Package CedarBackup2 :: Package extend :: Module encrypt
[hide private]
[frames] | no frames]

Module encrypt

source code

Provides an extension to encrypt staging directories.

When this extension is executed, all backed-up files in the configured Cedar Backup staging directory will be encrypted using gpg. Any directory which has already been encrypted (as indicated by the cback.encrypt file) will be ignored.

This extension requires a new configuration section <encrypt> and is intended to be run immediately after the standard stage action or immediately before the standard store action. Aside from its own configuration, it requires the options and staging configuration sections in the standard Cedar Backup configuration file.


Author: Kenneth J. Pronovici <pronovic@ieee.org>

Classes [hide private]
  EncryptConfig
Class representing encrypt configuration.
  LocalConfig
Class representing this extension's configuration document.
Functions [hide private]
 
executeAction(configPath, options, config)
Executes the encrypt backup action.
source code
 
_encryptDailyDir(dailyDir, encryptMode, encryptTarget, backupUser, backupGroup)
Encrypts the contents of a daily staging directory.
source code
 
_encryptFile(sourcePath, encryptMode, encryptTarget, backupUser, backupGroup, removeSource=False)
Encrypts the source file using the indicated mode.
source code
 
_encryptFileWithGpg(sourcePath, recipient)
Encrypts the indicated source file using GPG.
source code
 
_confirmGpgRecipient(recipient)
Confirms that a recipient's public key is known to GPG.
source code
Variables [hide private]
  logger = logging.getLogger("CedarBackup2.log.extend.encrypt")
  GPG_COMMAND = ['gpg']
  VALID_ENCRYPT_MODES = ['gpg']
  ENCRYPT_INDICATOR = 'cback.encrypt'
  __package__ = 'CedarBackup2.extend'
Function Details [hide private]

executeAction(configPath, options, config)

source code 

Executes the encrypt backup action.

Parameters:
  • configPath (String representing a path on disk.) - Path to configuration file on disk.
  • options (Options object.) - Program command-line options.
  • config (Config object.) - Program configuration.
Raises:
  • ValueError - Under many generic error conditions
  • IOError - If there are I/O problems reading or writing files

_encryptDailyDir(dailyDir, encryptMode, encryptTarget, backupUser, backupGroup)

source code 

Encrypts the contents of a daily staging directory.

Indicator files are ignored. All other files are encrypted. The only valid encrypt mode is "gpg".

Parameters:
  • dailyDir - Daily directory to encrypt
  • encryptMode - Encryption mode (only "gpg" is allowed)
  • encryptTarget - Encryption target (GPG recipient for "gpg" mode)
  • backupUser - User that target files should be owned by
  • backupGroup - Group that target files should be owned by
Raises:
  • ValueError - If the encrypt mode is not supported.
  • ValueError - If the daily staging directory does not exist.

_encryptFile(sourcePath, encryptMode, encryptTarget, backupUser, backupGroup, removeSource=False)

source code 

Encrypts the source file using the indicated mode.

The encrypted file will be owned by the indicated backup user and group. If removeSource is True, then the source file will be removed after it is successfully encrypted.

Currently, only the "gpg" encrypt mode is supported.

Parameters:
  • sourcePath - Absolute path of the source file to encrypt
  • encryptMode - Encryption mode (only "gpg" is allowed)
  • encryptTarget - Encryption target (GPG recipient)
  • backupUser - User that target files should be owned by
  • backupGroup - Group that target files should be owned by
  • removeSource - Indicates whether to remove the source file
Returns:
Path to the newly-created encrypted file.
Raises:
  • ValueError - If an invalid encrypt mode is passed in.
  • IOError - If there is a problem accessing, encrypting or removing the source file.

_encryptFileWithGpg(sourcePath, recipient)

source code 

Encrypts the indicated source file using GPG.

The encrypted file will be in GPG's binary output format and will have the same name as the source file plus a ".gpg" extension. The source file will not be modified or removed by this function call.

Parameters:
  • sourcePath - Absolute path of file to be encrypted.
  • recipient - Recipient name to be passed to GPG's "-r" option
Returns:
Path to the newly-created encrypted file.
Raises:
  • IOError - If there is a problem encrypting the file.

_confirmGpgRecipient(recipient)

source code 

Confirms that a recipient's public key is known to GPG. Throws an exception if there is a problem, or returns normally otherwise.

Parameters:
  • recipient - Recipient name
Raises:
  • IOError - If the recipient's public key is not known to GPG.