restic/cmd/restic/cmd_key_passwd.go

package main

import (
	"context"
	"fmt"

	"github.com/restic/restic/internal/errors"
	"github.com/restic/restic/internal/repository"
	"github.com/spf13/cobra"
)

var cmdKeyPasswd = &cobra.Command{
	Use:   "passwd",
	Short: "Change key (password); creates a new key ID and removes the old key ID, returns new key ID",
	Long: `
The "passwd" sub-command creates a new key, validates the key and remove the old key ID.
Returns the new key ID. 

EXIT STATUS
===========

Exit status is 0 if the command is successful, and non-zero if there was any error.
	`,
	DisableAutoGenTag: true,
}

type KeyPasswdOptions struct {
	KeyAddOptions
}

func init() {
	cmdKey.AddCommand(cmdKeyPasswd)

	var keyPasswdOpts KeyPasswdOptions
	keyPasswdOpts.KeyAddOptions.Add(cmdKeyPasswd.Flags())
	cmdKeyPasswd.RunE = func(cmd *cobra.Command, args []string) error {
		return runKeyPasswd(cmd.Context(), globalOptions, keyPasswdOpts, args)
	}
}

func runKeyPasswd(ctx context.Context, gopts GlobalOptions, opts KeyPasswdOptions, args []string) error {
	if len(args) > 0 {
		return fmt.Errorf("the key passwd command expects no arguments, only options - please see `restic help key passwd` for usage and flags")
	}

	ctx, repo, unlock, err := openWithExclusiveLock(ctx, gopts, false)
	if err != nil {
		return err
	}
	defer unlock()

	return changePassword(ctx, repo, gopts, opts)
}

func changePassword(ctx context.Context, repo *repository.Repository, gopts GlobalOptions, opts KeyPasswdOptions) error {
	pw, err := getNewPassword(ctx, gopts, opts.NewPasswordFile, opts.InsecureNoPassword)
	if err != nil {
		return err
	}

	id, err := repository.AddKey(ctx, repo, pw, "", "", repo.Key())
	if err != nil {
		return errors.Fatalf("creating new key failed: %v\n", err)
	}
	oldID := repo.KeyID()

	err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)
	if err != nil {
		return err
	}

	err = repository.RemoveKey(ctx, repo, oldID)
	if err != nil {
		return err
	}

	Verbosef("saved new key as %s\n", id)

	return nil
}
key: move add, list, remove, passwd to sub-commands docs: improve the sub-command docs changelog: add the unreleased changelog for the key command updates key: update integration tests 2024-02-04 15:40:23 +01:00			`package main`

			`import (`
			`"context"`
			`"fmt"`

			`"github.com/restic/restic/internal/errors"`
			`"github.com/restic/restic/internal/repository"`
			`"github.com/spf13/cobra"`
			`)`

			`var cmdKeyPasswd = &cobra.Command{`
			`Use: "passwd",`
			`Short: "Change key (password); creates a new key ID and removes the old key ID, returns new key ID",`
			Long: `
			`The "passwd" sub-command creates a new key, validates the key and remove the old key ID.`
			`Returns the new key ID.`

			`EXIT STATUS`
			`===========`

			`Exit status is 0 if the command is successful, and non-zero if there was any error.`
			`,
			`DisableAutoGenTag: true,`
			`}`

			`type KeyPasswdOptions struct {`
			`KeyAddOptions`
			`}`

			`func init() {`
			`cmdKey.AddCommand(cmdKeyPasswd)`

key add/passwd: deduplicate options setup and remove globals The current pattern of using a global options variable is problematic. 2024-05-18 18:25:09 +02:00			`var keyPasswdOpts KeyPasswdOptions`
			`keyPasswdOpts.KeyAddOptions.Add(cmdKeyPasswd.Flags())`
			`cmdKeyPasswd.RunE = func(cmd *cobra.Command, args []string) error {`
			`return runKeyPasswd(cmd.Context(), globalOptions, keyPasswdOpts, args)`
			`}`
key: move add, list, remove, passwd to sub-commands docs: improve the sub-command docs changelog: add the unreleased changelog for the key command updates key: update integration tests 2024-02-04 15:40:23 +01:00			`}`

			`func runKeyPasswd(ctx context.Context, gopts GlobalOptions, opts KeyPasswdOptions, args []string) error {`
			`if len(args) > 0 {`
			return fmt.Errorf("the key passwd command expects no arguments, only options - please see `restic help key passwd` for usage and flags")
			`}`

lock: replace lockRepo(Exclusive) with openWith(Read/Write/Exclusive)Lock The new functions much better convey the intent behind the lock request. This allows cleanly integrating noLock (for read) and dryRun (write/exclusive) handling. There are only minor changes to existing behavior with two exceptions: - `tag` no longer accepts the `--no-lock` flag. As it replaces files in the repository, this always requires an exclusive lock. - `debug examine` now returns an error if both `--extract-pack` and `--no-lock` are given. 2024-02-24 15:19:02 +01:00			`ctx, repo, unlock, err := openWithExclusiveLock(ctx, gopts, false)`
key: move add, list, remove, passwd to sub-commands docs: improve the sub-command docs changelog: add the unreleased changelog for the key command updates key: update integration tests 2024-02-04 15:40:23 +01:00			`if err != nil {`
			`return err`
			`}`
lock: replace lockRepo(Exclusive) with openWith(Read/Write/Exclusive)Lock The new functions much better convey the intent behind the lock request. This allows cleanly integrating noLock (for read) and dryRun (write/exclusive) handling. There are only minor changes to existing behavior with two exceptions: - `tag` no longer accepts the `--no-lock` flag. As it replaces files in the repository, this always requires an exclusive lock. - `debug examine` now returns an error if both `--extract-pack` and `--no-lock` are given. 2024-02-24 15:19:02 +01:00			`defer unlock()`
key: move add, list, remove, passwd to sub-commands docs: improve the sub-command docs changelog: add the unreleased changelog for the key command updates key: update integration tests 2024-02-04 15:40:23 +01:00
			`return changePassword(ctx, repo, gopts, opts)`
			`}`

			`func changePassword(ctx context.Context, repo *repository.Repository, gopts GlobalOptions, opts KeyPasswdOptions) error {`
Add --insecure-no-password option This also includes two derived options `--from-insecure-no-password` used for commands that require specifying a source repository. And `--new-insecure-no-password` for the `key add` and `key passwd` commands. Specifying `--insecure-no-password` disabled the password prompt and immediately uses an empty password. Passing a password via CLI option or environment variable at the same time is an error. 2024-05-18 18:59:29 +02:00			`pw, err := getNewPassword(ctx, gopts, opts.NewPasswordFile, opts.InsecureNoPassword)`
key: move add, list, remove, passwd to sub-commands docs: improve the sub-command docs changelog: add the unreleased changelog for the key command updates key: update integration tests 2024-02-04 15:40:23 +01:00			`if err != nil {`
			`return err`
			`}`

			`id, err := repository.AddKey(ctx, repo, pw, "", "", repo.Key())`
			`if err != nil {`
			`return errors.Fatalf("creating new key failed: %v\n", err)`
			`}`
			`oldID := repo.KeyID()`

			`err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)`
			`if err != nil {`
			`return err`
			`}`

			`err = repository.RemoveKey(ctx, repo, oldID)`
			`if err != nil {`
			`return err`
			`}`

			`Verbosef("saved new key as %s\n", id)`

			`return nil`
			`}`