Package CedarBackup2 :: Package extend :: Module encrypt
[show private | hide private]
[frames | no frames]

Module CedarBackup2.extend.encrypt

Provides an extension to encrypt staging directories.

When this extension is executed, all backed-up files in the configured Cedar Backup staging directory will be encrypted using gpg. Any directory which has already been encrypted (as indicated by the cback.encrypt file) will be ignored.

This extension requires a new configuration section <encrypt> and is intended to be run immediately after the standard stage action or immediately before the standard store action. Aside from its own configuration, it requires the options and staging configuration sections in the standard Cedar Backup configuration file.

Author: Kenneth J. Pronovici <pronovic@ieee.org>

Classes
EncryptConfig Class representing encrypt configuration.
LocalConfig Class representing this extension's configuration document.

Function Summary
  executeAction(configPath, options, config)
Executes the encrypt backup action.
  _confirmGpgRecipient(recipient)
Confirms that a recipient's public key is known to GPG.
  _encryptDailyDir(dailyDir, encryptMode, encryptTarget, backupUser, backupGroup)
Encrypts the contents of a daily staging directory.
  _encryptFile(sourcePath, encryptMode, encryptTarget, backupUser, backupGroup, removeSource)
Encrypts the source file using the indicated mode.
  _encryptFileWithGpg(sourcePath, recipient)
Encrypts the indicated source file using GPG.

Variable Summary
str ENCRYPT_INDICATOR = 'cback.encrypt'
list GPG_COMMAND = ['gpg']
Logger logger = <logging.Logger instance at 0x402dce2c>
list VALID_ENCRYPT_MODES = ['gpg']

Function Details

executeAction(configPath, options, config)

Executes the encrypt backup action.
Parameters:
configPath - Path to configuration file on disk.
           (type=String representing a path on disk.)
options - Program command-line options.
           (type=Options object.)
config - Program configuration.
           (type=Config object.)
Raises:
ValueError - Under many generic error conditions
IOError - If there are I/O problems reading or writing files

_confirmGpgRecipient(recipient)

Confirms that a recipient's public key is known to GPG. Throws an exception if there is a problem, or returns normally otherwise.
Parameters:
recipient - Recipient name
Raises:
IOError - If the recipient's public key is not known to GPG.

_encryptDailyDir(dailyDir, encryptMode, encryptTarget, backupUser, backupGroup)

Encrypts the contents of a daily staging directory.

Indicator files are ignored. All other files are encrypted. The only valid encrypt mode is "gpg".
Parameters:
dailyDir - Daily directory to encrypt
encryptMode - Encryption mode (only "gpg" is allowed)
encryptTarget - Encryption target (GPG recipient for "gpg" mode)
backupUser - User that target files should be owned by
backupGroup - Group that target files should be owned by
Raises:
ValueError - If the encrypt mode is not supported.
ValueError - If the daily staging directory does not exist.

_encryptFile(sourcePath, encryptMode, encryptTarget, backupUser, backupGroup, removeSource=False)

Encrypts the source file using the indicated mode.

The encrypted file will be owned by the indicated backup user and group. If removeSource is True, then the source file will be removed after it is successfully encrypted.

Currently, only the "gpg" encrypt mode is supported.
Parameters:
sourcePath - Absolute path of the source file to encrypt
encryptMode - Encryption mode (only "gpg" is allowed)
encryptTarget - Encryption target (GPG recipient)
backupUser - User that target files should be owned by
backupGroup - Group that target files should be owned by
removeSource - Indicates whether to remove the source file
Returns:
Path to the newly-created encrypted file.
Raises:
ValueError - If an invalid encrypt mode is passed in.
IOError - If there is a problem accessing, encrypting or removing the source file.

_encryptFileWithGpg(sourcePath, recipient)

Encrypts the indicated source file using GPG.

The encrypted file will be in GPG's binary output format and will have the same name as the source file plus a ".gpg" extension. The source file will not be modified or removed by this function call.
Parameters:
sourcePath - Absolute path of file to be encrypted.
recipient - Recipient name to be passed to GPG's "-r" option
Returns:
Path to the newly-created encrypted file.
Raises:
IOError - If there is a problem encrypting the file.

Variable Details

ENCRYPT_INDICATOR

Type:
str
Value:
'cback.encrypt'                                                        

GPG_COMMAND

Type:
list
Value:
['gpg']                                                                

logger

Type:
Logger
Value:
<logging.Logger instance at 0x402dce2c>                                

VALID_ENCRYPT_MODES

Type:
list
Value:
['gpg']                                                                

Generated by Epydoc 2.1 on Thu Mar 29 20:58:27 2007 http://epydoc.sf.net