summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/Bcfg2/Options.py6
-rwxr-xr-xsrc/sbin/bcfg2-crypt18
2 files changed, 20 insertions, 4 deletions
diff --git a/src/lib/Bcfg2/Options.py b/src/lib/Bcfg2/Options.py
index e617e3e38..34f4b2bc6 100644
--- a/src/lib/Bcfg2/Options.py
+++ b/src/lib/Bcfg2/Options.py
@@ -907,6 +907,11 @@ DECRYPT = \
default=False,
cmd='--decrypt',
long_arg=True)
+DECRYPT_STDOUT = \
+ Option('Decrypt the specified file to stdout',
+ default=False,
+ cmd='--stdout',
+ long_arg=True)
CRYPT_PASSPHRASE = \
Option('Encryption passphrase (name or passphrase)',
default=None,
@@ -963,6 +968,7 @@ SERVER_COMMON_OPTIONS = dict(repo=SERVER_REPOSITORY,
CRYPT_OPTIONS = dict(encrypt=ENCRYPT,
decrypt=DECRYPT,
+ decrypt_stdout=DECRYPT_STDOUT,
passphrase=CRYPT_PASSPHRASE,
xpath=CRYPT_XPATH,
properties=CRYPT_PROPERTIES,
diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt
index a40bab994..cb1b956fb 100755
--- a/src/sbin/bcfg2-crypt
+++ b/src/sbin/bcfg2-crypt
@@ -321,8 +321,8 @@ def main():
if not setup['args']:
print(setup.hm)
raise SystemExit(1)
- elif setup['encrypt'] and setup['decrypt']:
- print("You cannot specify both --encrypt) and --decrypt")
+ elif setup['encrypt'] and (setup['decrypt_stdout'] or setup['decrypt']):
+ print("You cannot specify both --encrypt and --decrypt or --stdout")
raise SystemExit(1)
elif setup['cfg'] and setup['properties']:
print("You cannot specify both --cfg and --properties")
@@ -375,9 +375,19 @@ def main():
if setup['encrypt']:
if not encryptor.encrypt(fname):
print("Failed to encrypt %s, skipping" % fname)
- elif setup['decrypt']:
- if not encryptor.decrypt(fname):
+ elif setup['decrypt'] or setup['decrypt_stdout']:
+ data = encryptor.decrypt(fname)
+ if not data:
print("Failed to decrypt %s, skipping" % fname)
+ continue
+ if setup['decrypt_stdout']:
+ if len(setup['args']) > 1:
+ print("----- %s -----" % fname)
+ print(data)
+ if len(setup['args']) > 1:
+ print("")
+ else:
+ encryptor.write_decrypted(fname, data=data)
else:
logger.info("Neither --encrypt nor --decrypt specified, "
"determining mode")