Fix --key-description actions and define --new-key-description.

man/common_options.adoc

@@ -443,7 +443,7 @@ endif::[]
 
 ifdef::ACTION_TOKEN[]
 *--key-description <text>*::
-Set key description in keyring for use with _token_ command.
+Set key description in keyring that will be used for passphrase retrieval.
 endif::[]
 
 ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_TCRYPTDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
@@ -666,6 +666,11 @@ Supplying more than the compiled in maximum aborts the operation. When
 --new-keyfile-offset is also given, reading starts after the offset.
 endif::[]
 
+ifdef::UNUSED[]
+*--new-key-description <text>*::
+Set key description in keyring that will be used for new passphrase retrieval.
+endif::[]
+
 ifdef::ACTION_LUKSADDKEY[]
 *--new-key-slot <0-N>*::
 This option allows you to specify which key slot is selected for

src/cryptsetup.c

@@ -4036,6 +4036,11 @@ int main(int argc, const char **argv)
 		_("Cannot link volume key to a keyring when keyring is disabled."),
 		poptGetInvocationName(popt_context));
 
+	if (ARG_SET(OPT_DISABLE_KEYRING_ID) && (ARG_SET(OPT_KEY_DESCRIPTION_ID) || ARG_SET(OPT_NEW_KEY_DESCRIPTION_ID)))
+		usage(popt_context, EXIT_FAILURE,
+		_("Cannot use keyring key description when keyring is disabled."),
+		poptGetInvocationName(popt_context));
+
 	if (ARG_SET(OPT_DEBUG_ID) || ARG_SET(OPT_DEBUG_JSON_ID)) {
 		crypt_set_debug_level(ARG_SET(OPT_DEBUG_JSON_ID)? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL);
 		dbg_version_and_cmd(argc, argv);

src/cryptsetup_arg_list.h

@@ -97,7 +97,7 @@ ARG(OPT_JSON_FILE, '\0', POPT_ARG_STRING, N_("Read or write the json from or to
 
 ARG(OPT_KEEP_KEY, '\0', POPT_ARG_NONE, N_("Do not change volume key"), NULL, CRYPT_ARG_BOOL, {}, OPT_KEEP_KEY_ACTIONS)
 
-ARG(OPT_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Key description"), NULL, CRYPT_ARG_STRING, {}, {})
+ARG(OPT_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Keyring key description"), NULL, CRYPT_ARG_STRING, {}, OPT_KEY_DESCRIPTION_ACTIONS)
 
 ARG(OPT_KEY_FILE, 'd', POPT_ARG_STRING, N_("Read the key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
 
@@ -127,6 +127,8 @@ ARG(OPT_NEW_KEYFILE_OFFSET , '\0', POPT_ARG_STRING, N_("Number of bytes to skip
 
 ARG(OPT_NEW_KEYFILE_SIZE, '\0', POPT_ARG_STRING, N_("Limits the read from newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT32, {}, {})
 
+ARG(OPT_NEW_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Keyring new key description"), NULL, CRYPT_ARG_STRING, {}, OPT_NEW_KEY_DESCRIPTION_ACTIONS)
+
 ARG(OPT_NEW_KEY_SLOT, '\0', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_NEW_KEY_SLOT_ACTIONS)
 
 ARG(OPT_NEW_TOKEN_ID, '\0', POPT_ARG_STRING, N_("Token number (default: any)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_TOKEN }, OPT_NEW_TOKEN_ID_ACTIONS)

src/cryptsetup_args.h

@@ -81,6 +81,7 @@
 #define OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS		{ REENCRYPT_ACTION, FORMAT_ACTION }
 #define OPT_LUKS2_METADATA_SIZE_ACTIONS		{ REENCRYPT_ACTION, FORMAT_ACTION }
 #define OPT_NEW_KEYFILE_ACTIONS			{ ADDKEY_ACTION }
+#define OPT_NEW_KEY_DESCRIPTION_ACTIONS		{ }
 #define OPT_NEW_KEY_SLOT_ACTIONS		{ ADDKEY_ACTION }
 #define OPT_NEW_TOKEN_ID_ACTIONS		{ ADDKEY_ACTION }
 #define OPT_OFFSET_ACTIONS			{ OPEN_ACTION, REENCRYPT_ACTION, FORMAT_ACTION }

src/utils_arg_names.h

@@ -114,6 +114,7 @@
 #define OPT_VOLUME_KEY_FILE		"volume-key-file"
 #define OPT_VOLUME_KEY_KEYRING		"volume-key-keyring"
 #define OPT_NEW				"new"
+#define OPT_NEW_KEY_DESCRIPTION		"new-key-description"
 #define OPT_NEW_KEY_SLOT		"new-key-slot"
 #define OPT_NEW_KEYFILE			"new-keyfile"
 #define OPT_NEW_KEYFILE_OFFSET		"new-keyfile-offset"