Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow empty password #4698

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Allow empty password #4698

wants to merge 3 commits into from

Conversation

doak
Copy link

@doak doak commented Feb 12, 2024
edited

What does this PR change? What problem does it solve?

It adds basic support for empty passwords and may be a solution for #4326.
This is just a PoC, I haven't ever written a single Go line before.

Subcommands init and key add|passwd now support the flag --insecure-password which disables the check for an empty password. restic warns about it, though.
Support for RESTIC_PASSWORD_FILE and coresponding CLI option has been added as well. You may user either an empty file or just /dev/null.

Was the change previously discussed in an issue or on the forum?

Not sure if it really fulfils (all of) the aims of #4326, but it may be a starting point.

Checklist

Nothing relevant is checked yet. This is just a prof of concept (for now). If there is a future for this, I am happy to do it right.
It have been tested only manually. Works on my machine™. ;)

  • I have read the contribution guidelines.
  • I have enabled maintainer edits.
  • I have added tests for all code changes.
  • I have added documentation for relevant changes (in the manual).
  • There's a new file in changelog/unreleased/ that describes the changes for our users (see template).
  • I have run gofmt on the code in all commits.
  • All commit messages are formatted in the same style as the other commits in the repo. (no, it is better ;))
  • I'm done! This pull request is ready for review.

doak added 2 commits February 12, 2024 01:22
Support to use an empty password if really desired
060d8ee 
Subcommands `init` and `key add|passwd` now support the flag
`--insecure-password` which disables the check for an empty password.
`restic` warns about it, though.
Support for `RESTIC_PASSWORD_FILE` and coresponding CLI option has been
added as well. You may user either an empty file or just `/dev/null`.

Basic support for Bash completion is there. But I am unsure if I got the
semantic right. Haven't done something like this before. It lacks
support for other shells.

Internal the empty password is represented by an arbitrary, non-valid
UTF-8 byte sequence (`0xff`) to allow to distinguish between not yet
loaded and empty password.
See https://stackoverflow.com/a/30741287.

This is just a PoC, I haven't ever written a single Go line before.
Also add completion for restic key list|remove
66e7b0f
@MichaelEischer
Copy link
Member

Let's first discuss in #4326 what the expected behavior is before starting to implement it.

--insecure-password is an option name is somewhat misleading as it suggests that restic previously disallowed weak passwords, whereas only empty passwords were blocked.

@doak
Copy link
Author

doak commented Feb 12, 2024
edited

Yes, --allow-empty-password is probably a better fit. The longer – the better. ;)

[…] before starting to implement it.

Its not bad to have something to feel/show imho.
(Having that said, I don't have much use case for this by myself. Just felt it makes sense to some degree and is small enough to jump right into it.)

squash! Support to use an empty password if really desired
92d1c11 
Support to use an empty password if really desired

Subcommands `init` and `key add|passwd` now support the flag
`--allow-empty-password` which disables the check for an empty password.
`restic` warns about it, though.
Support for `RESTIC_PASSWORD_FILE` and coresponding CLI option has been
added as well. You may user either an empty file or just `/dev/null`.

Basic support for Bash completion is there. But I am unsure if I got the
semantic right. Haven't done something like this before. It lacks
support for other shells.

Internal the empty password is represented by an arbitrary, non-valid
UTF-8 byte sequence (`0xff`) to allow to distinguish between not yet
loaded and empty password.
See https://stackoverflow.com/a/30741287.

This is just a PoC, I haven't ever written a single Go line before.
@MichaelEischer
Copy link
Member

@doak are you interested in implementing the design from #4326 or should we close the PR?

@doak
Copy link
Author

doak commented Feb 27, 2024

Since I already had a look into the code, I will do. I will kindly ask you to refine it afterwards, though: I have not written any Go expect this few lines.

@MichaelEischer
Copy link
Member

I will kindly ask you to refine it afterwards, though: I have not written any Go expect this few lines.

Sure, thanks for helping with this feature :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@doak @MichaelEischer