[Freeipa-devel] [PATCH] Add encrypt_file and decrypt_file functions
Rob Crittenden
rcritten at redhat.com
Fri Aug 8 18:45:01 UTC 2008
Simo Sorce wrote:
> On Thu, 2008-08-07 at 21:16 +0000, Simo Sorce wrote:
>> On Thu, 2008-08-07 at 16:53 -0400, Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> See patch, these functions will be used in ipa-replica-prepare and
>>>> ipa-replica-install to make the data more safe.
>>>>
>>>>
>>>>
>>> Just a few minor things.
>>>
>>> You check that the password exists during encryption but not decryption.
>> ahh right
>>
>>> Should we do any validation that dest is ok? I suppose we'll find out
>>> soon enough from the call to run...
>> the operation would fail and we will get an exception, I wouldn't care
>> too much about that at this point.
>>
>> the caller will need to check for exceptions anyway and decide what to
>> do.
>>
>>> A cleaner way of handling a failure would use try/except/finally, though
>>> Python 2.4 makes it a little icky. It would look something like this
>>> for encrypt_file()
>>>
>>> try:
>>> try:
>>> os.mkdir(gpgdir)
>>> args = ...
>>> except:
>>> raise
>>> finally:
>>> #clean up
>>> shutil.rmtree(tempdir, ignore_errors=True)
>>>
>>> The way it is now is fine but the cleanup code (one line) is duplicated).
>> right, I will change the patch to use finally
>
> Attached a patch that implement this and also remove mentions of
> 'tarfile' that were unused as Rob pointed out on IRC.
>
ack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080808/44c0b272/attachment.bin>
More information about the Freeipa-devel
mailing list