diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-01-29 19:27:10 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-29 19:27:10 -0800 |
| commit | c4fa1f4ccb407f44dfabf91d1214f06c277a1b9f (patch) | |
| tree | 1711ccb6829abcf03a6874878d4fbd1709865e1e /cmd/fscrypt/flags.go | |
| parent | 0f06c53388f8b020e1a0d48af2f5e334c4ec2aca (diff) | |
cmd/fscrypt/commands: allow disabling recovery passphrase (#193)
While it's important to generate a recovery passphrase in the linked
protector case to avoid data loss if the system is reinstalled, some
people really don't want it (even though it can be safely ignored as it
almost certainly has far more entropy than the login passphrase).
As a compromise, prompt for y/n before generating it, with default y.
Also, to allow disabling the recovery passphrase during noninteractive
use, add a --no-recovery command-line option.
Update https://github.com/google/fscrypt/issues/186
Diffstat (limited to 'cmd/fscrypt/flags.go')
| -rw-r--r-- | cmd/fscrypt/flags.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index b7933c9..ce2f30e 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -116,7 +116,7 @@ var ( allFlags = []prettyFlag{helpFlag, versionFlag, verboseFlag, quietFlag, forceFlag, legacyFlag, skipUnlockFlag, timeTargetFlag, sourceFlag, nameFlag, keyFileFlag, protectorFlag, - unlockWithFlag, policyFlag, allUsersFlag} + unlockWithFlag, policyFlag, allUsersFlag, noRecoveryFlag} // universalFlags contains flags that should be on every command universalFlags = []cli.Flag{verboseFlag, quietFlag, helpFlag} ) @@ -178,6 +178,10 @@ var ( different from the one you're locking it as. This flag is only implemented for v2 encryption policies.`, } + noRecoveryFlag = &boolFlag{ + Name: "no-recovery", + Usage: `Don't ask to generate a recovery passphrase.`, + } ) // Option flags: used to specify options instead of being prompted for them |