pkern · March 3, 2013 22:12
diff --git a/recover_git_annex.py b/recover_git_annex.py
 #!/usr/bin/env python
 # vim:set encoding=utf-8:
 # GistID: 5078559
 #
 # Requirements: python2 (>= 2.7), python-git
 #
 # Copyright ⓒ  2013 Philipp Kern <[email protected]>
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
 #
 # The above copyright notice and this permission notice shall be included in
 # all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.

 from __future__ import print_function
 from collections import namedtuple
 import argparse
 import base64
 import git
 import hashlib
 import hmac
 import os
 import subprocess
 import sys
 import tempfile

 AnnexRemote = namedtuple('AnnexRemote', ['uuid', 'cipher', 'cipherkeys', 'name'])
 Key = namedtuple('Key', ['hmac', 'key'])

 def remotes(path):
    remote_log = [blob for blob in git.Repo(path).tree('git-annex')
        if isinstance(blob, git.Blob) and blob.name == 'remote.log']
    assert len(remote_log) == 1
    remote_log = remote_log[0]
    for remote in remote_log.data_stream.read().splitlines():
        config = remote.split(' ')
        config_hash = dict()
        config_hash['uuid'], config = config[0], config[1:]
        for config_item in config:
            key, value = config_item.split('=', 1)
            if key in ['cipher', 'cipherkeys', 'name']:
                config_hash[key] = value
        yield AnnexRemote(**config_hash)

 def key_for_remote(path, remote_name):
    for remote in remotes(path):
        if remote.name == remote_name:
            with tempfile.TemporaryFile() as keyblob:
                keyblob.write("-----BEGIN PGP MESSAGE-----\n\n")
                keyblob.write(remote.cipher)
                keyblob.write("\n-----END PGP MESSAGE-----\n")
                keyblob.seek(0)
                key = subprocess.check_output(['gpg', '--decrypt', '--batch', '--use-agent'], stdin=keyblob)
                return key
    raise RuntimeError, 'remote {0} not found in {1}'.format(remote_name, path)

 def split_key(key):
    return Key(hmac=key[:256], key=key[256:])

 def decrypt_file(key, input_filename, output_filename):
    with tempfile.NamedTemporaryFile() as keyfile:
        fd = os.open(keyfile.name, os.O_RDONLY)
        keyfile.write(key.key)
        keyfile.seek(0)
        subprocess.Popen(['gpg', '-o', output_filename, '--decrypt', '--batch', '--passphrase-fd', str(fd), input_filename], close_fds=False).communicate()

 def generate_gpghmacsha1_content_key(key, filename):
    return hmac.new(key.hmac, filename, hashlib.sha1).hexdigest()

 def main():
    parser = argparse.ArgumentParser(description='Helps you recover some git-annex data.')
    parser.add_argument('repo_path', nargs=1)
    parser.add_argument('remote_name', nargs=1)
    parser.add_argument('--encrypted-content-key', metavar='PLAIN-CONTENT-KEY')
    parser.add_argument('--decrypt-file', nargs=2,
        metavar=('ENCRYPTED-INPUT-FILE', 'DECRYPTED-OUTPUT-FILE'))

    args = parser.parse_args()
    key = split_key(key_for_remote(args.repo_path[0], args.remote_name[0]))
    if args.encrypted_content_key:
        print("GPGHMACSHA1--" + generate_gpghmacsha1_content_key(key, args.encrypted_content_key))
    elif args.decrypt_file:
        print(decrypt_file(key, args.decrypt_file[0], args.decrypt_file[1]))
    else:
        print("error: nothing to do", file=sys.stderr)
        return 1
    return 0

 if __name__ == '__main__':
    sys.exit(main())
	#!/usr/bin/env python
	# vim:set encoding=utf-8:
	# GistID: 5078559
	#
	# Requirements: python2 (>= 2.7), python-git
	#
	# Copyright ⓒ 2013 Philipp Kern <[email protected]>
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be included in
	# all copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	# SOFTWARE.

	from __future__ import print_function
	from collections import namedtuple
	import argparse
	import base64
	import git
	import hashlib
	import hmac
	import os
	import subprocess
	import sys
	import tempfile

	AnnexRemote = namedtuple('AnnexRemote', ['uuid', 'cipher', 'cipherkeys', 'name'])
	Key = namedtuple('Key', ['hmac', 'key'])

	def remotes(path):
	remote_log = [blob for blob in git.Repo(path).tree('git-annex')
	if isinstance(blob, git.Blob) and blob.name == 'remote.log']
	assert len(remote_log) == 1
	remote_log = remote_log[0]
	for remote in remote_log.data_stream.read().splitlines():
	config = remote.split(' ')
	config_hash = dict()
	config_hash['uuid'], config = config[0], config[1:]
	for config_item in config:
	key, value = config_item.split('=', 1)
	if key in ['cipher', 'cipherkeys', 'name']:
	config_hash[key] = value
	yield AnnexRemote(**config_hash)

	def key_for_remote(path, remote_name):
	for remote in remotes(path):
	if remote.name == remote_name:
	with tempfile.TemporaryFile() as keyblob:
	keyblob.write("-----BEGIN PGP MESSAGE-----\n\n")
	keyblob.write(remote.cipher)
	keyblob.write("\n-----END PGP MESSAGE-----\n")
	keyblob.seek(0)
	key = subprocess.check_output(['gpg', '--decrypt', '--batch', '--use-agent'], stdin=keyblob)
	return key
	raise RuntimeError, 'remote {0} not found in {1}'.format(remote_name, path)

	def split_key(key):
	return Key(hmac=key[:256], key=key[256:])

	def decrypt_file(key, input_filename, output_filename):
	with tempfile.NamedTemporaryFile() as keyfile:
	fd = os.open(keyfile.name, os.O_RDONLY)
	keyfile.write(key.key)
	keyfile.seek(0)
	subprocess.Popen(['gpg', '-o', output_filename, '--decrypt', '--batch', '--passphrase-fd', str(fd), input_filename], close_fds=False).communicate()

	def generate_gpghmacsha1_content_key(key, filename):
	return hmac.new(key.hmac, filename, hashlib.sha1).hexdigest()

	def main():
	parser = argparse.ArgumentParser(description='Helps you recover some git-annex data.')
	parser.add_argument('repo_path', nargs=1)
	parser.add_argument('remote_name', nargs=1)
	parser.add_argument('--encrypted-content-key', metavar='PLAIN-CONTENT-KEY')
	parser.add_argument('--decrypt-file', nargs=2,
	metavar=('ENCRYPTED-INPUT-FILE', 'DECRYPTED-OUTPUT-FILE'))

	args = parser.parse_args()
	key = split_key(key_for_remote(args.repo_path[0], args.remote_name[0]))
	if args.encrypted_content_key:
	print("GPGHMACSHA1--" + generate_gpghmacsha1_content_key(key, args.encrypted_content_key))
	elif args.decrypt_file:
	print(decrypt_file(key, args.decrypt_file[0], args.decrypt_file[1]))
	else:
	print("error: nothing to do", file=sys.stderr)
	return 1
	return 0

	if __name__ == '__main__':
	sys.exit(main())