[PATCH] Add support for an encrypted .goobookrc

38 views
Skip to first unread message

Alex Bennee

unread,
Mar 16, 2010, 1:04:39 PM3/16/10
to goo...@googlegroups.com
Storing your most valuable login details in plain text with just
user permissions to protect them isn't terribly secure. This patch
adds support for a .goobookrc.gpg which in a GPG encrypted version of
the goobookrc file.

With a appropriate gpg-agent/pinenty setup the first time you call
goobook you'll get prompted for your passphrase. Subsequent calls
should be transparent until the passphrase times out.
---
 goobook.py |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/goobook.py b/goobook.py
index 026d408..22c169b 100755
--- a/goobook.py
+++ b/goobook.py
@@ -30,6 +30,7 @@ import locale
 import optparse
 import sys
 import os
+import subprocess
 import re
 import time
 import ConfigParser
@@ -255,14 +256,21 @@ def read_config(config_file):
        'cache_filename': '~/.goobook_cache',
        'cache_expiry_hours': '24',
        }
-    if os.path.lexists(config_file):
+    config_file=os.path.expanduser(config_file)
+    if os.path.lexists(config_file) or os.path.lexists(config_file+".gpg"):
        try:
            parser = ConfigParser.SafeConfigParser()
-            parser.readfp(open(os.path.expanduser(config_file)))
+            if os.path.lexists(config_file):
+                f = open(config_file)
+            else:
+                sp = subprocess.Popen(['gpg','--no-tty','-q','-d',
config_file+".gpg"], stdout=subprocess.PIPE)
+                f = sp.stdout
+            parser.readfp(f)
            config.update(dict(parser.items('DEFAULT', raw=True)))
        except (IOError, ConfigParser.ParsingError), e:
            print >> sys.stderr, "Failed to read configuration %s\n%s"
% (config_file, e)
            sys.exit(1)
+
    if not config.get('email') or not config.get('password'):
        auth = netrc().authenticators('google.com')
        if auth:
--
1.5.6.5


--
Alex, homepage: http://www.bennee.com/~alex/
http://www.half-llama.co.uk

Christer Sjöholm

unread,
Mar 23, 2010, 3:31:51 AM3/23/10
to goo...@googlegroups.com
I like the idea!

Have you considered creating a library for having a secure alternative to
.netrc instead of having a secured file per application? I would like
that alot.

Best Regards

* Alex Bennee <kernel...@bennee.com> [2010-03-16 17:04:39 +0000]:

--
Christer Sjöholm
Lövlundsvägen 61B
814 91 Furuvik
Phone: +46 (0)70 2045037

--
Russell King wrote:
> I'll look into it, produce a patch, but I'm not a VM hacker.

You know what a pte is so you're a VM hacker ;-)

- Daniel Phillips on linux-kernel

Reply all
Reply to author
Forward
0 new messages