Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'qubesos/pr/20'

Browse Source 
* qubesos/pr/20:
  qvm-backup/qvm-backup-restore: Allow reading pass phrase from file or stdin
This commit is contained in:
Marek Marczykowski-Górecki 2016-03-13 03:39:14 +01:00
commit 830444fefb
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
2 changed files with 39 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
qvm-tools/qvm-backup
View File

@ -30,6 +30,7 @@ import qubes.backup
import os import os
import sys import sys
import getpass import getpass
from locale import getpreferredencoding
def print_progress(progress): def print_progress(progress):
print >> sys.stderr, "\r-> Backing up files: {0}%...".format (progress), print >> sys.stderr, "\r-> Backing up files: {0}%...".format (progress),
@ -51,6 +52,10 @@ def main():
parser.add_option ("--no-encrypt", action="store_true", parser.add_option ("--no-encrypt", action="store_true",
dest="no_encrypt", default=False, dest="no_encrypt", default=False,
help="Skip encryption even if sending the backup to VM") help="Skip encryption even if sending the backup to VM")
parser.add_option ("-p", "--passphrase-file", action="store",
dest="pass_file", default=None,
help="File containing the pass phrase to use, or '-' "
"to read it from stdin")
parser.add_option ("-E", "--enc-algo", action="store", parser.add_option ("-E", "--enc-algo", action="store",
dest="crypto_algorithm", default=None, dest="crypto_algorithm", default=None,
help="Specify non-default encryption algorithm. For " help="Specify non-default encryption algorithm. For "
@ -156,24 +161,26 @@ def main():
if not options.encrypt: if not options.encrypt:
print >>sys.stderr, "WARNING: encryption will not be used" print >>sys.stderr, "WARNING: encryption will not be used"
prompt = raw_input ("Do you want to proceed? [y/N] ") if options.pass_file is not None:
if not (prompt == "y" or prompt == "Y"): f = open(options.pass_file) if options.pass_file != "-" else sys.stdin
passphrase = f.readline().rstrip()
if f is not sys.stdin:
f.close()
else:
if raw_input("Do you want to proceed? [y/N] ").upper() != "Y":
exit(0) exit(0)
if options.encrypt: s = ("Please enter the pass phrase that will be used to {}verify "
passphrase = getpass.getpass("Please enter the pass phrase that will " "the backup: ").format('encrypt and ' if options.encrypt else '')
"be used to encrypt and verify the " passphrase = getpass.getpass(s)
"backup: ")
else:
passphrase = getpass.getpass("Please enter the pass phrase that will "
"be used to verify the backup: ")
passphrase2 = getpass.getpass("Enter again for verification: ") if getpass.getpass("Enter again for verification: ") != passphrase:
if passphrase != passphrase2:
print >>sys.stderr, "ERROR: Password mismatch" print >>sys.stderr, "ERROR: Password mismatch"
exit(1) exit(1)
passphrase = passphrase.decode(sys.stdin.encoding) encoding = sys.stdin.encoding or getpreferredencoding()
passphrase = passphrase.decode(encoding)
kwargs = {} kwargs = {}
if options.hmac_algorithm: if options.hmac_algorithm:

22
qvm-tools/qvm-backup-restore
View File

@ -31,6 +31,7 @@ from qubes.backup import backup_restore_do
import qubes.backup import qubes.backup
import sys import sys
from optparse import OptionParser from optparse import OptionParser
from locale import getpreferredencoding
import os import os
import sys import sys
@ -81,6 +82,10 @@ def main():
parser.add_option ("-e", "--encrypted", action="store_true", dest="decrypt", default=False, parser.add_option ("-e", "--encrypted", action="store_true", dest="decrypt", default=False,
help="The backup is encrypted") help="The backup is encrypted")
parser.add_option ("-p", "--passphrase-file", action="store",
dest="pass_file", default=None,
help="File containing the pass phrase to use, or '-' to read it from stdin")
parser.add_option ("-z", "--compressed", action="store_true", dest="compressed", default=False, parser.add_option ("-z", "--compressed", action="store_true", dest="compressed", default=False,
help="The backup is compressed") help="The backup is compressed")
@ -128,8 +133,16 @@ def main():
print >>sys.stderr, "ERROR: VM {0} does not exist".format(options.appvm) print >>sys.stderr, "ERROR: VM {0} does not exist".format(options.appvm)
exit(1) exit(1)
passphrase = getpass.getpass("Please enter the pass phrase that will be used to decrypt/verify the backup: ") if options.pass_file is not None:
passphrase = passphrase.decode(sys.stdin.encoding) f = open(options.pass_file) if options.pass_file != "-" else sys.stdin
passphrase = f.readline().rstrip()
if f is not sys.stdin:
f.close()
else:
passphrase = getpass.getpass("Please enter the pass phrase to decrypt/verify the backup: ")
encoding = sys.stdin.encoding or getpreferredencoding()
passphrase = passphrase.decode(encoding)
print >> sys.stderr, "Checking backup content..." print >> sys.stderr, "Checking backup content..."
@ -244,11 +257,10 @@ def main():
print >> sys.stderr, "Continuing as directed" print >> sys.stderr, "Continuing as directed"
print >> sys.stderr, "While restoring user homedir, existing files/dirs will be backed up in 'home-pre-restore-<current-time>' dir" print >> sys.stderr, "While restoring user homedir, existing files/dirs will be backed up in 'home-pre-restore-<current-time>' dir"
prompt = raw_input ("Do you want to proceed? [y/N] ") if options.pass_file is None:
if not (prompt == "y" or prompt == "Y"): if raw_input("Do you want to proceed? [y/N] ").upper() != "Y":
exit(0) exit(0)
try: try:
backup_restore_do(restore_info, backup_restore_do(restore_info,
host_collection=host_collection, host_collection=host_collection,