Closed jochumdev closed 8 years ago
@agroszer, @mgedmin and @strichter as you are the people that contributed to this package and are listed as owners on pypi i'm mentioning your names here.
we are trying to add support for encrypting files in the blobstorage and would like to get your feedback on the work done by now.
encryption is working well - i think. decryption is done by creating a temporary decrypted file in $INSTANCE_HOME/var/tmp and return its filename instead of the filename of the original blobfile.
@pcdummy already started to implement "junk encoding" the files to save ram and gain performance. we'd need to use https://github.com/webmeisterei/keas.kmi/tree/enc_dec_file to get this working.
one of the open issues is the "garbage collection" of encrypted files in $INSTANCE_HOME/var/tmp. a simple idea would be to delete files older than 2 minutes that are not yet opened using cron. ideally loadBlob and storeBlob should work with filedescriptions instead of passing filenames and data. this way we could return enc- and decrypted streams and do not worry about cleaning up temporary files.
we'd love to get your feedback. what needs to be done to get this merged?
we are happy to add tests for our blob related additions as soon as we got your feedback and and can be sure this gets merged. maybe you could help us to fix the tests?
I'm not using cipher.encryptingstorage, and I'm not interested in maintaining it. Feel free to take over, if nobody else objects.
One obvious thing that would be good to fix is to make the tests not fail on Travis ;)
(I haven't checked but this is probably the Python 3.2 thing, where the best way forward is probably drop Python 3.2 support from travis.yml, tox.ini and setup.py.)
@mgedmin can you add me and @frisi as owner to pypi?
Mine is pcdummy and the one of frisi is also frisi.
@frisi, @pcdummy: you're now cipher.encryptingstorage maintainers on PyPI. Use your new powers for good!
FYI we use a simple cronjob to clean unencrypted files:
/usr/bin/find ${buildout:directory}/var/tmp -type f -amin +5 -exec sh -c "fuser -s {} || rm -f {}" \;
@frisi, @pcdummy: you're now cipher.encryptingstorage maintainers on PyPI. Use your new powers for good!
thanks @mgedmin - we will do so ;-)
i'd squash the last 2 commits. then this is ready to merge @pcdummy
1.1 released - thanks @pcdummy and @mgedmin
We implemented Bob encryption here. Its a bit of a hack as
keas.kmi
andZODB
doen't support file streams/fd passing.So we have to save the encrypted file somewhere on the filesystem and return the filename of that temporary encrypted file.
Is there a better way to solve this?