Force restic to ask the password when adding a key.

As `restic key add` uses the same `ReadPasswordTwice()` as the
rest of restic, it is sensitive to the environment variable
RESTIC_PASSWORD or --password-file= override.

When asking for the new key, temporary remove these 2 overrides, forcing
the password to be asked.
This commit is contained in:
Pauline Middelink 2017-07-24 22:00:44 +02:00
parent 608adf15a3
commit d9b9bbd4a8

View file

@ -3,6 +3,7 @@ package main
import ( import (
"context" "context"
"fmt" "fmt"
"os"
"github.com/restic/restic/internal/errors" "github.com/restic/restic/internal/errors"
"github.com/restic/restic/internal/repository" "github.com/restic/restic/internal/repository"
@ -59,7 +60,16 @@ func getNewPassword(gopts GlobalOptions) (string, error) {
return testKeyNewPassword, nil return testKeyNewPassword, nil
} }
return ReadPasswordTwice(gopts, // Since we already have an open repository, temporary remove the overrides
// to prompt the user for their passwd
oldPasswd := os.Getenv("RESTIC_PASSWORD")
defer func() { os.Setenv("RESTIC_PASSWORD", oldPasswd) }()
os.Unsetenv("RESTIC_PASSWORD")
newopts := gopts
newopts.password = ""
newopts.PasswordFile = ""
return ReadPasswordTwice(newopts,
"enter password for new key: ", "enter password for new key: ",
"enter password again: ") "enter password again: ")
} }