-01-01 13:33 (UTC)

Fixed now. Happy new year to you as well!

TrialnError commented on 2016-01-01 12:57 (UTC)

Happy New Year ! One small point to nitpick on. gtomb is not a proper optdepends. Installing it doesn't extend the functionality of the tomb command. It's a program that uses tomb. Different would be the story if you would add the build of the gtomb files that jaromil included with the tomb repo. Then you would add zenity as optdepend to make the the additional binary/script included in the tomb package working

dolphinziyo commented on 2015-12-07 19:22 (UTC)

I tried it before commenting here but didn't work, maybe i did anything wrong. I finally installed it manually from their files. Thank you very much.

alexei commented on 2015-12-07 19:10 (UTC)

@dolphinziyo Edit PKGBUILD (when prompted by yaourt for example, or open manually) and add 'armv6' (my guess for RPi) to 'arch' list.

dolphinziyo commented on 2015-12-07 18:52 (UTC)

Hi @alexei thank you for answering me. I tried to install this package from my Raspberry Pi and it throws an error saying that my architecture isn't compatible with this package. How did you install it? Must I do it manually?

alexei commented on 2015-12-05 21:17 (UTC)

@dolphinziyo: likely to work on arm v6. I use Tomb on Odroid U3 (armv7h) under Arch Linux ARM and do not recall any major problems installing it.

dolphinziyo commented on 2015-12-05 19:05 (UTC)

I would like to install tomb in a Raspberry Pi (arm v6), is this possible?

TrialnError commented on 2015-04-17 18:33 (UTC)

@anderraso: Did you import the gpg key?

anderraso commented on 2015-03-02 08:11 (UTC)

It shows a GPG error: ==> Verificando las firmas de las fuentes con gpg... Tomb-2.0.1.tar.gz ... HA FALLADO (clave pública desconocida 73B35DA54ACB7D10) ==> ERROR: ¡Una o más firmas PGP no pudieron ser verificadas! ==> ERROR: Makepkg no ha podido compilar tomb.

richli commented on 2015-02-03 16:53 (UTC)

@alexei: looks like they've finally added Tomb 2.0.1 to I'll update and re-upload the PKGBUILD when I get some time later today. You can just uncomment out those lines yourself in the meantime, if you want.

alexei commented on 2015-02-01 03:59 (UTC)

URLs worked from the browser, but makepkg (on my system at least) could not fetch from the URLs with '.xsend.php?file=', but fetched fine when that substring was removed from each URL. The download links on the official website do not contain the substring. Perhaps they changed, as the comment in PKGBUILD warns.

TrialnError commented on 2015-01-07 13:34 (UTC)

@richli: Ok. But to justify it shouldn't be a problem ;) It would be maintained, you kind of use it (pointed releases instead of master) and would be an alternative if the pointed release has some serious bugs that are already fixed in git but not released yet (Example 2.0.1 was necessary because Ubuntu based distros had a serious problem with 2.0 ). And learn about upcoming changes that require adjustments in the PKGBuild (example for the next release ) I thought of doing it myself (I still use the pointed releases, but follow upstream devel), but wanted to offer you the possebility to take it (Just because you're maintaining the pointed releases). And since you raised some valid concerns it seems you wouldn't have a problem if someone else takes the git one.

richli commented on 2015-01-07 00:40 (UTC)

@TrialnError: I'm a bit busy for the next while, but if I find some time, I'll see about updating the tomb-git package. Since I don't actually use it, it's hard for me to justify maintaining it. :)

frankspace commented on 2015-01-03 19:50 (UTC)

Thank you, adding that key worked. And I learned something. Thank you!

TrialnError commented on 2015-01-02 16:56 (UTC)

@richli: One question. Since you're maintaining this PKGBuild, could you also maintain the -git[0] one too? It's orphaned and not up to date. Would be nice if that could be changed. _____ [0]

TrialnError commented on 2015-01-02 16:51 (UTC)

frankspace: The possebility was added to check if the signature of a tarball is really signed with the right key (validpgpkeys entry in the PKGBuild). Two ways to handle that: 1) Add the key to your local keyring (just add it, do not sign it) 2) Use makepkg --skippgpcheck See Quote: "Source signatures are required to be from a trusted source or listed in the validpgpkeys array. We also support style source signing"

richli commented on 2015-01-02 16:48 (UTC)

@frankspace: It's because makepkg can't find the public key. You need to run "gpg --recv-keys 0x73b35da54acb7d10" to download the public key into your keyring. No need to trust it or sign it or anything, it just needs to be accessible by gpg/makepkg.

frankspace commented on 2015-01-02 05:04 (UTC)

I'm getting an error that "One or more PGP signatures could not be verified." Specifically, Tomb-2.0.1.tar.gz fails because of "unknown public key 73B35DA54ACB7D10".

richli commented on 2014-12-31 03:01 (UTC)

@jswagner: Hmmm, very interesting. I don't use pacaur, so I took a look. I was able to reproduce your problem, so I tried running pacaur in debug mode to track things down better. It turns out that pacaur (for some reason) calls makepkg as so: makepkg -sfi --pkg tomb Note that the "tomb" package is split into two: "tomb" and "tomb-kdf". I assume that pacaur would call makepkg with "--pkg tomb-kdf" if the first makepkg were successful. Skipping pacaur entirely, I get the same error when I manually run the makepkg command with --pkg. The problem is that it's looking for tomb for the x86_64 architecture (note the filename), but the tomb sub-package overrides the "arch" variable to "any". I checked here [1] and it says that a split package may override the "arch" option as this one does. seems to me like this is a bug with makepkg, unless there's something about split packages I'm not understanding. [1]

jswagner commented on 2014-12-31 02:15 (UTC)

I can build and install this manually, but it failed when I tried to update using pacaur. Like the package up and went missing after cleanup. -- ==> Installing tomb package group with pacman -U... loading packages... error: '/tmp/pacaurtmp-jason/tomb/tomb-2.0.1-1-x86_64.pkg.tar.xz': could not find or read package ==> WARNING: Failed to install built package(s).

richli commented on 2014-11-28 09:10 (UTC)

@TrailnError: Thanks for the notification, I've updated the package. Yeah, I don't know why the URLs don't contain the current release, upstream specifically directed me to use those URLs instead of the current ones. Maybe they'll update it later.

TrialnError commented on 2014-11-28 08:41 (UTC)

They tagged v2.0 and from the Downloads page it can be retrieved[0] But dunno why it differ from the old dl page _____ [0] [1]

richli commented on 2014-05-29 05:10 (UTC)

I found some time and cleaned up the package a bit and am using the new recommended download URLs. Now that AUR 3.0 supports split packages, this is split into "tomb" and "tomb-kdf". Further input welcome.

richli commented on 2014-05-23 16:18 (UTC)

@DaveCode: Yeah, this PKGBUILD is really weird, I only adopted it to at least bring it up to date. As you've pointed out, there are still plenty of fixes it needs. I don't have the time right now to work on this, would you be willing to take over maintainership?

DaveCode commented on 2014-05-23 04:39 (UTC)

BTW I don't have wipe installed and it may be optdepends. Do $ cat src/Tomb-1.5.2/Makefile which says wipe is just "recommended" not required.

DaveCode commented on 2014-05-23 04:29 (UTC)

1. Same err as 2014-01-05 04:16 showing tomb-kdf twice. Best guess, this PKGBUILD breaks AUR guidelines. It lacks a single package() function. It's two packages, not one. It seems to want tomb-kdf as a "shadow package," not kosher. What the heck is true && pkgname=(tomb tomb-kdf) supposed to do? Split into tomb-kdf and tomb separately or merge completely somehow under ONE package name. If the previous maintainer's work was your baseline, it would be easier to start from scratch using info from 2. Oh my...he only signs checksums. Checksums are easy to spoof with mere code comments. Tell jaromil. He needs to sign the tarballs not their checksums. Right now the PKGBUILD doesn't even check a SHA sig, does it? There's a comment in there about his key, but nothing is done with it?

richli commented on 2014-05-21 04:25 (UTC)

@DaveCode: 1) I don't get this error, either by using makepkg or by using pacaur. Namcap doesn't report any errors like this either. I'm not sure how I can troubleshoot this on my end. Is there any more detail you can provide? 2) Check the available files here [1], they don't provide a signature for the tarball itself, only the checksum file. Unless there is one available somewhere else? [1]

DaveCode commented on 2014-05-21 04:01 (UTC)

Thanks for adoption. Issues, 1. Dup target in pacaur when done building pkg and tries to install. error: '/blah/bleh/foo/pacaurtmp-root/tomb/tomb-kdf-1.5.2-1-x86_64.pkg.tar.xz': duplicate target 2. PKGBUILD should verify gpg sig on download tarball, not just sha sums, a security pkg merits full treatment.

richli commented on 2014-05-20 03:50 (UTC)

I've adopted this package and updated it to the current version, 1.5.2.

richli commented on 2014-02-26 05:39 (UTC)

The past couple pastebins are expired, so I updated the PKGBUILD myself for the current version (v1.5.2) and have it here:

DaveCode commented on 2014-01-05 04:16 (UTC)

Here's what tried to run # tail -n 1 /var/log/pacman.log [PACMAN] Running '/usr/bin/pacman -U /tmp/XDG_CACHE_HOME_root/pacaurtmp-root/tomb/tomb-1.4-2-any.pkg.tar.xz /tmp/XDG_CACHE_HOME_root/pacaurtmp-root/tomb/tomb-kdf-1.4-2-x86_64.pkg.tar.xz /tmp/XDG_CACHE_HOME_root/pacaurtmp-root/tomb/tomb-kdf-1.4-2-x86_64.pkg.tar.xz'

DaveCode commented on 2014-01-05 04:11 (UTC)

Voted. Failure report on x86_64: public key glitch and dup target.

fauno commented on 2013-12-04 13:37 (UTC)

i'm sorry! i didn't get the sha verification messages! i'm testing boyska modifications and i'll upload the new pkgrel afterwards :)

BoySka commented on 2013-12-04 11:42 (UTC)

I think this is better packaged: it adds tomb-kdf (which is very important for security) and removes tomb-gui (which is non-working and should be considered WIP) It also solves verification issues by just relying on sha256sum

dolphinziyo commented on 2013-11-01 18:20 (UTC)

Same error here. SHA 256 sums verification failed

demas commented on 2013-10-18 07:23 (UTC)

I have get an error message: ==> Validating source files with sha256sums... Tomb-1.4.tar.gz ... FAILED Tomb-1.4.tar.gz.sha ... Passed Tomb-1.4.tar.gz.sha.asc ... Skipped

fauno commented on 2013-08-06 15:25 (UTC)


npouillard commented on 2013-05-31 11:08 (UTC)

m4 is part of base-devel and base-devel should be made part of explicit requirements. (

maze commented on 2013-05-28 14:29 (UTC)

The PKGBUILD is missing m4 as a requirement: aclocal: warning: couldn't open directory 'm4': No such file or directory

BoySka commented on 2012-01-30 16:06 (UTC)

There is now a repo for this: see [crypto] Server=$arch

BoySka commented on 2011-11-14 15:40 (UTC)

That's the pkgbuild for tomb 1.2

commented on 2011-04-27 18:57 (UTC)

thx BoySka, PKGBUILD updated. :-)

BoySka commented on 2011-04-27 18:18 (UTC)

I think that dcfldd and wipe should be optional dependencies. I don't have it, and used makepkg --nodeps, seems to work just fine