cleaner implementation and random chunk length.

lib/ansible/parsing/vault/__init__.py

@@ -22,6 +22,7 @@ import shlex
 import shutil
 import sys
 import tempfile
+import random
 from io import BytesIO
 from subprocess import call
 from ansible.errors import AnsibleError
@@ -235,20 +236,21 @@ class VaultEditor:
         """
         
         file_len = os.path.getsize(tmp_path)
+        max_chunk_len = min(1024*1024*2, file_len)
         
         passes = 3
         with open(tmp_path,  "wb") as fh:
             for _ in range(passes):
                 fh.seek(0,  0)
-                # get a random chunk of data 
+                # get a random chunk of data, each pass with other length
-                data = os.urandom(min(1024*1024*2, file_len)) 
+                chunk_len = random.randint(max_chunk_len/2, max_chunk_len)
-                bytes_todo = file_len
+                data = os.urandom(chunk_len)
-                while bytes_todo > 0:
+                
-                    chunk = data[:bytes_todo]
+                for _ in range(0, file_len // chunk_len):
-                    fh.write(chunk)
+                    fh.write(data)
-                    bytes_todo -= len(chunk)
+                fh.write(data[:file_len % chunk_len])
-                    
+                
-                assert(fh.tell() == file_len)
+                assert(fh.tell() == file_len) # FIXME remove this assert once we have unittests to check its accuracy
                 os.fsync(fh)
         
             
@@ -273,8 +275,7 @@ class VaultEditor:
             r = call(['shred', tmp_path])
         except OSError as e:
             # shred is not available on this system, or some other error occured. 
-            self._shred_file_custom(tmp_path)
+            r = 1
-            r = 0
         
         if r != 0:
             # we could not successfully execute unix shred; therefore, do custom shred.