swh.alter.recovery_bundle module#

swh.alter.recovery_bundle.check_call(command: Sequence[str], **kwargs) → CompletedProcess[source]#

class swh.alter.recovery_bundle.Manifest(version: int, removal_identifier: str, created: datetime, requested: List[Origin | ExtendedSWHID], swhids: List[ExtendedSWHID], referencing: List[ExtendedSWHID], decryption_key_shares: Dict[str, str], reason: str | None = None, expire: datetime | None = None)[source]#

Bases: object

Method generated by attrs for class Manifest.

version: int#

removal_identifier: str#

created: datetime#

requested: List[Origin | ExtendedSWHID]#

swhids: List[ExtendedSWHID]#

referencing: List[ExtendedSWHID]#

decryption_key_shares: Dict[str, str]#

reason: str | None#

expire: datetime | None#

dump(stream: TextIO | None = None) → str | None[source]#

classmethod load(str_or_stream: str | TextIO) → Manifest[source]#

exception swh.alter.recovery_bundle.WrongDecryptionKey[source]#: Bases: Exception

swh.alter.recovery_bundle.age_encrypt(public_key: str, cleartext: bytes, armored_output=False) → bytes[source]#

swh.alter.recovery_bundle.age_encrypt_armored(public_key: str, cleartext: bytes) → str[source]#

swh.alter.recovery_bundle.age_decrypt(secret_key: str, ciphertext: bytes | str) → bytes[source]#

swh.alter.recovery_bundle.age_decrypt_from_identity(identity_file: str, ciphertext: bytes | str) → bytes[source]#

swh.alter.recovery_bundle.generate_age_keypair() → Tuple[str, str][source]#

swh.alter.recovery_bundle.list_yubikey_identities() → List[Tuple[str, str]][source]#

class swh.alter.recovery_bundle.SecretSharing(minimum_required_groups: int, groups: Dict[str, _SecretSharingGroup])[source]#

Bases: object

Method generated by attrs for class SecretSharing.

minimum_required_groups: int#

groups: Dict[str, _SecretSharingGroup]#

classmethod from_dict(d: dict) → Self[source]#

property share_ids: Set[str]#

generate_encrypted_shares(identifier: str, secret_key: str) → Dict[str, str][source]#

exception swh.alter.recovery_bundle.SecretRecoveryError[source]#: Bases: Exception

swh.alter.recovery_bundle.recover_object_decryption_key_from_encrypted_shares(encrypted_shares: Dict[str, str], share_decryption_keys_provider: Callable[[], Iterator[Tuple[str, str]]], decrypted_mnemonic_processor: Callable[[str, str | None], None] | None = None, known_mnemonics: List[str] | None = None) → str[source]#

exception swh.alter.recovery_bundle.UnsupportedFeatureException[source]#: Bases: Exception

class swh.alter.recovery_bundle.RecoveryBundle(path: str, object_decryption_key_provider: Callable[[Manifest], str] | None = None)[source]#

Bases: object

property version: int#

property removal_identifier: str#

property created: datetime#

property requested: List[Origin | ExtendedSWHID]#

property swhids: List[ExtendedSWHID]#

property referencing: List[ExtendedSWHID]#

property reason: str | None#

property expire: datetime | None#

property share_ids: Set[str]#

property object_decryption_key: str#

encrypted_secret(share_id: str) → str[source]#

dump_manifest() → str[source]#

get_dict(swhid: ExtendedSWHID) → Dict[str, Any][source]#

write_content_data(swhid: ExtendedSWHID, dest: BinaryIO)[source]#

contents() → Iterator[Content][source]#

skipped_contents() → Iterator[SkippedContent][source]#

directories() → Iterator[Directory][source]#

revisions() → Iterator[Revision][source]#

releases() → Iterator[Release][source]#

snapshots() → Iterator[Snapshot][source]#

origins() → Iterator[Origin][source]#

origin_visits(origin: Origin) → Iterator[OriginVisit][source]#

origin_visit_statuses(origin: Origin) → Iterator[OriginVisitStatus][source]#

raw_extrinsic_metadata() → Iterator[RawExtrinsicMetadata][source]#

extids() → Iterator[ExtID][source]#

get_missing_referenced_objects(storage: StorageInterface) → Set[ExtendedSWHID][source]#

restore(storage: ~swh.storage.interface.StorageInterface, progressbar: ~swh.alter.progressbar.ProgressBarInit = <function no_progressbar>) → Dict[str, int][source]#

rollover(secret_sharing: SecretSharing)[source]#

Update the recovery bundle encrypted shared secrets using the given configuration.

It is useful when a secret holder needs to be added or removed, or to switch to an entirely new scheme.

This method splits the decryption key into new encrypted shares. The decryption key stays the same. The mnemonics will be new.

A new recovery bundle file is created with an updated manifest which then atomically replaces the existing file.

exception swh.alter.recovery_bundle.ContentDataNotFound(swhid: ExtendedSWHID)[source]#

Bases: Exception

Raised when data for a given Content object cannot be retrieved.

class swh.alter.recovery_bundle.RecoveryBundleCreator(path: str, storage: StorageInterface, removal_identifier: str, requested: List[Origin | ExtendedSWHID], referencing: List[ExtendedSWHID], object_public_key: str, decryption_key_shares: Dict[str, str], registration_callback: Callable[[BaseModel], None] | None = None, allow_empty_content_objects: bool = False)[source]#

Bases: object

set_reason(reason: str)[source]#

set_expire(expire: datetime)[source]#

backup_swhids(swhids: ~typing.Iterable[~swh.model.swhids.ExtendedSWHID], progressbar: ~swh.alter.progressbar.ProgressBarInit = <function no_progressbar>) → None[source]#