tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE

commit 45c5b53cc46043c2632a09a7f364f8eac765a287
parent f1c6245c80bc02a5ed15e178c3c46fe2bf3c6d16
Author: hellekin <hellekin@dyne.org>
Date:   Fri, 26 Dec 2014 23:42:39 -0300

Restore -o and make explicit it means 'options local to subcommand' (Closes #182)

Diffstat:
Mtomb | 39++++++++++++++++++---------------------
1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/tomb b/tomb @@ -592,11 +592,12 @@ usage() { _print "\000" _print "Options:" _print "\000" - _print " -c alternate encryption algorithm (forge and lock)" _print " -s size of the tomb file when creating/resizing one (in MB)" _print " -k path to the key to be used ('-k -' to read from stdin)" _print " -n don't process the hooks found in tomb" - _print " -o mount options used to open (default: rw,noatime,nodev)" + _print " -o options passed to local command, e.g.:" + _print " - mount options used to open (default: rw,noatime,nodev)" + _print " - an alternate cipher to forge and lock" _print " -f force operation (i.e. even if swap is active)" [[ $KDF == 1 ]] && { _print " --kdf generate passwords armored against dictionary attacks" @@ -1379,12 +1380,11 @@ dig_tomb() { # Step two -- Create a detached key to lock a tomb with # -# Synopsis: forge_key [destkey|-k destkey] [-c algo|--cipher=algo] +# Synopsis: forge_key [destkey|-k destkey] [-o cipher] # # Arguments: # -k path to destination keyfile -# -o DEPRECATED use -c instead -# -c | --cipher Use an alternate algorithm +# -o Use an alternate algorithm # forge_key() { # can be specified both as simple argument or using -k @@ -1410,11 +1410,8 @@ forge_key() { ls -lh $destkey _failure "Forging this key would overwrite an existing file. Operation aborted." } - # Update algorithm if it was passed on the command line with -c - { option_is_set -o } && { - _warning "DEPRECATED: use -c or --cipher to specify an alternate encryption algorithm" - algopt="$(option_value -o)" } - { option_is_set -c } && algopt="$(option_value -c)" + # Update algorithm if it was passed on the command line with -o + { option_is_set -o } && algopt="$(option_value -o)" [[ -n "$algopt" ]] && algo=$algopt _message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \ @@ -1476,14 +1473,14 @@ forge_key() { # Step three -- Lock tomb # -# Synopsis: tomb_lock file.tomb file.tomb.key [-c cipher] +# Synopsis: tomb_lock file.tomb file.tomb.key [-o cipher] # # Lock the given tomb with the given key file, in fact formatting the # loopback volume as a LUKS device. -# Default cipher 'aes-xts-plain64:sha256'can be overridden with -c +# Default cipher 'aes-xts-plain64:sha256'can be overridden with -o lock_tomb_with_key() { # old default was aes-cbc-essiv:sha256 - # Override with -c or --cipher + # Override with -o # for more alternatives refer to cryptsetup(8) local cipher="aes-xts-plain64:sha256" @@ -1522,10 +1519,7 @@ lock_tomb_with_key() { _load_key # Try loading key from option -k and set TOMBKEYFILE # the encryption cipher for a tomb can be set when locking using -c - { option_is_set -o } && { - _warning "DEPRECATED: use -c or --cipher to specify an alternate encryption algorithm" - algopt="$(option_value -o)" } - { option_is_set -c } && algopt="$(option_value -c)" + { option_is_set -o } && algopt="$(option_value -o)" [[ -n "$algopt" ]] && cipher=$algopt _message "Locking using cipher: ::1 cipher::" $cipher @@ -2429,7 +2423,9 @@ main() { # Hi, dear developer! Are you trying to add a new subcommand, or # to add some options? Well, keep in mind that option names are # global: they cannot bear a different meaning or behaviour across - # subcommands. + # subcommands. The only exception is "-o" which means: "options + # passed to the local subcommand", and thus can bear a different + # meaning for different subcommands. # # For example, "-s" means "size" and accepts one argument. If you # are tempted to add an alternate option "-s" (e.g., to mean @@ -2446,15 +2442,16 @@ main() { # main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe) subcommands_opts[__default]="" + # -o in open and mount is used to pass alternate mount options subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: " subcommands_opts[mount]=${subcommands_opts[open]} subcommands_opts[create]="" # deprecated, will issue warning - # TODO: remove deprecated option -o in next major release (-c replaces it) - subcommands_opts[forge]="-ignore-swap k: -kdf: o: c: -cipher=c -tomb-pwd: -use-urandom " + # -o in forge and lock is used to pass an alternate cipher. + subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom " subcommands_opts[dig]="-ignore-swap s: -size=s " - subcommands_opts[lock]="-ignore-swap k: -kdf: o: c: -cipher=c -tomb-pwd: " + subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: " subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: " subcommands_opts[engrave]="k: "