def safefs_add_fs_args(fs, encrypted_folders, fs_args):
if not encrypted_folders:
return
keys = []
if True:
# if any of the encrypted folders is a descendent of
# another one, then fail
folders = set()
parents = set()
for enc_folder_md in encrypted_folders:
enc_folder = enc_folder_md["path"]
root = enc_folder_to_path(fs, enc_folder)
# check if we already encrypting a child
if root in parents:
raise ValueError("Can't have nested encrypted folders")
p = root
while p.parent != p:
p = p.parent
if p in folders:
raise ValueError("Can't have nested encrypted folders")
parents.add(p)
folders.add(root)
for enc_folder_md in encrypted_folders:
enc_folder = enc_folder_md["path"]
pass_ = None
password_command = enc_folder_md.get("password_command")
if password_command is not None:
print("Running %r to retrieve password for %r" % (' '.join(password_command), enc_folder))
with subprocess.Popen(password_command, stdout=subprocess.PIPE) as proc:
pass_ = proc.stdout.read()
if proc.wait():
raise Exception("Password command for %s failed: %s" % (
enc_folder,
' '.join(password_command),
))
else:
print("Setup for encrypted %r..." % (enc_folder,))
root = enc_folder_to_path(fs, enc_folder)
key = console_init_safefs(fs, root, pass_=pass_)
if key is None:
continue
keys.append((enc_folder, key))
def encode_bytes(obj):
if not isinstance(obj, bytes):
raise TypeError()
return {'__bytes__': True, 'data': base64.b64encode(obj).decode("utf-8")}
fs_args['safefs_keys'] = json.dumps(keys, default=encode_bytes)
def safefs_wrap_create_fs(create_fs, encrypted_folders):
if not encrypted_folders:
return create_fs
keys = []
with contextlib.closing(create_fs()) as fs:
# if any of the encrypted folders is a descendent of
# another one, then fail
folders = set()
parents = set()
for enc_folder_md in encrypted_folders:
enc_folder = enc_folder_md["path"]
root = enc_folder_to_path(fs, enc_folder)
# check if we already encrypting a child
if root in parents:
raise ValueError("Can't have nested encrypted folders")
p = root
while p.parent != p:
p = p.parent
if p in folders:
raise ValueError("Can't have nested encrypted folders")
parents.add(p)
folders.add(root)
for enc_folder_md in encrypted_folders:
enc_folder = enc_folder_md["path"]
pass_ = None
password_command = enc_folder_md.get("password_command")
if password_command is not None:
print("Running %r to retrieve password for %r" %
(' '.join(password_command), enc_folder))
with subprocess.Popen(password_command,
stdout=subprocess.PIPE) as proc:
pass_ = proc.stdout.read()
if proc.wait():
raise Exception("Password command for %s failed: %s" %
(
enc_folder,
' '.join(password_command),
))
else:
print("Setup for encrypted %r..." % (enc_folder, ))
root = enc_folder_to_path(fs, enc_folder)
key = console_init_safefs(fs, root, pass_=pass_)
if key is None:
continue
keys.append((enc_folder, key))
return EncryptedFSFactory(create_fs, keys)