diff options
| author | Lars Wirzenius <liw@liw.fi> | 2011-04-12 14:53:11 +0100 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2011-04-12 14:53:11 +0100 |
| commit | 71608e93e2cf7ee39bf0e1e372a4f9a9ffb5e8f6 (patch) | |
| tree | 92ab7647014c582aecbb80f437fb0b78035c02df | |
| parent | bf65239f389d77a8fc8fee55138fea1dc2504faa (diff) | |
| download | obnam-71608e93e2cf7ee39bf0e1e372a4f9a9ffb5e8f6.tar.gz | |
Change add-key and remove-key to allow adding/removing key to specific clients, too.
Always add/remove in shared toplevels.
| -rw-r--r-- | obnamlib/plugins/encryption_plugin.py | 44 | ||||
| -rwxr-xr-x | test-encrypted-repo | 4 |
2 files changed, 22 insertions, 26 deletions
diff --git a/obnamlib/plugins/encryption_plugin.py b/obnamlib/plugins/encryption_plugin.py index f2480646..aa0d0f1c 100644 --- a/obnamlib/plugins/encryption_plugin.py +++ b/obnamlib/plugins/encryption_plugin.py @@ -28,6 +28,9 @@ class EncryptionPlugin(obnamlib.ObnamPlugin): self.app.config.new_string(['encrypt-with'], 'PGP key with which to encrypt data ' 'in the backup repository') + self.app.config.new_string(['keyid'], + 'PGP key id to add to/remove from ' + 'the backup repository') hooks = [ ('repository-toplevel-init', self.toplevel_init), @@ -154,33 +157,26 @@ class EncryptionPlugin(obnamlib.ObnamPlugin): for keyid in tops[toplevel]: print ' %s' % keyid + _shared = ['chunklist', 'chunks', 'chunksums', 'clientlist', 'metadata'] + + def _find_clientdirs(self, repo, client_names): + return [repo.client_dir(repo.clientlist.get_client_id(x)) + for x in client_names] + def add_key(self, args): + self.app.config.require('keyid') repo = self.app.open_repository() - shared = ['chunklist', 'chunks', 'chunksums', 'clientlist', 'metadata'] - for keyid in args: - key = obnamlib.get_public_key(keyid) - for toplevel in shared: - self.add_to_userkeys(repo, toplevel, key) + keyid = self.app.config['keyid'] + key = obnamlib.get_public_key(keyid) + clients = self._find_clientdirs(repo, args) + for toplevel in self._shared + clients: + self.add_to_userkeys(repo, toplevel, key) def remove_key(self, args): + self.app.config.require('keyid') repo = self.app.open_repository() - shared = ['chunklist', 'chunks', 'chunksums', 'clientlist', 'metadata'] - for keyid in args: - for toplevel in shared: - self.remove_from_userkeys(repo, toplevel, keyid) - -# def add_client(self, repo, client_public_key): -# self.add_to_userkeys(repo, 'metadata', client_public_key) -# self.add_to_userkeys(repo, 'clientlist', client_public_key) -# self.add_to_userkeys(repo, 'chunks', client_public_key) -# self.add_to_userkeys(repo, 'chunksums', client_public_key) -# # client will add itself to the clientlist and create its own toplevel - -# def remove_client(self, repo, client_keyid): -# # client may remove itself, since it has access to the symmetric keys -# # we assume the client-specific toplevel has already been removed -# self.remove_from_userkeys(repo, 'chunksums', client_keyid) -# self.remove_from_userkeys(repo, 'chunks', client_keyid) -# self.remove_from_userkeys(repo, 'clientlist', client_keyid) -# self.remove_from_userkeys(repo, 'metadata', client_keyid) + keyid = self.app.config['keyid'] + clients = self._find_clientdirs(repo, args) + for toplevel in self._shared + clients: + self.remove_from_userkeys(repo, toplevel, keyid) diff --git a/test-encrypted-repo b/test-encrypted-repo index f316ce2d..d3cf379e 100755 --- a/test-encrypted-repo +++ b/test-encrypted-repo @@ -21,7 +21,7 @@ $cmd restore --generation latest --to temp.restored summain -r temp.restored/$(pwd)/temp.data > temp.restored.manifest diff -u temp.data.manifest temp.restored.manifest -$cmd add-key $key2 +$cmd add-key --keyid $key2 yeehaa echo "client keys:" $cmd client-keys @@ -33,6 +33,6 @@ echo "list-toplevels:" $cmd list-toplevels echo "remove key" -$cmd remove-key $key2 +$cmd remove-key --keyid $key2 yeehaa $cmd list-keys |