Kyle Isom
490db0599c
HardwareFIDO2 implements FIDO2Device via go-libfido2 (CGo bindings to Yubico's libfido2). Gated behind //go:build fido2 tag to keep default builds CGo-free. Nix flake adds sgard-fido2 package variant. CLI changes: --fido2-pin flag, unlockDEK helper tries FIDO2 first, add-fido2/encrypt init --fido2 use real hardware, auto-unlock added to restore/checkpoint/diff for encrypted entries. Tested manually: add-fido2, add --encrypt, restore, checkpoint, diff all work with hardware FIDO2 key (touch-to-unlock, no passphrase). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
53 lines
1.0 KiB
Go
53 lines
1.0 KiB
Go
package main
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/kisom/sgard/garden"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
var forceRestore bool
|
|
|
|
var restoreCmd = &cobra.Command{
|
|
Use: "restore [path...]",
|
|
Short: "Restore tracked files to their original locations",
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
g, err := garden.Open(repoFlag)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if g.HasEncryption() && g.NeedsDEK(g.List()) {
|
|
if err := unlockDEK(g); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
confirm := func(path string) bool {
|
|
fmt.Printf("Overwrite %s? [y/N] ", path)
|
|
scanner := bufio.NewScanner(os.Stdin)
|
|
if scanner.Scan() {
|
|
answer := strings.TrimSpace(strings.ToLower(scanner.Text()))
|
|
return answer == "y" || answer == "yes"
|
|
}
|
|
return false
|
|
}
|
|
|
|
if err := g.Restore(args, forceRestore, confirm); err != nil {
|
|
return err
|
|
}
|
|
|
|
fmt.Println("Restore complete.")
|
|
return nil
|
|
},
|
|
}
|
|
|
|
func init() {
|
|
restoreCmd.Flags().BoolVarP(&forceRestore, "force", "f", false, "overwrite without prompting")
|
|
rootCmd.AddCommand(restoreCmd)
|
|
}
|