diff options
| author | Jake Hunsaker <jhunsake@redhat.com> | 2018-05-25 13:38:27 -0400 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2018-07-12 14:36:39 +0100 |
| commit | 7b475f1da0f843b20437896737be04cc1c7bbc0a (patch) | |
| tree | 82d3040f2a793a5033c3e988c94eb0003a37e05c /man | |
| parent | 0a76861b9690889b59a95161af473e62c962c787 (diff) | |
| download | sos-7b475f1da0f843b20437896737be04cc1c7bbc0a.tar.gz | |
[sosreport] Add mechanism to encrypt final archive
Adds an option to encrypt the resulting archive that sos generates.
There are two methods for doing so:
--encrypt-key Uses a key-pair for asymmetric encryption
--encrypt-pass Uses a password for symmetric encryption
For key-pair encryption, the key-to-be-used must be imported into the
root user's keyring, as gpg does not allow for the use of keyfiles.
If the encryption process fails, sos will not abort as the unencrypted
archive will have already been created. The assumption being that the
archive is still of use and/or the user has another means of encrypting
it.
Resolves: #1320
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Diffstat (limited to 'man')
| -rw-r--r-- | man/en/sosreport.1 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/man/en/sosreport.1 b/man/en/sosreport.1 index b0adcd8b..b6051edc 100644 --- a/man/en/sosreport.1 +++ b/man/en/sosreport.1 @@ -22,6 +22,8 @@ sosreport \- Collect and package diagnostic and support data [--log-size]\fR [--all-logs]\fR [-z|--compression-type method]\fR + [--encrypt-key KEY]\fR + [--encrypt-pass PASS]\fR [--experimental]\fR [-h|--help]\fR @@ -120,6 +122,32 @@ increase the size of reports. .B \-z, \--compression-type METHOD Override the default compression type specified by the active policy. .TP +.B \--encrypt-key KEY +Encrypts the resulting archive that sosreport produces using GPG. KEY must be +an existing key in the user's keyring as GPG does not allow for keyfiles. +KEY can be any value accepted by gpg's 'recipient' option. + +Note that the user running sosreport must match the user owning the keyring +from which keys will be obtained. In particular this means that if sudo is +used to run sosreport, the keyring must also be set up using sudo +(or direct shell access to the account). + +Users should be aware that encrypting the final archive will result in sos +using double the amount of temporary disk space - the encrypted archive must be +written as a separate, rather than replacement, file within the temp directory +that sos writes the archive to. However, since the encrypted archive will be +the same size as the original archive, there is no additional space consumption +once the temporary directory is removed at the end of execution. + +This means that only the encrypted archive is present on disk after sos +finishes running. + +If encryption fails for any reason, the original unencrypted archive is +preserved instead. +.TP +.B \--encrypt-pass PASS +The same as \--encrypt-key, but use the provided PASS for symmetric encryption +rather than key-pair encryption. .TP .B \--batch Generate archive without prompting for interactive input. |