On 23-08-17 02:21:18, Klemens Nanni wrote: > On Fri, Aug 11, 2023 at 03:44:46PM +0000, Klemens Nanni wrote: > > On Wed, Aug 02, 2023 at 10:37:36AM +0000, Klemens Nanni wrote: > > > Creating new volumes prompts > > > Passphrase: > > > Re-type passphrase: > > > which is sane for interative usage, but -s (which omits prompts) to read > > > from stdin also prompts twice. > > > > > > I think that's neither intuitive nor ergonomical and as intended for > > > non-interactive scripts, -s should take a new passphase just once. > > > > > > Until a month ago, the manual errorneously said -s could not be used > > > during > > > initial creation anyway, so I worry little about existing scripts like > > > > > > printf '%s\n%s\n' "$pw" "$pw" | bioctl -s -cC -lsd0a softraid0 > > > > > > Diff below makes -s create new volumes with a single passphase: > > > > > > # echo secret | bioctl -s -Cforce -cC -lvnd0a softraid0 > > > bioctl: Passphrases did not match > > > # echo secret | ./obj/bioctl -s -Cforce -cC -lvnd0a softraid0 > > > softraid0: CRYPTO volume attached as sd3 > > > > > > Feedback? Objection? OK? > > > > Ping. > > I'll commit this in a few days unless I hear objections. > > The current -s behaviour is stupid; nothing else I know *silently* prompts > for passphrase *and* confirmation without anything in between. > > This stuff must be either interactive or quiet and one-shot, not in between.
I agree with the intent, however the man page should probably reflect this change (i.e. -s makes it non-interactive and you will not get confirmation). > Index: bioctl.c > =================================================================== > RCS file: /cvs/src/sbin/bioctl/bioctl.c,v > retrieving revision 1.151 > diff -u -p -r1.151 bioctl.c > --- bioctl.c 18 Oct 2022 07:04:20 -0000 1.151 > +++ bioctl.c 17 Aug 2023 02:16:37 -0000 > @@ -989,7 +989,7 @@ bio_kdf_generate(struct sr_crypto_kdfinf > derive_key(kdfinfo->pbkdf.generic.type, kdfinfo->pbkdf.rounds, > kdfinfo->maskkey, sizeof(kdfinfo->maskkey), > kdfinfo->pbkdf.salt, sizeof(kdfinfo->pbkdf.salt), > - "New passphrase: ", 1); > + "New passphrase: ", rpp_flag == RPP_REQUIRE_TTY ? 1 : 0); I think it would be less ugly to have an iteractive global (or similar) and clear that when -s is given (the correct way to write the above would require masking rpp_flag). > } > > int
