ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

add docs, remove unnecessary int() cast

Browse source
This commit is contained in:
Eric Feliksik 2016-01-04 18:13:59 +01:00
parent 7193d27acc
commit 1e911375e8
1 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
lib/ansible/parsing/vault/__init__.py
View file

@ -221,7 +221,22 @@ class VaultEditor:
self.vault = VaultLib(password) self.vault = VaultLib(password)
def _shred_file(self, tmp_path): def _shred_file(self, tmp_path):
"""securely destroy a decrypted file.""" """Securely destroy a decrypted file
Inspired by unix `shred', try to destroy the secrets "so that they can be
recovered only with great difficulty with specialised hardware, if at all".
See https://github.com/ansible/ansible/pull/13700 .
Note that:
- For flash: overwriting would have no effect (due to wear leveling). But the
added disk wear is considered insignificant.
- For other storage systems: the filesystem lies to the vfs (kernel), the disk
driver lies to the filesystem and the disk lies to the driver. But it's better
than nothing.
- most tmp dirs are now tmpfs (ramdisks), for which this is a non-issue.
"""
def generate_data(length): def generate_data(length):
import string, random import string, random
chars = string.ascii_lowercase + string.ascii_uppercase + string.digits chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
@ -234,7 +249,7 @@ class VaultEditor:
ld = os.path.getsize(tmp_path) ld = os.path.getsize(tmp_path)
passes = 3 passes = 3
with open(tmp_path, "w") as fh: with open(tmp_path, "w") as fh:
for _ in range(int(passes)): for _ in range(passes):
fh.seek(0, 0) fh.seek(0, 0)
data = generate_data(ld) data = generate_data(ld)
fh.write(data) fh.write(data)