From 7a17d429d552fd955bfdd3e83869a0b57db9fd6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= Date: Wed, 26 Jun 2024 19:07:18 +0200 Subject: [PATCH] feat(key): make `UnlockPolicy::Fail` more useful MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We already can check if an fs is encrypted with `bcachefs unlock -c`. With this option we can now instead check if we have a key but not actually mount by not specifying a mount point. e.g. ```sh if bcachefs mount -k fail "$blkdev"`; then echo "device is unlocked!" fi ``` Not sure what the original intent for this was. For scenarios where encryption is simply not supported on principle? Signed-off-by: Thomas Mühlbacher --- src/key.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/key.rs b/src/key.rs index 78f61388..0a2d08da 100644 --- a/src/key.rs +++ b/src/key.rs @@ -25,7 +25,8 @@ const BCH_KEY_MAGIC: &str = "bch**key"; #[derive(Clone, Debug, clap::ValueEnum, strum::Display)] pub enum UnlockPolicy { - /// Don't ask for passphrase, fail if filesystem is encrypted + /// Don't ask for passphrase, if the key cannot be found in the keyring just + /// fail Fail, /// Wait for passphrase to become available before mounting Wait, @@ -42,7 +43,7 @@ impl UnlockPolicy { info!("Using filesystem unlock policy '{self}' on {uuid}"); match self { - Self::Fail => Err(anyhow!("no passphrase available")), + Self::Fail => KeyHandle::new_from_search(&uuid), Self::Wait => Ok(KeyHandle::wait_for_unlock(&uuid)?), Self::Ask => Passphrase::new_from_prompt().and_then(|p| KeyHandle::new(sb, &p)), Self::Stdin => Passphrase::new_from_stdin().and_then(|p| KeyHandle::new(sb, &p)),