forked from TrueCloudLab/restic
Merge pull request #1133 from middelink/fix-1132
Force restic to ask the password when adding a key.
This commit is contained in:
commit
2e804511ca
5 changed files with 40 additions and 28 deletions
|
@ -249,7 +249,7 @@ func readBackupFromStdin(opts BackupOptions, gopts GlobalOptions, args []string)
|
||||||
return errors.Fatal("filename for backup from stdin must not be empty")
|
return errors.Fatal("filename for backup from stdin must not be empty")
|
||||||
}
|
}
|
||||||
|
|
||||||
if gopts.password == "" && gopts.PasswordFile == "" {
|
if gopts.password == "" {
|
||||||
return errors.Fatal("unable to read password from stdin when data is to be read from stdin, use --password-file or $RESTIC_PASSWORD")
|
return errors.Fatal("unable to read password from stdin when data is to be read from stdin, use --password-file or $RESTIC_PASSWORD")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -322,8 +322,8 @@ func readLinesFromFile(filename string) ([]string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func runBackup(opts BackupOptions, gopts GlobalOptions, args []string) error {
|
func runBackup(opts BackupOptions, gopts GlobalOptions, args []string) error {
|
||||||
if opts.FilesFrom == "-" && gopts.password == "" && gopts.PasswordFile == "" {
|
if opts.FilesFrom == "-" && gopts.password == "" {
|
||||||
return errors.Fatal("no password; either use `--password-file` option or put the password into the RESTIC_PASSWORD environment variable")
|
return errors.Fatal("unable to read password from stdin when data is to be read from stdin, use --password-file or $RESTIC_PASSWORD")
|
||||||
}
|
}
|
||||||
|
|
||||||
fromfile, err := readLinesFromFile(opts.FilesFrom)
|
fromfile, err := readLinesFromFile(opts.FilesFrom)
|
||||||
|
|
|
@ -34,14 +34,12 @@ func runInit(gopts GlobalOptions, args []string) error {
|
||||||
return errors.Fatalf("create backend at %s failed: %v\n", gopts.Repo, err)
|
return errors.Fatalf("create backend at %s failed: %v\n", gopts.Repo, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if gopts.password == "" {
|
|
||||||
gopts.password, err = ReadPasswordTwice(gopts,
|
gopts.password, err = ReadPasswordTwice(gopts,
|
||||||
"enter password for new backend: ",
|
"enter password for new backend: ",
|
||||||
"enter password again: ")
|
"enter password again: ")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
s := repository.New(be)
|
s := repository.New(be)
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,12 @@ func getNewPassword(gopts GlobalOptions) (string, error) {
|
||||||
return testKeyNewPassword, nil
|
return testKeyNewPassword, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return ReadPasswordTwice(gopts,
|
// Since we already have an open repository, temporary remove the password
|
||||||
|
// to prompt the user for the passwd.
|
||||||
|
newopts := gopts
|
||||||
|
newopts.password = ""
|
||||||
|
|
||||||
|
return ReadPasswordTwice(newopts,
|
||||||
"enter password for new key: ",
|
"enter password for new key: ",
|
||||||
"enter password again: ")
|
"enter password again: ")
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,11 +53,6 @@ var globalOptions = GlobalOptions{
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
pw := os.Getenv("RESTIC_PASSWORD")
|
|
||||||
if pw != "" {
|
|
||||||
globalOptions.password = pw
|
|
||||||
}
|
|
||||||
|
|
||||||
var cancel context.CancelFunc
|
var cancel context.CancelFunc
|
||||||
globalOptions.ctx, cancel = context.WithCancel(context.Background())
|
globalOptions.ctx, cancel = context.WithCancel(context.Background())
|
||||||
AddCleanupHandler(func() error {
|
AddCleanupHandler(func() error {
|
||||||
|
@ -207,6 +202,20 @@ func Exitf(exitcode int, format string, args ...interface{}) {
|
||||||
Exit(exitcode)
|
Exit(exitcode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// resolvePassword determines the password to be used for opening the repository.
|
||||||
|
func resolvePassword(opts GlobalOptions, env string) (string, error) {
|
||||||
|
if opts.PasswordFile != "" {
|
||||||
|
s, err := ioutil.ReadFile(opts.PasswordFile)
|
||||||
|
return strings.TrimSpace(string(s)), errors.Wrap(err, "Readfile")
|
||||||
|
}
|
||||||
|
|
||||||
|
if pwd := os.Getenv(env); pwd != "" {
|
||||||
|
return pwd, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
|
||||||
// readPassword reads the password from the given reader directly.
|
// readPassword reads the password from the given reader directly.
|
||||||
func readPassword(in io.Reader) (password string, err error) {
|
func readPassword(in io.Reader) (password string, err error) {
|
||||||
buf := make([]byte, 1000)
|
buf := make([]byte, 1000)
|
||||||
|
@ -238,13 +247,8 @@ func readPasswordTerminal(in *os.File, out io.Writer, prompt string) (password s
|
||||||
// ReadPassword reads the password from a password file, the environment
|
// ReadPassword reads the password from a password file, the environment
|
||||||
// variable RESTIC_PASSWORD or prompts the user.
|
// variable RESTIC_PASSWORD or prompts the user.
|
||||||
func ReadPassword(opts GlobalOptions, prompt string) (string, error) {
|
func ReadPassword(opts GlobalOptions, prompt string) (string, error) {
|
||||||
if opts.PasswordFile != "" {
|
if opts.password != "" {
|
||||||
s, err := ioutil.ReadFile(opts.PasswordFile)
|
return opts.password, nil
|
||||||
return strings.TrimSpace(string(s)), errors.Wrap(err, "Readfile")
|
|
||||||
}
|
|
||||||
|
|
||||||
if pwd := os.Getenv("RESTIC_PASSWORD"); pwd != "" {
|
|
||||||
return pwd, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -303,12 +307,10 @@ func OpenRepository(opts GlobalOptions) (*repository.Repository, error) {
|
||||||
|
|
||||||
s := repository.New(be)
|
s := repository.New(be)
|
||||||
|
|
||||||
if opts.password == "" {
|
|
||||||
opts.password, err = ReadPassword(opts, "enter password for repository: ")
|
opts.password, err = ReadPassword(opts, "enter password for repository: ")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
err = s.SearchKey(context.TODO(), opts.password, maxKeys)
|
err = s.SearchKey(context.TODO(), opts.password, maxKeys)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -36,6 +36,13 @@ directories in an encrypted repository stored on different backends.
|
||||||
}
|
}
|
||||||
globalOptions.extended = opts
|
globalOptions.extended = opts
|
||||||
|
|
||||||
|
pwd, err := resolvePassword(globalOptions, "RESTIC_PASSWORD")
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "Resolving password failed: %v\n", err)
|
||||||
|
Exit(1)
|
||||||
|
}
|
||||||
|
globalOptions.password = pwd
|
||||||
|
|
||||||
// run the debug functions for all subcommands (if build tag "debug" is
|
// run the debug functions for all subcommands (if build tag "debug" is
|
||||||
// enabled)
|
// enabled)
|
||||||
if err := runDebug(); err != nil {
|
if err := runDebug(); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue