squash! Support to use an empty password if really desired

Support to use an empty password if really desired

Subcommands `init` and `key add|passwd` now support the flag
`--allow-empty-password` which disables the check for an empty password.
`restic` warns about it, though.
Support for `RESTIC_PASSWORD_FILE` and coresponding CLI option has been
added as well. You may user either an empty file or just `/dev/null`.

Basic support for Bash completion is there. But I am unsure if I got the
semantic right. Haven't done something like this before. It lacks
support for other shells.

Internal the empty password is represented by an arbitrary, non-valid
UTF-8 byte sequence (`0xff`) to allow to distinguish between not yet
loaded and empty password.
See https://stackoverflow.com/a/30741287.

This is just a PoC, I haven't ever written a single Go line before.

cmd/restic/cmd_init.go

@@ -36,7 +36,7 @@ type InitOptions struct {
 	secondaryRepoOptions
 	CopyChunkerParameters bool
 	RepositoryVersion     string
-	InsecurePassword      bool
+	AllowEmptyPassword    bool
 }
 
 var initOptions InitOptions
@@ -48,7 +48,7 @@ func init() {
 	initSecondaryRepoOptions(f, &initOptions.secondaryRepoOptions, "secondary", "to copy chunker parameters from")
 	f.BoolVar(&initOptions.CopyChunkerParameters, "copy-chunker-params", false, "copy chunker parameters from the secondary repository (useful with the copy command)")
 	f.StringVar(&initOptions.RepositoryVersion, "repository-version", "stable", "repository format version to use, allowed values are a format version, 'latest' and 'stable'")
-	f.BoolVar(&initOptions.InsecurePassword, "insecure-password", false, "allow an empty password (feel beeing warned)")
+	f.BoolVar(&initOptions.AllowEmptyPassword, "allow-empty-password", false, "allow an empty password (feel beeing warned)")
 }
 
 func runInit(ctx context.Context, opts InitOptions, gopts GlobalOptions, args []string) error {
@@ -85,7 +85,7 @@ func runInit(ctx context.Context, opts InitOptions, gopts GlobalOptions, args []
 	gopts.password, err = ReadPasswordTwice(gopts,
 		"enter password for new repository: ",
 		"enter password again: ",
-		opts.InsecurePassword)
+		opts.AllowEmptyPassword)
 	if err != nil {
 		return err
 	}

cmd/restic/cmd_key_add.go

@@ -30,7 +30,7 @@ Exit status is 0 if the command is successful, and non-zero if there was any err
 
 type KeyAddOptions struct {
 	NewPasswordFile    string
-	InsecurePassword	bool
+	AllowEmptyPassword bool
 	Username           string
 	Hostname           string
 }
@@ -42,7 +42,7 @@ func init() {
 
 	flags := cmdKeyAdd.Flags()
 	flags.StringVarP(&keyAddOpts.NewPasswordFile, "new-password-file", "", "", "`file` from which to read the new password")
-	flags.BoolVar(&keyAddOpts.InsecurePassword, "insecure-password", false, "allow an empty password (feel beeing warned)")
+	flags.BoolVar(&keyAddOpts.AllowEmptyPassword, "allow-empty-password", false, "allow an empty password (feel beeing warned)")
 	flags.StringVarP(&keyAddOpts.Username, "user", "", "", "the username for new key")
 	flags.StringVarP(&keyAddOpts.Hostname, "host", "", "", "the hostname for new key")
 }
@@ -67,7 +67,7 @@ func runKeyAdd(ctx context.Context, gopts GlobalOptions, opts KeyAddOptions, arg
 }
 
 func addKey(ctx context.Context, repo *repository.Repository, gopts GlobalOptions, opts KeyAddOptions) error {
-	pw, err := getNewPassword(gopts, opts.NewPasswordFile, opts.InsecurePassword)
+	pw, err := getNewPassword(gopts, opts.NewPasswordFile, opts.AllowEmptyPassword)
 	if err != nil {
 		return err
 	}
@@ -90,7 +90,7 @@ func addKey(ctx context.Context, repo *repository.Repository, gopts GlobalOption
 // testKeyNewPassword is used to set a new password during integration testing.
 var testKeyNewPassword string
 
-func getNewPassword(gopts GlobalOptions, newPasswordFile string, allowInsecurePassword bool) (string, error) {
+func getNewPassword(gopts GlobalOptions, newPasswordFile string, allowAllowEmptyPassword bool) (string, error) {
 	if testKeyNewPassword != "" {
 		return testKeyNewPassword, nil
 	}
@@ -107,7 +107,7 @@ func getNewPassword(gopts GlobalOptions, newPasswordFile string, allowInsecurePa
 	return ReadPasswordTwice(newopts,
 		"enter new password: ",
 		"enter password again: ",
-		allowInsecurePassword)
+		allowAllowEmptyPassword)
 }
 
 func loadPasswordFromFile(pwdFile string) (string, error) {

cmd/restic/cmd_key_passwd.go

@@ -38,7 +38,7 @@ func init() {
 
 	flags := cmdKeyPasswd.Flags()
 	flags.StringVarP(&keyPasswdOpts.NewPasswordFile, "new-password-file", "", "", "`file` from which to read the new password")
-	flags.BoolVar(&keyPasswdOpts.InsecurePassword, "insecure-password", false, "allow an empty password (feel beeing warned)")
+	flags.BoolVar(&keyPasswdOpts.AllowEmptyPassword, "allow-empty-password", false, "allow an empty password (feel beeing warned)")
 	flags.StringVarP(&keyPasswdOpts.Username, "user", "", "", "the username for new key")
 	flags.StringVarP(&keyPasswdOpts.Hostname, "host", "", "", "the hostname for new key")
 }
@@ -63,7 +63,7 @@ func runKeyPasswd(ctx context.Context, gopts GlobalOptions, opts KeyPasswdOption
 }
 
 func changePassword(ctx context.Context, repo *repository.Repository, gopts GlobalOptions, opts KeyPasswdOptions) error {
-	pw, err := getNewPassword(gopts, opts.NewPasswordFile, opts.InsecurePassword)
+	pw, err := getNewPassword(gopts, opts.NewPasswordFile, opts.AllowEmptyPassword)
 	if err != nil {
 		return err
 	}

cmd/restic/global.go

@@ -356,7 +356,7 @@ const emptyPassword = "\xff"
 
 // ReadPassword reads the password from a password file, the environment
 // variable RESTIC_PASSWORD or prompts the user.
-func ReadPassword(opts GlobalOptions, prompt string, allowInsecurePassword bool) (string, error) {
+func ReadPassword(opts GlobalOptions, prompt string, allowAllowEmptyPassword bool) (string, error) {
 	if opts.password != "" {
 		return opts.password, nil
 	}
@@ -378,7 +378,7 @@ func ReadPassword(opts GlobalOptions, prompt string, allowInsecurePassword bool)
 	}
 
 	if len(password) == 0 {
-		if allowInsecurePassword {
+		if allowAllowEmptyPassword {
 			Warnf("using an empty password is bad security practice\n")
 			return emptyPassword, nil
 		} else {
@@ -391,13 +391,13 @@ func ReadPassword(opts GlobalOptions, prompt string, allowInsecurePassword bool)
 
 // ReadPasswordTwice calls ReadPassword two times and returns an error when the
 // passwords don't match.
-func ReadPasswordTwice(gopts GlobalOptions, prompt1, prompt2 string, allowInsecurePassword bool) (string, error) {
+func ReadPasswordTwice(gopts GlobalOptions, prompt1, prompt2 string, allowAllowEmptyPassword bool) (string, error) {
-	pw1, err := ReadPassword(gopts, prompt1, allowInsecurePassword)
+	pw1, err := ReadPassword(gopts, prompt1, allowAllowEmptyPassword)
 	if err != nil {
 		return "", err
 	}
 	if stdinIsTerminal() {
-		pw2, err := ReadPassword(gopts, prompt2, allowInsecurePassword)
+		pw2, err := ReadPassword(gopts, prompt2, allowAllowEmptyPassword)
 		if err != nil {
 			return "", err
 		}

doc/bash-completion.sh

@@ -1442,7 +1442,7 @@ _restic_init()
     two_word_flags+=("--from-password-file")
     local_nonpersistent_flags+=("--from-password-file")
     local_nonpersistent_flags+=("--from-password-file=")
-    flags+=("--insecure-password")
+    flags+=("--allow-empty-password")
     flags+=("--from-repo=")
     two_word_flags+=("--from-repo")
     local_nonpersistent_flags+=("--from-repo")
@@ -1598,7 +1598,7 @@ _restic_key_add()
     flags_with_completion=()
     flags_completion=()
 
-    flags+=("--insecure-password")
+    flags+=("--allow-empty-password")
 
     must_have_one_flag=()
     must_have_one_noun=()
@@ -1632,7 +1632,7 @@ _restic_key_passwd()
     flags_with_completion=()
     flags_completion=()
 
-    flags+=("--insecure-password")
+    flags+=("--allow-empty-password")
 
     must_have_one_flag=()
     must_have_one_noun=()