On 2023/08/17 02:21:18 +0000, Klemens Nanni <k...@openbsd.org> wrote: > On Fri, Aug 11, 2023 at 03:44:46PM +0000, Klemens Nanni wrote: > > On Wed, Aug 02, 2023 at 10:37:36AM +0000, Klemens Nanni wrote: > > > Creating new volumes prompts > > > Passphrase: > > > Re-type passphrase: > > > which is sane for interative usage, but -s (which omits prompts) to read > > > from stdin also prompts twice. > > > > > > I think that's neither intuitive nor ergonomical and as intended for > > > non-interactive scripts, -s should take a new passphase just once. > > > > > > Until a month ago, the manual errorneously said -s could not be used > > > during > > > initial creation anyway, so I worry little about existing scripts like > > > > > > printf '%s\n%s\n' "$pw" "$pw" | bioctl -s -cC -lsd0a softraid0 > > > > > > Diff below makes -s create new volumes with a single passphase: > > > > > > # echo secret | bioctl -s -Cforce -cC -lvnd0a softraid0 > > > bioctl: Passphrases did not match > > > # echo secret | ./obj/bioctl -s -Cforce -cC -lvnd0a softraid0 > > > softraid0: CRYPTO volume attached as sd3 > > > > > > Feedback? Objection? OK? > > > > Ping. > > I'll commit this in a few days unless I hear objections. > > The current -s behaviour is stupid; nothing else I know *silently* prompts > for passphrase *and* confirmation without anything in between. > > This stuff must be either interactive or quiet and one-shot, not in between.
fwiw I agree, i find it dumb too to read the password twice when reading from, for e.g., a pipe. Outside of my comfort zone but it reads fine so ok op@. > Index: bioctl.c > =================================================================== > RCS file: /cvs/src/sbin/bioctl/bioctl.c,v > retrieving revision 1.151 > diff -u -p -r1.151 bioctl.c > --- bioctl.c 18 Oct 2022 07:04:20 -0000 1.151 > +++ bioctl.c 17 Aug 2023 02:16:37 -0000 > @@ -989,7 +989,7 @@ bio_kdf_generate(struct sr_crypto_kdfinf > derive_key(kdfinfo->pbkdf.generic.type, kdfinfo->pbkdf.rounds, > kdfinfo->maskkey, sizeof(kdfinfo->maskkey), > kdfinfo->pbkdf.salt, sizeof(kdfinfo->pbkdf.salt), > - "New passphrase: ", 1); > + "New passphrase: ", rpp_flag == RPP_REQUIRE_TTY ? 1 : 0); > } > > int
