diff options
author | Thomas Mühlbacher <tmuehlbacher@posteo.net> | 2024-06-26 19:07:18 +0200 |
---|---|---|
committer | Thomas Mühlbacher <tmuehlbacher@posteo.net> | 2024-06-26 19:14:45 +0200 |
commit | 7a17d429d552fd955bfdd3e83869a0b57db9fd6f (patch) | |
tree | 2cd7544b7930bd6616aa013170d032e342e47540 | |
parent | ee5f3719d33ae3ff227aaeda686c7faba33b847d (diff) |
feat(key): make `UnlockPolicy::Fail` more useful
We already can check if an fs is encrypted with `bcachefs unlock -c`.
With this option we can now instead check if we have a key but not
actually mount by not specifying a mount point. e.g.
```sh
if bcachefs mount -k fail "$blkdev"`; then
echo "device is unlocked!"
fi
```
Not sure what the original intent for this was. For scenarios where
encryption is simply not supported on principle?
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
-rw-r--r-- | src/key.rs | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -25,7 +25,8 @@ const BCH_KEY_MAGIC: &str = "bch**key"; #[derive(Clone, Debug, clap::ValueEnum, strum::Display)] pub enum UnlockPolicy { - /// Don't ask for passphrase, fail if filesystem is encrypted + /// Don't ask for passphrase, if the key cannot be found in the keyring just + /// fail Fail, /// Wait for passphrase to become available before mounting Wait, @@ -42,7 +43,7 @@ impl UnlockPolicy { info!("Using filesystem unlock policy '{self}' on {uuid}"); match self { - Self::Fail => Err(anyhow!("no passphrase available")), + Self::Fail => KeyHandle::new_from_search(&uuid), Self::Wait => Ok(KeyHandle::wait_for_unlock(&uuid)?), Self::Ask => Passphrase::new_from_prompt().and_then(|p| KeyHandle::new(sb, &p)), Self::Stdin => Passphrase::new_from_stdin().and_then(|p| KeyHandle::new(sb, &p)), |