Strona główna Odkrywaj Pomoc
Zaloguj się
mirrors
/
borg
kopia lustrzana https://github.com/borgbackup/borg
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

read a passphrase from a file descriptor

Read a passpharase from a file descriptor specified in the
BORG_PASSPHRASE_FD environment variable.
Łukasz Stelmach 6 lat temu
rodzic
59c9fccf57
commit
c9c1403685
2 zmienionych plików z 21 dodań i 1 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 14 1
      borg/key.py
  2. 7 0
      docs/usage.rst

+ 14 - 1
borg/key.py
Wyświetl plik 

@@ -26,7 +26,7 @@ PREFIX = b'\0' * 8
 
 
 
 class PassphraseWrong(Error):
 
-    """passphrase supplied in BORG_PASSPHRASE or by BORG_PASSCOMMAND is incorrect."""
 
+    """passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect."""
 
 
 
 class PasscommandFailure(Error):
 
@@ -323,6 +323,9 @@ class Passphrase(str):
 
         passphrase = cls.env_passcommand()
 
         if passphrase is not None:
 
             return passphrase
 
+        passphrase = cls.fd_passphrase()
 
+        if passphrase is not None:
 
+            return passphrase
 
 
     @classmethod
 
     def env_passcommand(cls, default=None):
 
@@ -336,6 +339,16 @@ class Passphrase(str):
 
                 raise PasscommandFailure(e)
 
             return cls(passphrase.rstrip('\n'))
 
 
+    @classmethod
 
+    def fd_passphrase(cls):
 
+        try:
 
+            fd = int(os.environ.get('BORG_PASSPHRASE_FD'))
 
+        except (ValueError, TypeError):
 
+            return None
 
+        with os.fdopen(fd, mode='r') as f:
 
+            passphrase = f.read()
 
+        return cls(passphrase.rstrip('\n'))
 
+
 
     @classmethod
 
     def getpass(cls, prompt):
 
         return cls(getpass.getpass(prompt))

+ 7 - 0
docs/usage.rst
Wyświetl plik 

@@ -172,6 +172,13 @@ General:
 
         It is used when a passphrase is needed to access an encrypted repo as well as when a new
 
         passphrase should be initially set when initializing an encrypted repo.
 
         If BORG_PASSPHRASE is also set, it takes precedence.
 
+    BORG_PASSPHRASE_FD
 
+        When set, specifies a file descriptor to read a passphrase
 
+        from. Programs starting borg may choose to open an anonymous pipe
 
+        and use it to pass a passphrase. This is safer than passing via
 
+        BORG_PASSPHRASE, because on some systems (e.g. Linux) environment
 
+        can be examined by other processes.
 
+        If BORG_PASSPHRASE or BORG_PASSCOMMAND are also set, they take precedence.
 
     BORG_DISPLAY_PASSPHRASE
 
         When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
 
     BORG_LOGGING_CONF