Merge pull request #4648 from MichaelEischer/repository-removekey

repository: Introduce RemoveKey function
restic · Jan 27, 2024 · 724ec17 · 724ec17
2 parents 25ac154 + c13bf0b
commit 724ec17
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 10 deletions.
diff --git a/cmd/restic/cmd_key.go b/cmd/restic/cmd_key.go
@@ -7,7 +7,6 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/restic/restic/internal/backend"
 	"github.com/restic/restic/internal/errors"
 	"github.com/restic/restic/internal/repository"
 	"github.com/restic/restic/internal/restic"
@@ -152,8 +151,7 @@ func deleteKey(ctx context.Context, repo *repository.Repository, id restic.ID) e
 		return errors.Fatal("refusing to remove key currently used to access repository")
 	}
 
-	h := backend.Handle{Type: restic.KeyFile, Name: id.String()}
-	err := repo.Backend().Remove(ctx, h)
+	err := repository.RemoveKey(ctx, repo, id)
 	if err != nil {
 		return err
 	}
@@ -179,8 +177,7 @@ func changePassword(ctx context.Context, repo *repository.Repository, gopts Glob
 		return err
 	}
 
-	h := backend.Handle{Type: restic.KeyFile, Name: oldID.String()}
-	err = repo.Backend().Remove(ctx, h)
+	err = repository.RemoveKey(ctx, repo, oldID)
 	if err != nil {
 		return err
 	}
@@ -196,8 +193,7 @@ func switchToNewKeyAndRemoveIfBroken(ctx context.Context, repo *repository.Repos
 	err := repo.SearchKey(ctx, pw, 0, key.ID().String())
 	if err != nil {
 		// the key is invalid, try to remove it
-		h := backend.Handle{Type: restic.KeyFile, Name: key.ID().String()}
-		_ = repo.Backend().Remove(ctx, h)
+		_ = repository.RemoveKey(ctx, repo, key.ID())
 		return errors.Fatalf("failed to access repository with new key: %v", err)
 	}
 	return nil

diff --git a/internal/repository/key.go b/internal/repository/key.go
@@ -285,6 +285,15 @@ func AddKey(ctx context.Context, s *Repository, password, username, hostname str
 	return newkey, nil
 }
 
+func RemoveKey(ctx context.Context, repo *Repository, id restic.ID) error {
+	if id == repo.KeyID() {
+		return errors.New("refusing to remove key currently used to access repository")
+	}
+
+	h := backend.Handle{Type: restic.KeyFile, Name: id.String()}
+	return repo.be.Remove(ctx, h)
+}
+
 func (k *Key) String() string {
 	if k == nil {
 		return "<Key nil>"

diff --git a/internal/repository/repository.go b/internal/repository/repository.go
@@ -743,12 +743,19 @@ func (r *Repository) SearchKey(ctx context.Context, password string, maxKeys int
 		return err
 	}
 
+	oldKey := r.key
+	oldKeyID := r.keyID
+
 	r.key = key.master
 	r.keyID = key.ID()
 	cfg, err := restic.LoadConfig(ctx, r)
-	if err == crypto.ErrUnauthenticated {
-		return fmt.Errorf("config or key %v is damaged: %w", key.ID(), err)
-	} else if err != nil {
+	if err != nil {
+		r.key = oldKey
+		r.keyID = oldKeyID
+
+		if err == crypto.ErrUnauthenticated {
+			return fmt.Errorf("config or key %v is damaged: %w", key.ID(), err)
+		}
 		return fmt.Errorf("config cannot be loaded: %w", err)
 	}