[Freeipa-devel] [PATCH] Add encrypt_file and decrypt_file functions

Fri Aug 8 11:47:54 UTC 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Gallagher wrote:
> Simo Sorce wrote:
>> On Thu, 2008-08-07 at 21:16 +0000, Simo Sorce wrote:
>>> On Thu, 2008-08-07 at 16:53 -0400, Rob Crittenden wrote:
>>>> Simo Sorce wrote:
>>>>> See patch, these functions will be used in ipa-replica-prepare and
>>>>> ipa-replica-install to make the data more safe. 
>>>>>
>>>>>
>>>>>
>>>> Just a few minor things.
>>>>
>>>> You check that the password exists during encryption but not decryption.
>>> ahh right
>>>
>>>> Should we do any validation that dest is ok? I suppose we'll find out 
>>>> soon enough from the call to run...
>>> the operation would fail and we will get an exception, I wouldn't care
>>> too much about that at this point.
>>>
>>> the caller will need to check for exceptions anyway and decide what to
>>> do.
>>>
>>>> A cleaner way of handling a failure would use try/except/finally, though 
>>>>   Python 2.4 makes it a little icky. It would look something like this 
>>>> for encrypt_file()
>>>>
>>>> try:
>>>>      try:
>>>>         os.mkdir(gpgdir)
>>>>         args = ...
>>>>      except:
>>>>          raise
>>>> finally:
>>>>      #clean up
>>>>      shutil.rmtree(tempdir, ignore_errors=True)
>>>>
>>>> The way it is now is fine but the cleanup code (one line) is duplicated).
>>> right, I will change the patch to use finally
>> Attached a patch that implement this and also remove mentions of
>> 'tarfile' that were unused as Rob pointed out on IRC.
> 
> 
> Maybe I'm crazy, but the two functions encrypt_file() and decrypt_file()
> do not seem to be actually called anywhere.

Please disregard this. I haven't had any caffeine yet today.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkicMmoACgkQc7MaxVic+2qR4ACgpIAqdiN4ji1LDvyUJUH2pn6M
fvgAnRpG+l2fxckg3k6Y5ooWLFrGORPu
=2KML
-----END PGP SIGNATURE-----