From d0b0245edbb2f6ed8285358d83b98f3334bf1b12 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Fri, 9 Apr 2021 11:54:19 +0300 Subject: feat: add "obnam init" subcommand This reads a passphrase and derives two passwords from that, and stores them next to the configuration file. The passwords aren't yet used for anything, that will come later. --- obnam.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'obnam.md') diff --git a/obnam.md b/obnam.md index 959415d..7e07c50 100644 --- a/obnam.md +++ b/obnam.md @@ -1118,6 +1118,7 @@ then stdout, as JSON, matches file config.json roots: [live] server_url: https://backup.example.com verify_tls_cert: true +encrypt: false ~~~ @@ -1531,11 +1532,40 @@ Verify that trying to backup without having set a passphrase fails with an error message that clearly identifies the lack of a passphrase. +~~~scenario +given an installed obnam +and a running chunk server +and a client config based on encryption.yaml +and a file live/data.dat containing some random data +and a manifest of the directory live in live.yaml +when I try to run obnam --config encryption.yaml backup +then command fails +then stderr contains "obnam init" +~~~ + +~~~{#encryption.yaml .file .yaml .numberLines} +verify_tls_cert: false +roots: [live] +encrypt: true +~~~ + ## A passphrase can be set Set a passphrase. Verify that it's stored in a file that is only readable by it owner. Verify that a backup can be made. +~~~scenario +given an installed obnam +and a running chunk server +and a client config based on encryption.yaml +and a file live/data.dat containing some random data +and a manifest of the directory live in live.yaml +when I run obnam --config encryption.yaml init --insecure-passphrase=hunter2 +then file passwords.yaml exists +then file passwords.yaml is only readable by owner +then file passwords.yaml does not contain "hunter2" +~~~ + ## A passphrase stored insecurely is rejected Verify that a backup fails if the file where the passphrase is stored -- cgit v1.2.1