Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #105350
| Path | csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail |
|---|---|
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Subject | Re: Using SSL socket as stdin for subprocess.Popen |
| Date | Mon, 21 Mar 2016 22:36:32 +1100 |
| Lines | 30 |
| Message-ID | <mailman.437.1458560200.12893.python-list@python.org> (permalink) |
| References | <56ED901A.5060704@gmail.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8 |
| X-Trace | news.uni-berlin.de byeG37JSNXm+5GgQhj3RGQO0mmHlaX8z0HnsV1VS+VwA== |
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.006 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'received:209.85.223': 0.03; 'static': 0.03; 'essentially': 0.04; 'subject:skip:s 10': 0.05; 'keys,': 0.07; 'cc:addr:python-list': 0.09; 'here?': 0.09; 'output': 0.13; 'server,': 0.15; '2016': 0.16; 'encryption': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'hmm.': 0.16; 'port"': 0.16; 'receive.': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'ssh': 0.16; 'stuff,': 0.16; 'subject:SSL': 0.16; 'wrote:': 0.16; 'ssl': 0.18; 'shell': 0.18; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; 'prevent': 0.20; 'pipe': 0.22; 'am,': 0.23; 'seems': 0.23; 'header:In-Reply-To:1': 0.24; 'script': 0.25; "i've": 0.25; 'command': 0.26; 'message- id:@mail.gmail.com': 0.27; 'another.': 0.29; 'selecting': 0.29; 'allows': 0.30; "i'm": 0.30; 'server.': 0.30; 'common': 0.33; 'ca,': 0.33; 'received:google.com': 0.35; 'could': 0.35; 'machines': 0.35; 'quite': 0.35; 'something': 0.35; 'instead': 0.36; 'received:209.85': 0.36; 'assigned': 0.36; 'subject:: ': 0.37; 'client': 0.37; 'things': 0.38; 'doing': 0.38; 'received:209': 0.38; 'someone': 0.38; 'data': 0.39; 'whatever': 0.39; 'your': 0.60; 'details': 0.62; 'more': 0.63; 'trusted': 0.64; 'between': 0.65; 'mar': 0.65; '20,': 0.66; 'backup': 0.66; 'user,': 0.67; 'obvious': 0.76; 'chrisa': 0.84; "it'd": 0.84; 'piping': 0.84; 'snapshots': 0.84; 'subject:Using': 0.84; 'verifying': 0.84; 'to:none': 0.91; '4:44': 0.91; 'certificates': 0.91 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc; bh=GP17hjO8IwkM3DpKL8z+VIhC59vBAJCVdeUJ1b7OAgU=; b=BBl2ftt8Ykxkp4b2sJRHQXhx0ulKAiiyhf7vyaOAVetZmp/7jaOCDnKMtgqhWpY1H3 cWMGYwSaM7SAmFgqOh96JBuX8TjZzI4z6s1Lr5nIdjHPQjs0BLbyLZGOvReZSm6lXWM7 A/BcUyDJJuejF3jKDZTNj4s8shA9C/t3pyR7YQjvVPCKsEXA3y5qI2qlKtC2x55q1Yye jlwHM0rwnWp3qiiTAjkqlfcXWniaIelvHqiDOn9/89fTLzeBqOzbmu+ipDzOPvuwO2kR 2ar2QHGYfotbY4FsTLKYo8wZa7j6Nkd1FAHMbE8KtJtEfVoyKtQAmZ2FzMoScwAP8zlr 0AAg== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:cc; bh=GP17hjO8IwkM3DpKL8z+VIhC59vBAJCVdeUJ1b7OAgU=; b=mYiLP5CpB23BQMPJx8zX9aQSyRkdeQZyfIfb+KjbudqQJXEuZfVPtAUQD5shmGFDB+ 7KkaUbDwnRDxy5BvQnJimNfoH1Sds4ROlEPvZRuBlBIghRg+EuH6GaFOysrAWh8wvreM zkekLw7zRA80TNYTr/FIi1dpZ/RjpjdqWv0DW6A0bvWcVg/SWNuowuavlXu2WGNK2boI Y+of12BNwjG2Qfkamcst5TNIYydnwFU/ah53hGgQ/UxwVB5MdUve2jlv6/lIoUZwOE1e Fdff6WTReOkN0vIzjfQ5vddgN4RrYYDh3Zfy51wrTmF9i6I1w4BJdQ9YZ1uKPyqTo+pJ rRPw== |
| X-Gm-Message-State | AD7BkJICC5DZ9ccTdJyyW+grtvHzSZLq95Ch2EeGyp/hFFEdyj8J3YOA/WT/A6YWT6d8UT1uop4MWaXq/XR3cg== |
| X-Received | by 10.107.169.105 with SMTP id s102mr1568418ioe.19.1458560192579; Mon, 21 Mar 2016 04:36:32 -0700 (PDT) |
| In-Reply-To | <56ED901A.5060704@gmail.com> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Xref | csiph.com comp.lang.python:105350 |
Show key headers only | View raw
On Sun, Mar 20, 2016 at 4:44 AM, Matt Ruffalo <matt.ruffalo@gmail.com> wrote: > Hi all- > > I'm writing a backup client for automating the synchronization of btrfs > snapshots between machines -- essentially piping the output of `btrfs > send` on my laptop/desktop to `btrfs receive` on a server. I've been > doing this manually for quite a while, and something automated would be > much more convenient. > ... > I've been using SSL for the communication between the client and server, > both in a static "control port" and a dynamic data port that is assigned > for each individual call to btrfs send | btrfs receive. In addition to > verifying the client certificates against a trusted CA, this also allows > things like selecting the backup destination based on the common name in > the client cert. > [snip details of subprocess.Popen issues] Hmm. Any particular reason you're not using SSH here? That seems like the most obvious way to pipe the output of a command on one computer into a command on another. Instead of verifying client certificates, you'd have a set of authorized public keys, and you could prevent shell access by using your custom script as the shell of a dedicated user - so it'd be something like "btrfs send|ssh backup@server". Whenever I need to encrypt stuff, I try to let someone else do all the work :) Whatever shell is used for that user, it will get "btrfs send" piped into it, and all the authentication and encryption is completely invisible. ChrisA
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Using SSL socket as stdin for subprocess.Popen Chris Angelico <rosuav@gmail.com> - 2016-03-21 22:36 +1100
csiph-web