[Freeipa-devel] [PATCH] Add encrypt_file and decrypt_file functions
Simo Sorce
ssorce at redhat.com
Thu Aug 7 21:16:27 UTC 2008
On Thu, 2008-08-07 at 16:53 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > See patch, these functions will be used in ipa-replica-prepare and
> > ipa-replica-install to make the data more safe.
> >
> >
> >
>
> Just a few minor things.
>
> You check that the password exists during encryption but not decryption.
ahh right
> Should we do any validation that dest is ok? I suppose we'll find out
> soon enough from the call to run...
the operation would fail and we will get an exception, I wouldn't care
too much about that at this point.
the caller will need to check for exceptions anyway and decide what to
do.
> A cleaner way of handling a failure would use try/except/finally, though
> Python 2.4 makes it a little icky. It would look something like this
> for encrypt_file()
>
> try:
> try:
> os.mkdir(gpgdir)
> args = ...
> except:
> raise
> finally:
> #clean up
> shutil.rmtree(tempdir, ignore_errors=True)
>
> The way it is now is fine but the cleanup code (one line) is duplicated).
right, I will change the patch to use finally
Simo.
More information about the Freeipa-devel
mailing list