[Freeipa-devel] [PATCH] Add encrypt_file and decrypt_file functions
Simo Sorce
ssorce at redhat.com
Mon Aug 11 22:36:02 UTC 2008
On Fri, 2008-08-08 at 14:45 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Thu, 2008-08-07 at 21:16 +0000, Simo Sorce wrote:
> >> On Thu, 2008-08-07 at 16:53 -0400, Rob Crittenden wrote:
> >>> Simo Sorce wrote:
> >>>> See patch, these functions will be used in ipa-replica-prepare and
> >>>> ipa-replica-install to make the data more safe.
> >>>>
> >>>>
> >>>>
> >>> Just a few minor things.
> >>>
> >>> You check that the password exists during encryption but not decryption.
> >> ahh right
> >>
> >>> Should we do any validation that dest is ok? I suppose we'll find out
> >>> soon enough from the call to run...
> >> the operation would fail and we will get an exception, I wouldn't care
> >> too much about that at this point.
> >>
> >> the caller will need to check for exceptions anyway and decide what to
> >> do.
> >>
> >>> A cleaner way of handling a failure would use try/except/finally, though
> >>> Python 2.4 makes it a little icky. It would look something like this
> >>> for encrypt_file()
> >>>
> >>> try:
> >>> try:
> >>> os.mkdir(gpgdir)
> >>> args = ...
> >>> except:
> >>> raise
> >>> finally:
> >>> #clean up
> >>> shutil.rmtree(tempdir, ignore_errors=True)
> >>>
> >>> The way it is now is fine but the cleanup code (one line) is duplicated).
> >> right, I will change the patch to use finally
> >
> > Attached a patch that implement this and also remove mentions of
> > 'tarfile' that were unused as Rob pointed out on IRC.
> >
>
> ack
pushed to master
Simo.
More information about the Freeipa-devel
mailing list