First version that somewhat works
This commit is contained in:
commit
e08b6c8472
|
@ -0,0 +1,12 @@
|
|||
# GPGFS
|
||||
|
||||
GPG encryption for synchronized folders.
|
||||
|
||||
# File structure
|
||||
|
||||
gpgfs/a/b
|
||||
gpgfs/index
|
||||
|
||||
# Dependencies
|
||||
|
||||
pip install python-gnupg fusepy
|
|
@ -0,0 +1,322 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import fuse # fusepy
|
||||
import gnupg # python-gnupg
|
||||
import zlib
|
||||
from errno import ENOENT, EACCES, ENOSYS, ENODATA
|
||||
import stat
|
||||
from binascii import hexlify
|
||||
import os
|
||||
import sys
|
||||
import logging
|
||||
import struct
|
||||
import time
|
||||
from cStringIO import StringIO
|
||||
|
||||
magic = 'GPGFS1\n'
|
||||
|
||||
def decrypt(gpg, path):
|
||||
data = file(path).read()
|
||||
if not data:
|
||||
return data
|
||||
res = gpg.decrypt(data)
|
||||
if not res.ok:
|
||||
raise IOError, "decryption failed, %s" % path
|
||||
data = zlib.decompress(res.data)
|
||||
return data
|
||||
|
||||
def encrypt(gpg, keyid, path, data):
|
||||
data = zlib.compress(data, 1)
|
||||
res = gpg.encrypt(data, keyid, armor=False)
|
||||
if not res.ok:
|
||||
raise IOError, "encryption failed, keyid %s, path %s" % (keyid, path)
|
||||
with file(path, 'w') as fd:
|
||||
fd.write(res.data)
|
||||
|
||||
class Entry:
|
||||
'''
|
||||
Filesystem object, either file or directory.
|
||||
'''
|
||||
def __init__(self, **kwargs):
|
||||
for k,v in kwargs.iteritems():
|
||||
setattr(self, k, v)
|
||||
|
||||
# entry types:
|
||||
ENT_FILE = 0
|
||||
ENT_DIR = 1
|
||||
|
||||
def read_index(gpg, path):
|
||||
data = decrypt(gpg, path)
|
||||
buf = StringIO(data)
|
||||
if buf.read(len(magic)) != magic:
|
||||
raise IOError, 'index parse error: %s' % path
|
||||
read_atom(buf)
|
||||
root = Entry(**read_dict(buf))
|
||||
return root
|
||||
|
||||
def write_index(gpg, keyid, path, root):
|
||||
buf = StringIO()
|
||||
buf.write(magic)
|
||||
header = ''
|
||||
write_atom(buf, header)
|
||||
write_dict(buf, root)
|
||||
encrypt(gpg, keyid, path, buf.getvalue())
|
||||
|
||||
def write_dict(fd, dct):
|
||||
# breadth-first
|
||||
children = []
|
||||
buf = StringIO()
|
||||
if not isinstance(dct, dict):
|
||||
dct = dct.__dict__
|
||||
for key in dct:
|
||||
write_atom(buf, key.encode('utf8'))
|
||||
val = dct[key]
|
||||
if isinstance(val, dict):
|
||||
buf.write('D')
|
||||
children.append(val)
|
||||
elif isinstance(val, Entry):
|
||||
buf.write('E')
|
||||
children.append(val)
|
||||
elif isinstance(val, int):
|
||||
buf.write('I')
|
||||
buf.write(struct.pack('<I', val))
|
||||
elif isinstance(val, str):
|
||||
buf.write('S')
|
||||
write_atom(buf, val)
|
||||
elif isinstance(val, unicode):
|
||||
buf.write('U')
|
||||
write_atom(buf, val.encode('utf8'))
|
||||
else:
|
||||
raise TypeError, val
|
||||
write_atom(fd, buf.getvalue())
|
||||
for c in children:
|
||||
write_dict(fd, c)
|
||||
|
||||
def read_dict(fd):
|
||||
dct = {}
|
||||
buf = read_atom(fd)
|
||||
buflen = len(buf)
|
||||
buf = StringIO(buf)
|
||||
while buf.tell() < buflen:
|
||||
key = read_atom(buf).decode('utf8')
|
||||
tag = buf.read(1)
|
||||
if tag == 'D': val = read_dict(fd)
|
||||
elif tag == 'E': val = Entry(**read_dict(fd))
|
||||
elif tag == 'I': val = struct.unpack('<I', buf.read(4))[0]
|
||||
elif tag == 'S': val = read_atom(buf)
|
||||
elif tag == 'U': val = read_atom(buf).decode('utf8')
|
||||
else: raise TypeError, tag
|
||||
dct[key] = val
|
||||
return dct
|
||||
|
||||
def write_atom(fd, atom):
|
||||
assert isinstance(atom, str)
|
||||
fd.write(struct.pack('<I', len(atom)))
|
||||
fd.write(atom)
|
||||
|
||||
def read_atom(fd):
|
||||
return fd.read(struct.unpack('<I', fd.read(4))[0])
|
||||
|
||||
class LoggingMixIn:
|
||||
log = logging.getLogger('gpgfs')
|
||||
|
||||
def __call__(self, op, path, *args):
|
||||
if op=='write':
|
||||
atxt = ' '.join([repr(args[0])[:10], repr(args[1]), repr(args[2])])
|
||||
else:
|
||||
atxt = ' '.join(map(repr, args))
|
||||
self.log.debug('-> %s %s %s', op, path, atxt)
|
||||
ret = '[Unhandled Exception]'
|
||||
try:
|
||||
ret = getattr(self, op)(path, *args)
|
||||
return ret
|
||||
except OSError, e:
|
||||
ret = str(e)
|
||||
raise
|
||||
finally:
|
||||
rtxt = repr(ret)
|
||||
if op=='read':
|
||||
rtxt = rtxt[:10]
|
||||
self.log.debug('<- %s %s', op, rtxt)
|
||||
|
||||
#class GpgFs(LoggingMixIn, fuse.Operations):
|
||||
class GpgFs(fuse.Operations):
|
||||
|
||||
def __init__(self, encroot, keyid):
|
||||
'''
|
||||
:param encroot: Encrypted root directory
|
||||
'''
|
||||
self.encroot = encroot
|
||||
self.keyid = keyid
|
||||
#self.cache = cache
|
||||
self.gpg = gnupg.GPG()
|
||||
self.index_path = encroot + '/index'
|
||||
if os.path.exists(self.index_path):
|
||||
self.root = read_index(self.gpg, self.index_path)
|
||||
else:
|
||||
self.root = Entry(type=ENT_DIR, children={},
|
||||
st_mtime=int(time.time()),
|
||||
st_ctime=int(time.time()))
|
||||
self._write_index()
|
||||
logging.info('created %s', self.index_path)
|
||||
self.fd = 0
|
||||
self.write_path = None
|
||||
self.write_buf = []
|
||||
self.write_pos = 0
|
||||
self.write_dirty = False
|
||||
|
||||
def _write_index(self):
|
||||
write_index(self.gpg, self.keyid, self.index_path, self.root)
|
||||
|
||||
def _find(self, path, parent=False):
|
||||
assert path.startswith('/')
|
||||
if path == '/':
|
||||
return self.root
|
||||
node = self.root
|
||||
path = path[1:].split('/')
|
||||
if parent:
|
||||
path = path[:-1]
|
||||
for name in path:
|
||||
node = node.children[name]
|
||||
return node
|
||||
|
||||
def chmod(self, path, mode):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def chown(self, path, uid, gid):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def create(self, path, mode):
|
||||
encpath = hexlify(os.urandom(20))
|
||||
encpath = encpath[:2] + '/' + encpath[2:]
|
||||
dir = self._find(path, parent=True)
|
||||
path = path.rsplit('/', 1)[-1]
|
||||
assert path not in dir.children
|
||||
dir.children[path] = Entry(type=ENT_FILE, path=encpath, st_size=0)
|
||||
logging.debug('new path %s => %s', path, encpath)
|
||||
encdir = self.encroot + '/' + encpath[:2]
|
||||
if not os.path.exists(encdir):
|
||||
os.mkdir(encdir, 0755)
|
||||
with file(self.encroot + '/' + encpath, 'w'):
|
||||
pass
|
||||
self._write_index()
|
||||
self.fd += 1
|
||||
return self.fd
|
||||
|
||||
def flush(self, path, fh):
|
||||
logging.debug('flush %s', path)
|
||||
if not (path is not None and
|
||||
path == self.write_path and self.write_dirty):
|
||||
return 0
|
||||
ent = self._find(path)
|
||||
encpath = self.encroot + '/' + ent.path
|
||||
buf = ''.join(self.write_buf)
|
||||
encrypt(self.gpg, self.keyid, encpath, buf)
|
||||
ent.st_size = len(buf)
|
||||
self._write_index()
|
||||
self.write_buf = [buf]
|
||||
self.write_dirty = False
|
||||
return 0
|
||||
|
||||
def getattr(self, path, fh = None):
|
||||
try:
|
||||
ent = self._find(path)
|
||||
except KeyError:
|
||||
raise fuse.FuseOSError(ENOENT)
|
||||
if ent.type == ENT_DIR:
|
||||
return dict(st_mode = stat.S_IFDIR | 0755, st_size = 0,
|
||||
st_ctime = ent.st_ctime, st_mtime = ent.st_mtime,
|
||||
st_atime = 0, st_nlink = 3)
|
||||
encpath = self.encroot + '/' + ent.path
|
||||
s = os.stat(encpath)
|
||||
return dict(st_mode = s.st_mode, st_size = ent.st_size,
|
||||
st_atime = s.st_atime, st_mtime = s.st_mtime,
|
||||
st_ctime = s.st_ctime, st_nlink = s.st_nlink)
|
||||
|
||||
def getxattr(self, path, name, position = 0):
|
||||
raise fuse.FuseOSError(ENODATA) # ENOATTR
|
||||
|
||||
def listxattr(self, path):
|
||||
return []
|
||||
|
||||
def mkdir(self, path, mode):
|
||||
dir = self._find(path, parent=True)
|
||||
path = path.rsplit('/', 1)[-1]
|
||||
assert path not in dir.children
|
||||
dir.children[path] = Entry(type=ENT_DIR, children={},
|
||||
st_mtime=int(time.time()),
|
||||
st_ctime=int(time.time()))
|
||||
self._write_index()
|
||||
|
||||
def open(self, path, flags):
|
||||
return 0
|
||||
|
||||
def read(self, path, size, offset, fh):
|
||||
ent = self._find(path)
|
||||
assert ent.type == ENT_FILE
|
||||
encpath = self.encroot + '/' + ent.path
|
||||
data = decrypt(self.gpg, encpath)
|
||||
return data[offset:offset + size]
|
||||
|
||||
def readdir(self, path, fh):
|
||||
dir = self._find(path)
|
||||
return ['.', '..'] + list(dir.children)
|
||||
|
||||
def readlink(self, path):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def removexattr(self, path, name):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def rename(self, old, new):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def rmdir(self, path):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def setxattr(self, path, name, value, options, position = 0):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def statfs(self, path):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def symlink(self, target, source):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def truncate(self, path, length, fh = None):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def unlink(self, path, times = None):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def utimens(self, path, times = None):
|
||||
raise fuse.FuseOSError(ENOSYS)
|
||||
|
||||
def write(self, path, data, offset, fh):
|
||||
ent = self._find(path)
|
||||
encpath = self.encroot + '/' + ent.path
|
||||
if path != self.write_path:
|
||||
self.flush(self.write_path, None)
|
||||
buf = decrypt(self.gpg, encpath)
|
||||
self.write_buf = [buf]
|
||||
self.write_pos = len(buf)
|
||||
self.write_path = path
|
||||
if offset == self.write_pos:
|
||||
self.write_buf.append(data)
|
||||
self.write_pos += len(data)
|
||||
else:
|
||||
buf = ''.join(self.write_buf)
|
||||
buf = buf[:offset] + data + buf[offset + len(data):]
|
||||
self.write_buf = [buf]
|
||||
self.write_pos = len(buf)
|
||||
self.write_dirty = True
|
||||
return len(data)
|
||||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 4:
|
||||
sys.stderr.write('Usage: gpgfs <gpg_keyid> <encrypted_root> <mountpoint>\n')
|
||||
sys.exit(1)
|
||||
logging.basicConfig(level=logging.DEBUG)
|
||||
logging.getLogger('gnupg').setLevel(logging.INFO)
|
||||
fs = GpgFs(sys.argv[2], sys.argv[1])
|
||||
fuse.FUSE(fs, sys.argv[3], foreground=True)
|
Loading…
Reference in New Issue