- commit
- 4ee1b8ee1f1c99f200ddee59cd34ffd80fd49dea
- parent
- fd072bccd21dca8ae5b5ce87ec6845d8caba19e8
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2026-03-05 16:51
add helper to write bytes with 600 in the first place
Diffstat
| M | xikeyring/keyring.py | 13 | ++++++++++--- |
1 files changed, 10 insertions, 3 deletions
diff --git a/xikeyring/keyring.py b/xikeyring/keyring.py
@@ -30,6 +30,15 @@ class Item: 30 30 app_id: str 31 31 32 32 -1 33 def write_bytes(path: str, data: bytes) -> int: -1 34 flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC -1 35 fd = os.open(path, flags, mode=0o600) -1 36 try: -1 37 return os.write(fd, data) -1 38 finally: -1 39 os.close(fd) -1 40 -1 41 33 42 class Crypt: 34 43 def __init__(self, password: bytes): 35 44 self.password = KernelKey(password) @@ -94,7 +103,6 @@ class Keyring: 94 103 else: 95 104 self.crypt = self._get_crypt() 96 105 self._write({})97 -1 os.chmod(self.path, 0o600)98 106 99 107 def _get_crypt(self): 100 108 # TODO: different messages for create|unlock|retry @@ -127,8 +135,7 @@ class Keyring: 127 135 ] 128 136 decrypted = json.dumps(raw).encode('utf-8') 129 137 encrypted = self.crypt.encrypt(decrypted)130 -1 with open(self.path, 'wb') as fh:131 -1 fh.write(encrypted)-1 138 write_bytes(self.path, encrypted) 132 139 133 140 def confirm_access(self, app_id: str) -> None: 134 141 if not self.prompt.confirm(f'Allow {app_id or "host"} to access a secret from your keyring?'):