diff options
author | intrigeri <intrigeri@boum.org> | 2006-05-30 03:40:34 +0000 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2006-05-30 03:40:34 +0000 |
commit | 098952b69d5b39ea27bbe544cd85345422d03d80 (patch) | |
tree | 4c332248760119ce5e478b6df19f207ac9430648 | |
parent | 8439eb67f80b72f74105ac0945328a8645bc54ad (diff) | |
download | backupninja-098952b69d5b39ea27bbe544cd85345422d03d80.tar.gz backupninja-098952b69d5b39ea27bbe544cd85345422d03d80.tar.bz2 |
dup (helper + handler + example config) : don't pretend anymore that duplicity
can work without any passphrase ; thanks Micah for the bug report
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | examples/example.dup | 10 | ||||
-rw-r--r-- | handlers/dup | 6 | ||||
-rw-r--r-- | handlers/dup.helper | 27 |
5 files changed, 21 insertions, 26 deletions
@@ -23,6 +23,8 @@ version 0.9.4 -- unreleased dup: . Fixed improper include/exclude symlink dereference . Removed over zealous vsnames check + . Does not pretend anymore that duplicity can work without + any passphrase sys: . Many more system checks were added, thanks to Petr Klíma lib changes @@ -1,5 +1,5 @@ WARNING FOR DUPLICITY USERS -Old (pre-0.9.2) example.dup file used to give false information about the way +Old (pre-0.9.4) example.dup file used to give false information about the way the GnuPG-related options are used. Please read the new example.dup file, and update your own configuration files if needed. diff --git a/examples/example.dup b/examples/example.dup index 8a880f8..b906551 100644 --- a/examples/example.dup +++ b/examples/example.dup @@ -12,16 +12,18 @@ nicelevel = 19 ## gpg section ## (how to encrypt and optionally sign the backups) ## -## WARNING: old (pre-0.9.2) example.dup used to give wrong information about +## WARNING: old (pre-0.9.4) example.dup used to give wrong information about ## the way the following options are used. Please read the following ## carefully. ## ## If the encryptkey variable is set: ## - data is encrypted with the GnuPG public key specified by the encryptkey ## variable -## - if signing is enabled, the password variable is used to unlock the GnuPG -## private key used for signing; otherwise, you do not need to set the password -## variable +## - if signing is enabled, data is signed with the GnuPG private +## key specified by the signkey variable +## - the password variable is used to unlock the GnuPG key(s) used +## for encryption and (optionnal) signing +## ## If the encryptkey option is not set: ## - data signing is not possible ## - the password variable is used to encrypt the data with symmetric diff --git a/handlers/dup b/handlers/dup index e490aa5..7c8a7c6 100644 --- a/handlers/dup +++ b/handlers/dup @@ -79,7 +79,6 @@ if [ -n "$encryptkey" ]; then execstr="${execstr}--encrypt-key $encryptkey " debug "Data will be encrypted with the GnuPG key $encryptkey." else - [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption." debug "Data will be encrypted using symmetric encryption." fi @@ -89,14 +88,15 @@ if [ "$sign" == yes ]; then [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing." # if needed, initialize signkey to a value that is not empty (checked above) [ -n "$signkey" ] || signkey="$encryptkey" - # check password validity - [ -n "$password" ] || fatal "The password option must be set when signing." execstr="${execstr}--sign-key $signkey " debug "Data will be signed will the GnuPG key $signkey." else debug "Data won't be signed." fi +# deal with GnuPG passphrase +[ -n "$password" ] || fatal "The password option must be set." + if [ "$keep" != "yes" ]; then if [ "`echo $keep | tr -d 0-9`" == "" ]; then keep="${keep}D" diff --git a/handlers/dup.helper b/handlers/dup.helper index 9fe2718..a18063d 100644 --- a/handlers/dup.helper +++ b/handlers/dup.helper @@ -173,7 +173,7 @@ do_dup_gpg_signkey() { } do_dup_gpg_passphrase() { - local question="Enter the passphrase needed to $@:" + local question="Enter the passphrase needed to unlock the GnuPG key:" REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do passwordBox "$dup_title - GnuPG" "$question" @@ -201,19 +201,8 @@ do_dup_gpg() { fi fi - # a passphrase is only needed when signing, or when symmetric encryption is used - if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then - do_dup_gpg_passphrase "encrypt the backups" - [ $? = 0 ] || return 1 - elif [ "$dup_gpg_sign" == "yes" ]; then - if [ -z "$dup_gpg_signkey" ]; then - do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups" - [ $? = 0 ] || return 1 - else - do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups" - [ $? = 0 ] || return 1 - fi - fi + # a passphrase is alway needed + do_dup_gpg_passphrase _gpg_done="(DONE)" setDefault adv @@ -278,16 +267,18 @@ testconnect = $dup_testconnect ## gpg section ## (how to encrypt and optionally sign the backups) ## -## WARNING: old (pre-0.9.2) example.dup used to give wrong information about +## WARNING: old (pre-0.9.4) example.dup used to give wrong information about ## the way the following options are used. Please read the following ## carefully. ## ## If the encryptkey variable is set: ## - data is encrypted with the GnuPG public key specified by the encryptkey ## variable -## - if signing is enabled, the password variable is used to unlock the GnuPG -## private key used for signing; otherwise, you do not need to set the password -## variable +## - if signing is enabled, data is signed with the GnuPG private +## key specified by the signkey variable +## - the password variable is used to unlock the GnuPG key(s) used +## for encryption and (optionnal) signing +## ## If the encryptkey option is not set: ## - data signing is not possible ## - the password variable is used to encrypt the data with symmetric |