fish: '-i' option automatically handles whole-disk encryption.

This feature is also available in guestmount because of the
shared option parsing code.

You don't need to do anything to enable it, just using -i
will attempt decryption of encrypted partitions.

Only works for simple Fedora whole-disk encryption.  It's a
work-in-progress to make it work for other types of encryption.

3 files changed, 24 insertions, 2 deletions

diff --git a/fuse/Makefile.am b/fuse/Makefile.am
index f6f662aa..ab635844 100644
--- a/fuse/Makefile.am
+++ b/fuse/Makefile.am
@@ -27,6 +27,7 @@ bin_PROGRAMS = guestmount
 # between guestfish and guestmount.
 SHARED_SOURCE_FILES = \
 	../fish/inspect.c \
+	../fish/keys.c \
 	../fish/options.h \
 	../fish/options.c \
 	../fish/virt.c
diff --git a/fuse/guestmount.c b/fuse/guestmount.c
index a32da6be..55b71d77 100644
--- a/fuse/guestmount.c
+++ b/fuse/guestmount.c
@@ -61,6 +61,8 @@ guestfs_h *g = NULL;
 int read_only = 0;
 int verbose = 0;
 int inspector = 0;
+int keys_from_stdin = 0;
+int echo_keys = 0;
 const char *libvirt_uri;
 int dir_cache_timeout = 60;
 
@@ -850,10 +852,12 @@ usage (int status)
              "  -c|--connect uri     Specify libvirt URI for -d option\n"
              "  --dir-cache-timeout  Set readdir cache timeout (default 5 sec)\n"
              "  -d|--domain guest    Add disks from libvirt guest\n"
+             "  --echo-keys          Don't turn off echo for passphrases\n"
              "  --format[=raw|..]    Force disk format for -a option\n"
              "  --fuse-help          Display extra FUSE options\n"
              "  -i|--inspector       Automatically mount filesystems\n"
              "  --help               Display help message and exit\n"
+             "  --keys-from-stdin    Read passphrases from stdin\n"
              "  -m|--mount dev[:mnt] Mount dev on mnt (if omitted, /)\n"
              "  -n|--no-sync         Don't autosync\n"
              "  -o|--option opt      Pass extra option to FUSE\n"
@@ -886,10 +890,12 @@ main (int argc, char *argv[])
     { "connect", 1, 0, 'c' },
     { "dir-cache-timeout", 1, 0, 0 },
     { "domain", 1, 0, 'd' },
+    { "echo-keys", 0, 0, 0 },
     { "format", 2, 0, 0 },
     { "fuse-help", 0, 0, 0 },
     { "help", 0, 0, HELP_OPTION },
     { "inspector", 0, 0, 'i' },
+    { "keys-from-stdin", 0, 0, 0 },
     { "mount", 1, 0, 'm' },
     { "no-sync", 0, 0, 'n' },
     { "option", 1, 0, 'o' },
@@ -985,8 +991,11 @@ main (int argc, char *argv[])
           format = NULL;
         else
           format = optarg;
-      }
-      else {
+      } else if (STREQ (long_options[option_index].name, "keys-from-stdin")) {
+        keys_from_stdin = 1;
+      } else if (STREQ (long_options[option_index].name, "echo-keys")) {
+        echo_keys = 1;
+      } else {
         fprintf (stderr, _("%s: unknown long option: %s (%d)\n"),
                  program_name, long_options[option_index].name, option_index);
         exit (EXIT_FAILURE);
diff --git a/fuse/guestmount.pod b/fuse/guestmount.pod
index afa1478b..4ddea5fd 100644
--- a/fuse/guestmount.pod
+++ b/fuse/guestmount.pod
@@ -105,6 +105,13 @@ There is also a different attribute cache implemented by FUSE
 (see the FUSE option I<-o attr_timeout>), but the FUSE cache
 does not anticipate future requests, only cache existing ones.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, guestfish normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format=raw|qcow2|..> | B<--format>
 
 The default for the I<-a> option is to auto-detect the format of the
@@ -131,6 +138,11 @@ Using L<virt-inspector(1)> code, inspect the disks looking for
 an operating system and mount filesystems as they would be
 mounted on the real virtual machine.
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening C</dev/tty>.
+
 =item B<-m dev[:mnt]> | B<--mount dev[:mnt]>
 
 Mount the named partition or logical volume on the given mountpoint