summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-07-17 12:11:57 +0000
committerMartin Kosek <mkosek@redhat.com>2013-07-17 16:15:15 +0200
commitb5d008ed5a2ec074bf28ca5835785ee3160d6a9d (patch)
treebd6960356798f80423f93f3ef881f3ed772653e3
parentc81849712f8888e6f12b7c2b7ebfcf5d2294addd (diff)
downloadfreeipa-b5d008ed5a2ec074bf28ca5835785ee3160d6a9d.zip
freeipa-b5d008ed5a2ec074bf28ca5835785ee3160d6a9d.tar.gz
freeipa-b5d008ed5a2ec074bf28ca5835785ee3160d6a9d.tar.xz
Run gpg-agent explicitly when encrypting/decrypting files.
Also add an option to ipautil.run to redirect command output to /dev/null. https://fedorahosted.org/freeipa/ticket/3767
-rw-r--r--ipapython/ipautil.py19
1 files changed, 12 insertions, 7 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index f2ca9d6..92569c3 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -246,7 +246,7 @@ def shell_quote(string):
return "'" + string.replace("'", "'\\''") + "'"
def run(args, stdin=None, raiseonerr=True,
- nolog=(), env=None, capture_output=True, cwd=None):
+ nolog=(), env=None, capture_output=True, skip_output=False, cwd=None):
"""
Execute a command and return stdin, stdout and the process return code.
@@ -288,7 +288,9 @@ def run(args, stdin=None, raiseonerr=True,
env["PATH"] = "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"
if stdin:
p_in = subprocess.PIPE
- if capture_output:
+ if skip_output:
+ p_out = p_err = open('/dev/null', 'w')
+ elif capture_output:
p_out = subprocess.PIPE
p_err = subprocess.PIPE
@@ -308,12 +310,15 @@ def run(args, stdin=None, raiseonerr=True,
except:
root_logger.debug('Process execution failed')
raise
+ finally:
+ if skip_output:
+ p_out.close() # pylint: disable=E1103
root_logger.debug('Process finished, return code=%s', p.returncode)
# The command and its output may include passwords that we don't want
# to log. Replace those.
- if capture_output:
+ if capture_output and not skip_output:
stdout = nolog_replace(stdout, nolog)
stderr = nolog_replace(stderr, nolog)
root_logger.debug('stdout=%s' % stdout)
@@ -389,8 +394,8 @@ def encrypt_file(source, dest, password, workdir = None):
#give gpg a fake dir so that we can leater remove all
#the cruft when we clean up the tempdir
os.mkdir(gpgdir)
- args = ['/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source]
- run(args, password)
+ args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source]
+ run(args, password, skip_output=True)
except:
raise
finally:
@@ -419,8 +424,8 @@ def decrypt_file(source, dest, password, workdir = None):
#give gpg a fake dir so that we can leater remove all
#the cruft when we clean up the tempdir
os.mkdir(gpgdir)
- args = ['/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source]
- run(args, password)
+ args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source]
+ run(args, password, skip_output=True)
except:
raise
finally: