Currently bioctl invokes readpassphrase(3) with RPP_REQUIRE_TTY, which
means that there must be a controlling tty to read the password from.
This diff adds an option (-s) to force bioctl to read the passphrase
from stdin. Without this option existing behavior is maintained.

Index: bioctl.8
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.8,v
retrieving revision 1.82
diff -u -p -r1.82 bioctl.8
--- bioctl.8	20 Nov 2010 17:46:24 -0000	1.82
+++ bioctl.8	29 Nov 2010 22:17:03 -0000
@@ -43,7 +43,7 @@
 .Pp
 .Nm bioctl
 .Bk -words
-.Op Fl dhiPqv
+.Op Fl dhiPqsv
 .Op Fl C Ar flag[,flag,...]
 .Op Fl c Ar raidlevel
 .Op Fl k Ar keydisk
@@ -235,6 +235,11 @@ the PBKDF2 algorithm used to convert a p
 Higher iteration counts take more time, but offer more resistance to key
 guessing attacks.
 The minimum is 1000 rounds and the default is 8192.
+.It Fl s
+Read the passphrase for the selected crypto volume from
+.Pa /dev/stdin
+rather than
+.Pa /dev/tty .
 .El
 .Sh EXAMPLES
 The following command, executed from the command line, would configure
Index: bioctl.c
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.97
diff -u -p -r1.97 bioctl.c
--- bioctl.c	10 Jul 2010 02:56:16 -0000	1.97
+++ bioctl.c	29 Nov 2010 22:17:03 -0000
@@ -86,6 +86,7 @@ int			rflag = 8192;
 char			*password;

 struct bio_locate	bl;
+int rpp_flag = RPP_REQUIRE_TTY;

 int
 main(int argc, char *argv[])
@@ -106,7 +107,7 @@ main(int argc, char *argv[])
 	if (argc < 2)
 		usage();

-	while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
+	while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:svu:")) !=
 	    -1) {
 		switch (ch) {
 		case 'a': /* alarm */
@@ -174,6 +175,9 @@ main(int argc, char *argv[])
 			ss_func = BIOC_SSREBUILD;
 			al_arg = optarg;
 			break;
+		case 's':
+			rpp_flag = RPP_STDIN;
+			break;
 		case 'v':
 			verbose = 1;
 ...
[ message continues ]

As I recall, last time someone wanted such functionality (perhaps for
vnconfig?), the response was "this makes doing stupid things too easy,
and you should use -k if you want to mount without typing a passphrase".
(Presumably because a keydisk has better entropy than a passphrase.)

In short, what's the use?


[ message continues ]

On Tue, Nov 30, 2010 at 12:51 AM, Joachim Schipper

Network unlocks. I don't want to have to wander over to my colo
facility after every reboot, and plug in a disk every time, and I also
don't want to have to log in and run bioctl by hand for every volume.



-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[ message continues ]

I like this.


[ message continues ]

err, the last time this came up you said you would do it right... :)

http://marc.info/?l=openbsd-misc&m=125613898224309&w=2


[ message continues ]

I changed my mind.  I did talk with jsing and deraadt about the bioctl
follow on but haven't gotten to it yet.


[ message continues ]

Hello,

little improvement of bioctl(8), when using stdin it cannot be used
for inital creation of the crypt volume. (there's same info for passfile.)

jirib

Index: bioctl.8
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.8,v
retrieving revision 1.83
diff -u -p -r1.83 bioctl.8
--- bioctl.8	1 Dec 2010 19:40:18 -0000	1.83
+++ bioctl.8	21 Dec 2010 13:20:39 -0000
@@ -240,6 +240,7 @@ Read the passphrase for the selected cry
 .Pa /dev/stdin
 rather than
 .Pa /dev/tty .
+It cannot be used during the initial creation of the crypto volume.
 .El
 .Sh EXAMPLES
 The following command, executed from the command line, would configure

[ message continues ]

i think this is reasonable, though i'd maybe change the "It" to "This
option" (both here and -p).

anyone else agree?

[ message continues ]

Yes. I agree.


[ message continues ]

fixed, thanks.

[ message continues ]