I changed my mind. I did talk with jsing and deraadt about the bioctl follow on but haven't gotten to it yet.
On Tue, Nov 30, 2010 at 11:20:53AM -0500, Ted Unangst wrote: > err, the last time this came up you said you would do it right... :) > > http://marc.info/?l=openbsd-misc&m=125613898224309&w=2 > > On Tue, Nov 30, 2010 at 5:16 AM, Marco Peereboom <sl...@peereboom.us> wrote: > > I like this. > > > > On Mon, Nov 29, 2010 at 02:22:35PM -0800, Chris Kuethe wrote: > >> Currently bioctl invokes readpassphrase(3) with RPP_REQUIRE_TTY, which > >> means that there must be a controlling tty to read the password from. > >> This diff adds an option (-s) to force bioctl to read the passphrase > >> from stdin. Without this option existing behavior is maintained. > >> > >> Index: bioctl.8 > >> =================================================================== > >> RCS file: /cvs/src/sbin/bioctl/bioctl.8,v > >> retrieving revision 1.82 > >> diff -u -p -r1.82 bioctl.8 > >> --- bioctl.8 20 Nov 2010 17:46:24 -0000 1.82 > >> +++ bioctl.8 29 Nov 2010 22:17:03 -0000 > >> @@ -43,7 +43,7 @@ > >> .Pp > >> .Nm bioctl > >> .Bk -words > >> -.Op Fl dhiPqv > >> +.Op Fl dhiPqsv > >> .Op Fl C Ar flag[,flag,...] > >> .Op Fl c Ar raidlevel > >> .Op Fl k Ar keydisk > >> @@ -235,6 +235,11 @@ the PBKDF2 algorithm used to convert a p > >> Higher iteration counts take more time, but offer more resistance to key > >> guessing attacks. > >> The minimum is 1000 rounds and the default is 8192. > >> +.It Fl s > >> +Read the passphrase for the selected crypto volume from > >> +.Pa /dev/stdin > >> +rather than > >> +.Pa /dev/tty . > >> .El > >> .Sh EXAMPLES > >> The following command, executed from the command line, would configure > >> Index: bioctl.c > >> =================================================================== > >> RCS file: /cvs/src/sbin/bioctl/bioctl.c,v > >> retrieving revision 1.97 > >> diff -u -p -r1.97 bioctl.c > >> --- bioctl.c 10 Jul 2010 02:56:16 -0000 1.97 > >> +++ bioctl.c 29 Nov 2010 22:17:03 -0000 > >> @@ -86,6 +86,7 @@ int rflag = 8192; > >> char *password; > >> > >> struct bio_locate bl; > >> +int rpp_flag = RPP_REQUIRE_TTY; > >> > >> int > >> main(int argc, char *argv[]) > >> @@ -106,7 +107,7 @@ main(int argc, char *argv[]) > >> if (argc < 2) > >> usage(); > >> > >> - while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) != > >> + while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:svu:")) != > >> -1) { > >> switch (ch) { > >> case 'a': /* alarm */ > >> @@ -174,6 +175,9 @@ main(int argc, char *argv[]) > >> ss_func = BIOC_SSREBUILD; > >> al_arg = optarg; > >> break; > >> + case 's': > >> + rpp_flag = RPP_STDIN; > >> + break; > >> case 'v': > >> verbose = 1; > >> break; > >> @@ -252,12 +256,12 @@ usage(void) > >> "[-R device | channel:target[.lun]\n" > >> "\t[-u channel:target[.lun]] " > >> "device\n" > >> - " %s [-dhiPqv] " > >> - "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n" > >> - "\t[-l special[,special,...]] [-p passfile]\n" > >> - "\t[-R device | channel:target[.lun] [-r rounds] " > >> + " %s [-dhiPqsv] " > >> + "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n" > >> + "\t[-l special[,special,...]] [-p passfile]\n" > >> + "\t[-R device | channel:target[.lun] [-r rounds] " > >> "device\n", __progname, __progname); > >> - > >> + > >> exit(1); > >> } > >> > >> @@ -1070,14 +1074,14 @@ derive_key_pkcs(int rounds, u_int8_t *ke > >> fclose(f); > >> } else { > >> if (readpassphrase(prompt, passphrase, sizeof(passphrase), > >> - RPP_REQUIRE_TTY) == NULL) > >> + rpp_flag) == NULL) > >> errx(1, "unable to read passphrase"); > >> } > >> > >> if (verify) { > >> /* request user to re-type it */ > >> if (readpassphrase("Re-type passphrase: ", verifybuf, > >> - sizeof(verifybuf), RPP_REQUIRE_TTY) == NULL) { > >> + sizeof(verifybuf), rpp_flag) == NULL) { > >> memset(passphrase, 0, sizeof(passphrase)); > >> errx(1, "unable to read passphrase"); > >> } > >> > >> -- > >> GDB has a 'break' feature; why doesn't it have 'fix' too?