restic/cmd/restic/cmd_key.go

package main

import (
	"context"
	"encoding/json"
	"io/ioutil"
	"os"
	"strings"

	"github.com/restic/restic/internal/errors"
	"github.com/restic/restic/internal/repository"
	"github.com/restic/restic/internal/restic"
	"github.com/restic/restic/internal/ui/table"

	"github.com/spf13/cobra"
)

var cmdKey = &cobra.Command{
	Use:   "key [flags] [list|add|remove|passwd] [ID]",
	Short: "Manage keys (passwords)",
	Long: `
The "key" command manages keys (passwords) for accessing the repository.

EXIT STATUS
===========

Exit status is 0 if the command was successful, and non-zero if there was any error.
`,
	DisableAutoGenTag: true,
	RunE: func(cmd *cobra.Command, args []string) error {
		return runKey(cmd.Context(), globalOptions, args)
	},
}

var (
	newPasswordFile string
	keyUsername     string
	keyHostname     string
)

func init() {
	cmdRoot.AddCommand(cmdKey)

	flags := cmdKey.Flags()
	flags.StringVarP(&newPasswordFile, "new-password-file", "", "", "`file` from which to read the new password")
	flags.StringVarP(&keyUsername, "user", "", "", "the username for new keys")
	flags.StringVarP(&keyHostname, "host", "", "", "the hostname for new keys")
}

func listKeys(ctx context.Context, s *repository.Repository, gopts GlobalOptions) error {
	type keyInfo struct {
		Current  bool   `json:"current"`
		ID       string `json:"id"`
		UserName string `json:"userName"`
		HostName string `json:"hostName"`
		Created  string `json:"created"`
	}

	var keys []keyInfo

	err := s.List(ctx, restic.KeyFile, func(id restic.ID, size int64) error {
		k, err := repository.LoadKey(ctx, s, id.String())
		if err != nil {
			Warnf("LoadKey() failed: %v\n", err)
			return nil
		}

		key := keyInfo{
			Current:  id.String() == s.KeyName(),
			ID:       id.Str(),
			UserName: k.Username,
			HostName: k.Hostname,
			Created:  k.Created.Local().Format(TimeFormat),
		}

		keys = append(keys, key)
		return nil
	})

	if err != nil {
		return err
	}

	if gopts.JSON {
		return json.NewEncoder(globalOptions.stdout).Encode(keys)
	}

	tab := table.New()
	tab.AddColumn(" ID", "{{if .Current}}*{{else}} {{end}}{{ .ID }}")
	tab.AddColumn("User", "{{ .UserName }}")
	tab.AddColumn("Host", "{{ .HostName }}")
	tab.AddColumn("Created", "{{ .Created }}")

	for _, key := range keys {
		tab.AddRow(key)
	}

	return tab.Write(globalOptions.stdout)
}

// testKeyNewPassword is used to set a new password during integration testing.
var testKeyNewPassword string

func getNewPassword(gopts GlobalOptions) (string, error) {
	if testKeyNewPassword != "" {
		return testKeyNewPassword, nil
	}

	if newPasswordFile != "" {
		return loadPasswordFromFile(newPasswordFile)
	}

	// Since we already have an open repository, temporary remove the password
	// to prompt the user for the passwd.
	newopts := gopts
	newopts.password = ""

	return ReadPasswordTwice(newopts,
		"enter new password: ",
		"enter password again: ")
}

func addKey(ctx context.Context, repo *repository.Repository, gopts GlobalOptions) error {
	pw, err := getNewPassword(gopts)
	if err != nil {
		return err
	}

	id, err := repository.AddKey(ctx, repo, pw, keyUsername, keyHostname, repo.Key())
	if err != nil {
		return errors.Fatalf("creating new key failed: %v\n", err)
	}

	err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)
	if err != nil {
		return err
	}

	Verbosef("saved new key as %s\n", id)

	return nil
}

func deleteKey(ctx context.Context, repo *repository.Repository, name string) error {
	if name == repo.KeyName() {
		return errors.Fatal("refusing to remove key currently used to access repository")
	}

	h := restic.Handle{Type: restic.KeyFile, Name: name}
	err := repo.Backend().Remove(ctx, h)
	if err != nil {
		return err
	}

	Verbosef("removed key %v\n", name)
	return nil
}

func changePassword(ctx context.Context, repo *repository.Repository, gopts GlobalOptions) error {
	pw, err := getNewPassword(gopts)
	if err != nil {
		return err
	}

	id, err := repository.AddKey(ctx, repo, pw, "", "", repo.Key())
	if err != nil {
		return errors.Fatalf("creating new key failed: %v\n", err)
	}
	oldID := repo.KeyName()

	err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)
	if err != nil {
		return err
	}

	h := restic.Handle{Type: restic.KeyFile, Name: oldID}
	err = repo.Backend().Remove(ctx, h)
	if err != nil {
		return err
	}

	Verbosef("saved new key as %s\n", id)

	return nil
}

func switchToNewKeyAndRemoveIfBroken(ctx context.Context, repo *repository.Repository, key *repository.Key, pw string) error {
	// Verify new key to make sure it really works. A broken key can render the
	// whole repository inaccessible
	err := repo.SearchKey(ctx, pw, 0, key.Name())
	if err != nil {
		// the key is invalid, try to remove it
		h := restic.Handle{Type: restic.KeyFile, Name: key.Name()}
		_ = repo.Backend().Remove(ctx, h)
		return errors.Fatalf("failed to access repository with new key: %v", err)
	}
	return nil
}

func runKey(ctx context.Context, gopts GlobalOptions, args []string) error {
	if len(args) < 1 || (args[0] == "remove" && len(args) != 2) || (args[0] != "remove" && len(args) != 1) {
		return errors.Fatal("wrong number of arguments")
	}

	repo, err := OpenRepository(ctx, gopts)
	if err != nil {
		return err
	}

	switch args[0] {
	case "list":
		lock, ctx, err := lockRepo(ctx, repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		return listKeys(ctx, repo, gopts)
	case "add":
		lock, ctx, err := lockRepo(ctx, repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		return addKey(ctx, repo, gopts)
	case "remove":
		lock, ctx, err := lockRepoExclusive(ctx, repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		id, err := restic.Find(ctx, repo.Backend(), restic.KeyFile, args[1])
		if err != nil {
			return err
		}

		return deleteKey(ctx, repo, id)
	case "passwd":
		lock, ctx, err := lockRepoExclusive(ctx, repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		return changePassword(ctx, repo, gopts)
	}

	return nil
}

func loadPasswordFromFile(pwdFile string) (string, error) {
	s, err := ioutil.ReadFile(pwdFile)
	if os.IsNotExist(err) {
		return "", errors.Fatalf("%s does not exist", pwdFile)
	}
	return strings.TrimSpace(string(s)), errors.Wrap(err, "Readfile")
}
Add command "key list" 2014-11-25 21:52:53 +00:00			`package main`

			`import (`
Adapt `key` command to context world. 2017-03-08 19:17:30 +00:00			`"context"`
add JSON output support for restic key list cmd Signed-off-by: Steve Kriss <steve@heptio.com> 2018-06-18 22:20:37 +00:00			`"encoding/json"`
key: Add flag for non-interactive password changes 2018-04-15 00:40:57 +00:00			`"io/ioutil"`
			`"os"`
			`"strings"`
Run goimports 2017-07-23 12:21:03 +00:00
			`"github.com/restic/restic/internal/errors"`
			`"github.com/restic/restic/internal/repository"`
Move restic package to internal/restic 2017-07-24 15:42:25 +00:00			`"github.com/restic/restic/internal/restic"`
Remove old text table implementation 2018-08-19 19:31:53 +00:00			`"github.com/restic/restic/internal/ui/table"`
Adapt `key` command to context world. 2017-03-08 19:17:30 +00:00
			`"github.com/spf13/cobra"`
Add command "key list" 2014-11-25 21:52:53 +00:00			`)`

Use cobra for all commands 2016-09-17 10:36:05 +00:00			`var cmdKey = &cobra.Command{`
Update usage strings to put flags before args The standard UNIX-style ordering of command-line arguments places optional flags before other positional arguments. All of restic's commands support this ordering, but some of the usage strings showed the flags after the positional arguments (which restic also parses just fine). This change updates the doc strings to reflect the standard ordering. Because the `restic help` command comes directly from Cobra, there does not appear to be a way to update the argument ordering in its usage string, so it maintains the non-standard ordering (positional arguments before optional flags). 2020-08-27 03:29:43 +00:00			`Use: "key [flags] [list\|add\|remove\|passwd] [ID]",`
Capitalize short help commands Unify existing Cobra help command, and git-help's style. 2017-09-11 16:32:44 +00:00			`Short: "Manage keys (passwords)",`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			Long: `
Consistently refer to 'the' instead of 'a' repository in help text 2017-02-13 15:05:25 +00:00			`The "key" command manages keys (passwords) for accessing the repository.`
Add documentation on exit status codes to man pages This is step one to start defining useful exit codes for all the commands. 2019-11-05 06:03:38 +00:00
			`EXIT STATUS`
			`===========`

			`Exit status is 0 if the command was successful, and non-zero if there was any error.`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`,
manpage: Remove auto gen tag from man page 2017-08-06 19:02:16 +00:00			`DisableAutoGenTag: true,`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`RunE: func(cmd *cobra.Command, args []string) error {`
pass global context through cobra 2022-10-02 21:24:37 +00:00			`return runKey(cmd.Context(), globalOptions, args)`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`},`
Restructure `cmd/restic`, no functional changes 2015-06-21 11:02:56 +00:00			`}`
Refactor commands 2014-12-07 15:30:52 +00:00
Allow specifying user and host when adding keys The username and hostname for new keys can be specified with the new --user and --host flags, respectively. The flags are used only by the `key add` command and are otherwise ignored. This allows adding keys with for a desired user and host without having to run restic as that particular user on that particular host, making automated key management easier. Co-authored-by: James TD Smith <ahktenzero@mohorovi.cc> 2019-06-26 07:37:08 +00:00			`var (`
			`newPasswordFile string`
			`keyUsername string`
			`keyHostname string`
			`)`
key: Add flag for non-interactive password changes 2018-04-15 00:40:57 +00:00
Move command init into cmd_* files 2014-11-30 21:39:58 +00:00			`func init() {`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`cmdRoot.AddCommand(cmdKey)`
key: Add flag for non-interactive password changes 2018-04-15 00:40:57 +00:00
			`flags := cmdKey.Flags()`
Improve wording for --password-file and related options 2020-09-19 13:47:32 +00:00			flags.StringVarP(&newPasswordFile, "new-password-file", "", "", "`file` from which to read the new password")
Allow specifying user and host when adding keys The username and hostname for new keys can be specified with the new --user and --host flags, respectively. The flags are used only by the `key add` command and are otherwise ignored. This allows adding keys with for a desired user and host without having to run restic as that particular user on that particular host, making automated key management easier. Co-authored-by: James TD Smith <ahktenzero@mohorovi.cc> 2019-06-26 07:37:08 +00:00			`flags.StringVarP(&keyUsername, "user", "", "", "the username for new keys")`
			`flags.StringVarP(&keyHostname, "host", "", "", "the hostname for new keys")`
Move command init into cmd_* files 2014-11-30 21:39:58 +00:00			`}`

add JSON output support for restic key list cmd Signed-off-by: Steve Kriss <steve@heptio.com> 2018-06-18 22:20:37 +00:00			`func listKeys(ctx context.Context, s *repository.Repository, gopts GlobalOptions) error {`
Remove old text table implementation 2018-08-19 19:31:53 +00:00			`type keyInfo struct {`
			Current bool `json:"current"`
			ID string `json:"id"`
			UserName string `json:"userName"`
			HostName string `json:"hostName"`
			Created string `json:"created"`
add JSON output support for restic key list cmd Signed-off-by: Steve Kriss <steve@heptio.com> 2018-06-18 22:20:37 +00:00			`}`

Remove old text table implementation 2018-08-19 19:31:53 +00:00			`var keys []keyInfo`

			`err := s.List(ctx, restic.KeyFile, func(id restic.ID, size int64) error {`
Add context to restic packages 2017-06-04 09:16:55 +00:00			`k, err := repository.LoadKey(ctx, s, id.String())`
Add command "key list" 2014-11-25 21:52:53 +00:00			`if err != nil {`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`Warnf("LoadKey() failed: %v\n", err)`
Fix calls to repo/backend.List() everywhere 2018-01-21 16:25:36 +00:00			`return nil`
Add command "key list" 2014-11-25 21:52:53 +00:00			`}`

add JSON output support for restic key list cmd Signed-off-by: Steve Kriss <steve@heptio.com> 2018-06-18 22:20:37 +00:00			`key := keyInfo{`
			`Current: id.String() == s.KeyName(),`
			`ID: id.Str(),`
			`UserName: k.Username,`
			`HostName: k.Hostname,`
Display local time for all commands 2018-11-02 19:36:15 +00:00			`Created: k.Created.Local().Format(TimeFormat),`
Show currently used key in 'key list' 2014-11-27 22:26:19 +00:00			`}`
add JSON output support for restic key list cmd Signed-off-by: Steve Kriss <steve@heptio.com> 2018-06-18 22:20:37 +00:00
Remove old text table implementation 2018-08-19 19:31:53 +00:00			`keys = append(keys, key)`
Fix calls to repo/backend.List() everywhere 2018-01-21 16:25:36 +00:00			`return nil`
Remove old text table implementation 2018-08-19 19:31:53 +00:00			`})`

			`if err != nil {`
Fix calls to repo/backend.List() everywhere 2018-01-21 16:25:36 +00:00			`return err`
Refactor backends 2015-03-28 10:50:23 +00:00			`}`
Add command "key list" 2014-11-25 21:52:53 +00:00
Remove old text table implementation 2018-08-19 19:31:53 +00:00			`if gopts.JSON {`
			`return json.NewEncoder(globalOptions.stdout).Encode(keys)`
			`}`

			`tab := table.New()`
			`tab.AddColumn(" ID", "{{if .Current}}*{{else}} {{end}}{{ .ID }}")`
			`tab.AddColumn("User", "{{ .UserName }}")`
			`tab.AddColumn("Host", "{{ .HostName }}")`
			`tab.AddColumn("Created", "{{ .Created }}")`

			`for _, key := range keys {`
			`tab.AddRow(key)`
			`}`

			`return tab.Write(globalOptions.stdout)`
Add command "key list" 2014-11-25 21:52:53 +00:00			`}`

Use cobra for all commands 2016-09-17 10:36:05 +00:00			`// testKeyNewPassword is used to set a new password during integration testing.`
			`var testKeyNewPassword string`

			`func getNewPassword(gopts GlobalOptions) (string, error) {`
			`if testKeyNewPassword != "" {`
			`return testKeyNewPassword, nil`
Add command "key add" 2014-11-25 22:07:00 +00:00			`}`

key: Add flag for non-interactive password changes 2018-04-15 00:40:57 +00:00			`if newPasswordFile != "" {`
			`return loadPasswordFromFile(newPasswordFile)`
			`}`

Refactor password resolving. Instead of determining the password lazily during ReadPassword(), do so now in cobra.PersistentPreRunE() so we can store the result in the globalOptions and reuse/override when applicable without having to worry about the environment or flag options interfering. 2017-07-24 21:01:16 +00:00			`// Since we already have an open repository, temporary remove the password`
			`// to prompt the user for the passwd.`
Force restic to ask the password when adding a key. As `restic key add` uses the same `ReadPasswordTwice()` as the rest of restic, it is sensitive to the environment variable RESTIC_PASSWORD or --password-file= override. When asking for the new key, temporary remove these 2 overrides, forcing the password to be asked. 2017-07-24 20:00:44 +00:00			`newopts := gopts`
			`newopts.password = ""`

			`return ReadPasswordTwice(newopts,`
Update key password prompt (#2847) 2020-08-19 19:42:08 +00:00			`"enter new password: ",`
Add integration test for key handling 2015-06-21 13:01:52 +00:00			`"enter password again: ")`
Refactor configuration of cache dir and repository 2015-05-09 19:50:10 +00:00			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`func addKey(ctx context.Context, repo *repository.Repository, gopts GlobalOptions) error {`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`pw, err := getNewPassword(gopts)`
Add option to read the password from a file 2016-09-12 12:08:51 +00:00			`if err != nil {`
			`return err`
			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`id, err := repository.AddKey(ctx, repo, pw, keyUsername, keyHostname, repo.Key())`
Add command "key add" 2014-11-25 22:07:00 +00:00			`if err != nil {`
Create package restic/errors 2016-09-01 20:17:37 +00:00			`return errors.Fatalf("creating new key failed: %v\n", err)`
Add command "key add" 2014-11-25 22:07:00 +00:00			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)`
key: Check that a new key file actually works 2020-09-19 22:37:58 +00:00			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 10:36:05 +00:00			`Verbosef("saved new key as %s\n", id)`
Add command "key add" 2014-11-25 22:07:00 +00:00
			`return nil`
			`}`

use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 12:02:55 +00:00			`func deleteKey(ctx context.Context, repo *repository.Repository, name string) error {`
Rename variables 2015-05-09 11:32:52 +00:00			`if name == repo.KeyName() {`
Create package restic/errors 2016-09-01 20:17:37 +00:00			`return errors.Fatal("refusing to remove key currently used to access repository")`
Add command "key rm" 2014-11-25 22:18:02 +00:00			`}`

Normalise the backend API This makes the following changes, before: type backend interface { // Test a boolean value whether a File with the name and type exists. Test(t FileType, name string) (bool, error) // Remove removes a File with type t and name. Remove(t FileType, name string) error } After: type backend interface { // Test a boolean value whether a File with the name and type exists. Test(h Handle) (bool, error) // Remove removes a File with type t and name. Remove(h Handle) error } 2017-01-25 16:48:35 +00:00			`h := restic.Handle{Type: restic.KeyFile, Name: name}`
use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 12:02:55 +00:00			`err := repo.Backend().Remove(ctx, h)`
Add command "key rm" 2014-11-25 22:18:02 +00:00			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 10:36:05 +00:00			`Verbosef("removed key %v\n", name)`
Add command "key rm" 2014-11-25 22:18:02 +00:00			`return nil`
			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`func changePassword(ctx context.Context, repo *repository.Repository, gopts GlobalOptions) error {`
Use cobra for all commands 2016-09-17 10:36:05 +00:00			`pw, err := getNewPassword(gopts)`
Add option to read the password from a file 2016-09-12 12:08:51 +00:00			`if err != nil {`
			`return err`
			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`id, err := repository.AddKey(ctx, repo, pw, "", "", repo.Key())`
Add command "key change" to change repository password 2014-11-25 22:23:09 +00:00			`if err != nil {`
Create package restic/errors 2016-09-01 20:17:37 +00:00			`return errors.Fatalf("creating new key failed: %v\n", err)`
Add command "key change" to change repository password 2014-11-25 22:23:09 +00:00			`}`
key: Check that a new key file actually works 2020-09-19 22:37:58 +00:00			`oldID := repo.KeyName()`
Add command "key change" to change repository password 2014-11-25 22:23:09 +00:00
key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)`
key: Check that a new key file actually works 2020-09-19 22:37:58 +00:00			`if err != nil {`
			`return err`
			`}`

			`h := restic.Handle{Type: restic.KeyFile, Name: oldID}`
key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`err = repo.Backend().Remove(ctx, h)`
Add command "key change" to change repository password 2014-11-25 22:23:09 +00:00			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 10:36:05 +00:00			`Verbosef("saved new key as %s\n", id)`
Add command "key change" to change repository password 2014-11-25 22:23:09 +00:00
			`return nil`
			`}`

key: Check that a new key file actually works 2020-09-19 22:37:58 +00:00			`func switchToNewKeyAndRemoveIfBroken(ctx context.Context, repo repository.Repository, key repository.Key, pw string) error {`
			`// Verify new key to make sure it really works. A broken key can render the`
			`// whole repository inaccessible`
			`err := repo.SearchKey(ctx, pw, 0, key.Name())`
			`if err != nil {`
			`// the key is invalid, try to remove it`
			`h := restic.Handle{Type: restic.KeyFile, Name: key.Name()}`
			`_ = repo.Backend().Remove(ctx, h)`
			`return errors.Fatalf("failed to access repository with new key: %v", err)`
			`}`
			`return nil`
			`}`

Remove ctx from globalOptions Previously the global context was either accessed via gopts.ctx, stored in a local variable and then used within that function or sometimes both. This makes it very hard to follow which ctx or a wrapped version of it reaches which method. Thus just drop the context from the globalOptions struct and pass it explicitly to every command line handler method. 2021-10-31 22:08:13 +00:00			`func runKey(ctx context.Context, gopts GlobalOptions, args []string) error {`
Change key rm command to key remove Change key rm command to key remove, to follow manual and other commands 2017-08-17 14:03:26 +00:00			`if len(args) < 1 \|\| (args[0] == "remove" && len(args) != 2) \|\| (args[0] != "remove" && len(args) != 1) {`
Use non-formatting functions of errors for strings Commands used: $ gofmt -w -r 'errors.Fatalf(x) -> errors.Fatal(x)' src $ gofmt -w -r 'errors.Errorf(x) -> errors.New(x)' src Closes #789 2017-02-10 18:39:49 +00:00			`return errors.Fatal("wrong number of arguments")`
Refactor commands 2014-12-07 15:30:52 +00:00			`}`

Remove ctx from globalOptions Previously the global context was either accessed via gopts.ctx, stored in a local variable and then used within that function or sometimes both. This makes it very hard to follow which ctx or a wrapped version of it reaches which method. Thus just drop the context from the globalOptions struct and pass it explicitly to every command line handler method. 2021-10-31 22:08:13 +00:00			`repo, err := OpenRepository(ctx, gopts)`
Refactor commands 2014-12-07 15:30:52 +00:00			`if err != nil {`
			`return err`
Add command "key list" 2014-11-25 21:52:53 +00:00			`}`

			`switch args[0] {`
			`case "list":`
Prepare for context bound to lock lifetime 2021-10-31 22:19:27 +00:00			`lock, ctx, err := lockRepo(ctx, repo)`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 13:06:41 +00:00			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

add JSON output support for restic key list cmd Signed-off-by: Steve Kriss <steve@heptio.com> 2018-06-18 22:20:37 +00:00			`return listKeys(ctx, repo, gopts)`
Add command "key add" 2014-11-25 22:07:00 +00:00			`case "add":`
Prepare for context bound to lock lifetime 2021-10-31 22:19:27 +00:00			`lock, ctx, err := lockRepo(ctx, repo)`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 13:06:41 +00:00			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`return addKey(ctx, repo, gopts)`
Change key rm command to key remove Change key rm command to key remove, to follow manual and other commands 2017-08-17 14:03:26 +00:00			`case "remove":`
Prepare for context bound to lock lifetime 2021-10-31 22:19:27 +00:00			`lock, ctx, err := lockRepoExclusive(ctx, repo)`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 13:06:41 +00:00			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

pass context to Find / FindSnapshot This allows proper interruption of restic while it searches for snapshots or key files. 2020-04-10 09:31:32 +00:00			`id, err := restic.Find(ctx, repo.Backend(), restic.KeyFile, args[1])`
Add command "key rm" 2014-11-25 22:18:02 +00:00			`if err != nil {`
			`return err`
			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`return deleteKey(ctx, repo, id)`
rename "change" to "passwd" 2015-04-25 06:42:52 +00:00			`case "passwd":`
Prepare for context bound to lock lifetime 2021-10-31 22:19:27 +00:00			`lock, ctx, err := lockRepoExclusive(ctx, repo)`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 13:06:41 +00:00			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

key: Cleanup method signatures 2021-10-31 22:01:47 +00:00			`return changePassword(ctx, repo, gopts)`
Add command "key list" 2014-11-25 21:52:53 +00:00			`}`

			`return nil`
			`}`
key: Add flag for non-interactive password changes 2018-04-15 00:40:57 +00:00
			`func loadPasswordFromFile(pwdFile string) (string, error) {`
			`s, err := ioutil.ReadFile(pwdFile)`
			`if os.IsNotExist(err) {`
			`return "", errors.Fatalf("%s does not exist", pwdFile)`
			`}`
			`return strings.TrimSpace(string(s)), errors.Wrap(err, "Readfile")`
			`}`