diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-01-29 19:27:10 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-29 19:27:10 -0800 |
| commit | c4fa1f4ccb407f44dfabf91d1214f06c277a1b9f (patch) | |
| tree | 1711ccb6829abcf03a6874878d4fbd1709865e1e /cmd/fscrypt/commands.go | |
| parent | 0f06c53388f8b020e1a0d48af2f5e334c4ec2aca (diff) | |
cmd/fscrypt/commands: allow disabling recovery passphrase (#193)
While it's important to generate a recovery passphrase in the linked
protector case to avoid data loss if the system is reinstalled, some
people really don't want it (even though it can be safely ignored as it
almost certainly has far more entropy than the login passphrase).
As a compromise, prompt for y/n before generating it, with default y.
Also, to allow disabling the recovery passphrase during noninteractive
use, add a --no-recovery command-line option.
Update https://github.com/google/fscrypt/issues/186
Diffstat (limited to 'cmd/fscrypt/commands.go')
| -rw-r--r-- | cmd/fscrypt/commands.go | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index e807d46..4a59d30 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -105,7 +105,7 @@ var Encrypt = cli.Command{ immediately be used.`, directoryArg, shortDisplay(policyFlag), shortDisplay(protectorFlag), mountpointArg), Flags: []cli.Flag{policyFlag, unlockWithFlag, protectorFlag, sourceFlag, - userFlag, nameFlag, keyFileFlag, skipUnlockFlag}, + userFlag, nameFlag, keyFileFlag, skipUnlockFlag, noRecoveryFlag}, Action: encryptAction, } @@ -239,13 +239,16 @@ func encryptPath(path string) (err error) { } }() - // Automatically generate a recovery passphrase if the protector - // is on a different filesystem from the policy. In practice, - // this happens for login passphrase-protected directories that + // Ask to generate a recovery passphrase if the protector is on + // a different filesystem from the policy. In practice, this + // happens for login passphrase-protected directories that // aren't on the root filesystem, since login protectors are // always stored on the root filesystem. - if ctx.Mount != protector.Context.Mount { - fmt.Printf("Generating recovery passphrase because protector is on a different filesystem.\n") + var needRecovery bool + if ctx.Mount != protector.Context.Mount && !noRecoveryFlag.Value { + needRecovery, err = askQuestion("Protector is on a different filesystem! Generate a recovery passphrase (recommended)?", true) + } + if needRecovery { var recoveryProtector *actions.Protector if recoveryPassphrase, recoveryProtector, err = actions.AddRecoveryPassphrase( policy, filepath.Base(path)); err != nil { |