tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit 45c5b53cc46043c2632a09a7f364f8eac765a287
parent f1c6245c80bc02a5ed15e178c3c46fe2bf3c6d16
Author: hellekin <hellekin@dyne.org>
Date:   Fri, 26 Dec 2014 23:42:39 -0300

Restore -o and make explicit it means 'options local to subcommand' (Closes #182)

Diffstat:

Mtomb | 39++++++++++++++++++---------------------


1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/tomb b/tomb
@@ -592,11 +592,12 @@ usage() {
     _print "\000"
     _print "Options:"
     _print "\000"
-    _print " -c     alternate encryption algorithm (forge and lock)"
     _print " -s     size of the tomb file when creating/resizing one (in MB)"
     _print " -k     path to the key to be used ('-k -' to read from stdin)"
     _print " -n     don't process the hooks found in tomb"
-    _print " -o     mount options used to open (default: rw,noatime,nodev)"
+    _print " -o     options passed to local command, e.g.:"
+    _print "          - mount options used to open (default: rw,noatime,nodev)"
+    _print "          - an alternate cipher to forge and lock"
     _print " -f     force operation (i.e. even if swap is active)"
     [[ $KDF == 1 ]] && {
         _print " --kdf  generate passwords armored against dictionary attacks"
@@ -1379,12 +1380,11 @@ dig_tomb() {
 
 # Step two -- Create a detached key to lock a tomb with
 #
-# Synopsis: forge_key [destkey|-k destkey] [-c algo|--cipher=algo]
+# Synopsis: forge_key [destkey|-k destkey] [-o cipher]
 #
 # Arguments:
 # -k                path to destination keyfile
-# -o                DEPRECATED use -c instead
-# -c | --cipher     Use an alternate algorithm
+# -o                Use an alternate algorithm
 #
 forge_key() {
     # can be specified both as simple argument or using -k
@@ -1410,11 +1410,8 @@ forge_key() {
         ls -lh $destkey
         _failure "Forging this key would overwrite an existing file. Operation aborted." }
 
-    # Update algorithm if it was passed on the command line with -c
-    { option_is_set -o } && {
-	_warning "DEPRECATED: use -c or --cipher to specify an alternate encryption algorithm"
-	algopt="$(option_value -o)" }
-    { option_is_set -c } && algopt="$(option_value -c)"
+    # Update algorithm if it was passed on the command line with -o
+    { option_is_set -o } && algopt="$(option_value -o)"
     [[ -n "$algopt" ]] && algo=$algopt
 
     _message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
@@ -1476,14 +1473,14 @@ forge_key() {
 
 # Step three -- Lock tomb
 #
-# Synopsis: tomb_lock file.tomb file.tomb.key [-c cipher]
+# Synopsis: tomb_lock file.tomb file.tomb.key [-o cipher]
 #
 # Lock the given tomb with the given key file, in fact formatting the
 # loopback volume as a LUKS device.
-# Default cipher 'aes-xts-plain64:sha256'can be overridden with -c
+# Default cipher 'aes-xts-plain64:sha256'can be overridden with -o
 lock_tomb_with_key() {
     # old default was aes-cbc-essiv:sha256
-    # Override with -c or --cipher
+    # Override with -o
     # for more alternatives refer to cryptsetup(8)
     local cipher="aes-xts-plain64:sha256"
 
@@ -1522,10 +1519,7 @@ lock_tomb_with_key() {
     _load_key    # Try loading key from option -k and set TOMBKEYFILE
 
     # the encryption cipher for a tomb can be set when locking using -c
-    { option_is_set -o } && {
-	_warning "DEPRECATED: use -c or --cipher to specify an alternate encryption algorithm"
-	algopt="$(option_value -o)" }
-    { option_is_set -c } && algopt="$(option_value -c)"
+    { option_is_set -o } && algopt="$(option_value -o)"
     [[ -n "$algopt" ]] && cipher=$algopt
     _message "Locking using cipher: ::1 cipher::" $cipher
 
@@ -2429,7 +2423,9 @@ main() {
     # Hi, dear developer!  Are you trying to add a new subcommand, or
     # to add some options?  Well, keep in mind that option names are
     # global: they cannot bear a different meaning or behaviour across
-    # subcommands.
+    # subcommands.  The only exception is "-o" which means: "options
+    # passed to the local subcommand", and thus can bear a different
+    # meaning for different subcommands.
     #
     # For example, "-s" means "size" and accepts one argument. If you
     # are tempted to add an alternate option "-s" (e.g., to mean
@@ -2446,15 +2442,16 @@ main() {
     #
     main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe)
     subcommands_opts[__default]=""
+    # -o in open and mount is used to pass alternate mount options
     subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: "
     subcommands_opts[mount]=${subcommands_opts[open]}
 
     subcommands_opts[create]="" # deprecated, will issue warning
 
-    # TODO: remove deprecated option -o in next major release (-c replaces it)
-    subcommands_opts[forge]="-ignore-swap k: -kdf: o: c: -cipher=c -tomb-pwd: -use-urandom "
+    # -o in forge and lock is used to pass an alternate cipher.
+    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom "
     subcommands_opts[dig]="-ignore-swap s: -size=s "
-    subcommands_opts[lock]="-ignore-swap k: -kdf: o: c: -cipher=c -tomb-pwd: "
+    subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: "
     subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
     subcommands_opts[engrave]="k: "