[Freeipa-devel] [PATCH] Add encrypt_file and decrypt_file functions
Stephen Gallagher
sgallagh at redhat.com
Fri Aug 8 11:45:59 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simo Sorce wrote:
> On Thu, 2008-08-07 at 21:16 +0000, Simo Sorce wrote:
>> On Thu, 2008-08-07 at 16:53 -0400, Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> See patch, these functions will be used in ipa-replica-prepare and
>>>> ipa-replica-install to make the data more safe.
>>>>
>>>>
>>>>
>>> Just a few minor things.
>>>
>>> You check that the password exists during encryption but not decryption.
>> ahh right
>>
>>> Should we do any validation that dest is ok? I suppose we'll find out
>>> soon enough from the call to run...
>> the operation would fail and we will get an exception, I wouldn't care
>> too much about that at this point.
>>
>> the caller will need to check for exceptions anyway and decide what to
>> do.
>>
>>> A cleaner way of handling a failure would use try/except/finally, though
>>> Python 2.4 makes it a little icky. It would look something like this
>>> for encrypt_file()
>>>
>>> try:
>>> try:
>>> os.mkdir(gpgdir)
>>> args = ...
>>> except:
>>> raise
>>> finally:
>>> #clean up
>>> shutil.rmtree(tempdir, ignore_errors=True)
>>>
>>> The way it is now is fine but the cleanup code (one line) is duplicated).
>> right, I will change the patch to use finally
>
> Attached a patch that implement this and also remove mentions of
> 'tarfile' that were unused as Rob pointed out on IRC.
>
Maybe I'm crazy, but the two functions encrypt_file() and decrypt_file()
do not seem to be actually called anywhere.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkicMfcACgkQc7MaxVic+2rXxQCgra10hJ5Y9u5sIz9ChpM954tp
NUwAnRX8A4GGDdp8nlqcM9pxFG0dCGgL
=hLr6
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list