From 4212b9544538b4d94d50bc9fb4553e7e2c77042c Mon Sep 17 00:00:00 2001 From: Kushal Das Date: Tue, 13 Nov 2018 11:41:57 +0530 Subject: [PATCH 1/2] Fixes #132 removes the temporary file --- securedrop_client/crypto.py | 1 + 1 file changed, 1 insertion(+) diff --git a/securedrop_client/crypto.py b/securedrop_client/crypto.py index 937e2f231..43d40d846 100644 --- a/securedrop_client/crypto.py +++ b/securedrop_client/crypto.py @@ -48,6 +48,7 @@ def decrypt_submission_or_reply(filepath, target_filename, home_dir, logger.error("GPG error: {}".format(msg)) os.unlink(err.name) + os.unlink(out.name) dest = "" else: if is_doc: From 6ff708cf422facf59872d52b282ae64846622742 Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Tue, 13 Nov 2018 13:12:13 -0800 Subject: [PATCH 2/2] Minor fixes in handling of decrypt stdout stderr tempfiles out is a tempfile.NamedTemporaryFile created with delete=True, (default) so it'll get up deleted on disk once the file is closed. err is a tempfile.NamedTemporaryFile created with delete=False, so we'll need to delete it after closing it. This commit just makes sure both err and out are deleted after use. It also adds some comments for clarity. --- securedrop_client/crypto.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/securedrop_client/crypto.py b/securedrop_client/crypto.py index 43d40d846..8bb50920e 100644 --- a/securedrop_client/crypto.py +++ b/securedrop_client/crypto.py @@ -40,7 +40,10 @@ def decrypt_submission_or_reply(filepath, target_filename, home_dir, os.unlink(filepath) # original file if res != 0: + # The out tempfile will be automatically deleted after closing. out.close() + # The err tempfile was created with delete=False, so needs to + # be explicitly cleaned up. We will do that after we've read the file. err.close() with open(err.name) as e: @@ -48,9 +51,12 @@ def decrypt_submission_or_reply(filepath, target_filename, home_dir, logger.error("GPG error: {}".format(msg)) os.unlink(err.name) - os.unlink(out.name) dest = "" else: + # Cleanup err file + err.close() + os.unlink(err.name) + if is_doc: # Docs are gzipped, so gunzip the file with gzip.open(out.name, 'rb') as infile: @@ -69,8 +75,8 @@ def decrypt_submission_or_reply(filepath, target_filename, home_dir, dest = os.path.join(home_dir, "data", fn_no_ext) shutil.copy(out.name, dest) + # Now close to automatically delete the out tempfile. out.close() - err.close() logger.info("Downloaded and decrypted: {}".format(dest)) return res, dest