aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2006-05-30 03:40:34 +0000
committerintrigeri <intrigeri@boum.org>2006-05-30 03:40:34 +0000
commit098952b69d5b39ea27bbe544cd85345422d03d80 (patch)
tree4c332248760119ce5e478b6df19f207ac9430648
parent8439eb67f80b72f74105ac0945328a8645bc54ad (diff)
downloadbackupninja-098952b69d5b39ea27bbe544cd85345422d03d80.tar.gz
backupninja-098952b69d5b39ea27bbe544cd85345422d03d80.tar.bz2
dup (helper + handler + example config) : don't pretend anymore that duplicity
can work without any passphrase ; thanks Micah for the bug report
-rw-r--r--ChangeLog2
-rw-r--r--NEWS2
-rw-r--r--examples/example.dup10
-rw-r--r--handlers/dup6
-rw-r--r--handlers/dup.helper27
5 files changed, 21 insertions, 26 deletions
diff --git a/ChangeLog b/ChangeLog
index ae871bf..c334bf5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,8 @@ version 0.9.4 -- unreleased
dup:
. Fixed improper include/exclude symlink dereference
. Removed over zealous vsnames check
+ . Does not pretend anymore that duplicity can work without
+ any passphrase
sys:
. Many more system checks were added, thanks to Petr Klíma
lib changes
diff --git a/NEWS b/NEWS
index af964be..fbf6654 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,5 @@
WARNING FOR DUPLICITY USERS
-Old (pre-0.9.2) example.dup file used to give false information about the way
+Old (pre-0.9.4) example.dup file used to give false information about the way
the GnuPG-related options are used. Please read the new example.dup file, and
update your own configuration files if needed.
diff --git a/examples/example.dup b/examples/example.dup
index 8a880f8..b906551 100644
--- a/examples/example.dup
+++ b/examples/example.dup
@@ -12,16 +12,18 @@ nicelevel = 19
## gpg section
## (how to encrypt and optionally sign the backups)
##
-## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
## the way the following options are used. Please read the following
## carefully.
##
## If the encryptkey variable is set:
## - data is encrypted with the GnuPG public key specified by the encryptkey
## variable
-## - if signing is enabled, the password variable is used to unlock the GnuPG
-## private key used for signing; otherwise, you do not need to set the password
-## variable
+## - if signing is enabled, data is signed with the GnuPG private
+## key specified by the signkey variable
+## - the password variable is used to unlock the GnuPG key(s) used
+## for encryption and (optionnal) signing
+##
## If the encryptkey option is not set:
## - data signing is not possible
## - the password variable is used to encrypt the data with symmetric
diff --git a/handlers/dup b/handlers/dup
index e490aa5..7c8a7c6 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -79,7 +79,6 @@ if [ -n "$encryptkey" ]; then
execstr="${execstr}--encrypt-key $encryptkey "
debug "Data will be encrypted with the GnuPG key $encryptkey."
else
- [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption."
debug "Data will be encrypted using symmetric encryption."
fi
@@ -89,14 +88,15 @@ if [ "$sign" == yes ]; then
[ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
# if needed, initialize signkey to a value that is not empty (checked above)
[ -n "$signkey" ] || signkey="$encryptkey"
- # check password validity
- [ -n "$password" ] || fatal "The password option must be set when signing."
execstr="${execstr}--sign-key $signkey "
debug "Data will be signed will the GnuPG key $signkey."
else
debug "Data won't be signed."
fi
+# deal with GnuPG passphrase
+[ -n "$password" ] || fatal "The password option must be set."
+
if [ "$keep" != "yes" ]; then
if [ "`echo $keep | tr -d 0-9`" == "" ]; then
keep="${keep}D"
diff --git a/handlers/dup.helper b/handlers/dup.helper
index 9fe2718..a18063d 100644
--- a/handlers/dup.helper
+++ b/handlers/dup.helper
@@ -173,7 +173,7 @@ do_dup_gpg_signkey() {
}
do_dup_gpg_passphrase() {
- local question="Enter the passphrase needed to $@:"
+ local question="Enter the passphrase needed to unlock the GnuPG key:"
REPLY=
while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
passwordBox "$dup_title - GnuPG" "$question"
@@ -201,19 +201,8 @@ do_dup_gpg() {
fi
fi
- # a passphrase is only needed when signing, or when symmetric encryption is used
- if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
- do_dup_gpg_passphrase "encrypt the backups"
- [ $? = 0 ] || return 1
- elif [ "$dup_gpg_sign" == "yes" ]; then
- if [ -z "$dup_gpg_signkey" ]; then
- do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups"
- [ $? = 0 ] || return 1
- else
- do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups"
- [ $? = 0 ] || return 1
- fi
- fi
+ # a passphrase is alway needed
+ do_dup_gpg_passphrase
_gpg_done="(DONE)"
setDefault adv
@@ -278,16 +267,18 @@ testconnect = $dup_testconnect
## gpg section
## (how to encrypt and optionally sign the backups)
##
-## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
## the way the following options are used. Please read the following
## carefully.
##
## If the encryptkey variable is set:
## - data is encrypted with the GnuPG public key specified by the encryptkey
## variable
-## - if signing is enabled, the password variable is used to unlock the GnuPG
-## private key used for signing; otherwise, you do not need to set the password
-## variable
+## - if signing is enabled, data is signed with the GnuPG private
+## key specified by the signkey variable
+## - the password variable is used to unlock the GnuPG key(s) used
+## for encryption and (optionnal) signing
+##
## If the encryptkey option is not set:
## - data signing is not possible
## - the password variable is used to encrypt the data with symmetric