diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-07-17 12:11:57 +0000 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-07-17 16:15:15 +0200 |
commit | b5d008ed5a2ec074bf28ca5835785ee3160d6a9d (patch) | |
tree | bd6960356798f80423f93f3ef881f3ed772653e3 | |
parent | c81849712f8888e6f12b7c2b7ebfcf5d2294addd (diff) | |
download | freeipa-b5d008ed5a2ec074bf28ca5835785ee3160d6a9d.tar.gz freeipa-b5d008ed5a2ec074bf28ca5835785ee3160d6a9d.tar.xz freeipa-b5d008ed5a2ec074bf28ca5835785ee3160d6a9d.zip |
Run gpg-agent explicitly when encrypting/decrypting files.
Also add an option to ipautil.run to redirect command output to /dev/null.
https://fedorahosted.org/freeipa/ticket/3767
-rw-r--r-- | ipapython/ipautil.py | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index f2ca9d6a9..92569c3b4 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -246,7 +246,7 @@ def shell_quote(string): return "'" + string.replace("'", "'\\''") + "'" def run(args, stdin=None, raiseonerr=True, - nolog=(), env=None, capture_output=True, cwd=None): + nolog=(), env=None, capture_output=True, skip_output=False, cwd=None): """ Execute a command and return stdin, stdout and the process return code. @@ -288,7 +288,9 @@ def run(args, stdin=None, raiseonerr=True, env["PATH"] = "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin" if stdin: p_in = subprocess.PIPE - if capture_output: + if skip_output: + p_out = p_err = open('/dev/null', 'w') + elif capture_output: p_out = subprocess.PIPE p_err = subprocess.PIPE @@ -308,12 +310,15 @@ def run(args, stdin=None, raiseonerr=True, except: root_logger.debug('Process execution failed') raise + finally: + if skip_output: + p_out.close() # pylint: disable=E1103 root_logger.debug('Process finished, return code=%s', p.returncode) # The command and its output may include passwords that we don't want # to log. Replace those. - if capture_output: + if capture_output and not skip_output: stdout = nolog_replace(stdout, nolog) stderr = nolog_replace(stderr, nolog) root_logger.debug('stdout=%s' % stdout) @@ -389,8 +394,8 @@ def encrypt_file(source, dest, password, workdir = None): #give gpg a fake dir so that we can leater remove all #the cruft when we clean up the tempdir os.mkdir(gpgdir) - args = ['/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source] - run(args, password) + args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source] + run(args, password, skip_output=True) except: raise finally: @@ -419,8 +424,8 @@ def decrypt_file(source, dest, password, workdir = None): #give gpg a fake dir so that we can leater remove all #the cruft when we clean up the tempdir os.mkdir(gpgdir) - args = ['/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source] - run(args, password) + args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source] + run(args, password, skip_output=True) except: raise finally: |