}
do_dup_gpg_passphrase() {
- local question="Enter the passphrase needed to $@:"
+ local question="Enter the passphrase needed to unlock the GnuPG key:"
REPLY=
while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
passwordBox "$dup_title - GnuPG" "$question"
do_dup_gpg() {
# symmetric or public key encryption ?
- booleanBox "$dup_title - GnuPG" "Use public key encryption? Else, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption"
+ booleanBox "$dup_title - GnuPG" "Use public key encryption? Otherwise, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption"
if [ $? = 0 ]; then
dup_gpg_asymmetric_encryption=yes
else
if [ "$dup_gpg_sign" == yes ]; then
do_dup_gpg_signkey ; [ $? = 0 ] || return 1
fi
+ else
+ dup_gpg_sign=no
fi
- # a passphrase is only needed when signing, or when symmetric encryption is used
- if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
- do_dup_gpg_passphrase "encrypt the backups"
- [ $? = 0 ] || return 1
- elif [ "$dup_gpg_sign" == "yes" ]; then
- if [ -z "$dup_gpg_signkey" ]; then
- do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_signkey key used to sign the backups"
- [ $? = 0 ] || return 1
- else
- do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_encryptkey key used to sign the backups"
- [ $? = 0 ] || return 1
- fi
- fi
+ # a passphrase is alway needed
+ do_dup_gpg_passphrase
_gpg_done="(DONE)"
setDefault adv
######################################################
## gpg section
-## (how to encrypt and optionnally sign the backups)
+## (how to encrypt and optionally sign the backups)
##
-## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
-## the way the following options are used. Please read ahead
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
+## the way the following options are used. Please read the following
## carefully.
##
## If the encryptkey variable is set:
## - data is encrypted with the GnuPG public key specified by the encryptkey
## variable
-## - if signing is enabled, the password variable is used to unlock the GnuPG
-## private key used for signing; else, you do not need to set the password
-## variable
+## - if signing is enabled, data is signed with the GnuPG private
+## key specified by the signkey variable
+## - the password variable is used to unlock the GnuPG key(s) used
+## for encryption and (optionnal) signing
+##
## If the encryptkey option is not set:
## - data signing is not possible
## - the password variable is used to encrypt the data with symmetric
[gpg]
-# when set to yes, encryptkey variable must be set bellow; if you want to use
+# when set to yes, encryptkey variable must be set below; if you want to use
# two different keys for encryption and signing, you must also set the signkey
-# variable bellow.
-# default is no, for backward compatibility with backupninja <= 0.5.
+# variable below.
+# default is no, for backwards compatibility with backupninja <= 0.5.
sign = $dup_gpg_sign
# ID of the GnuPG public key used for data encryption.
signkey = $dup_gpg_signkey
# password
-# NB: do not quote it, and it should not contain any quote
+# NB: neither quote this, nor should it include any quotes
password = $dup_gpg_password
######################################################
[source]
+# A few notes about includes and excludes:
+# 1. include, exclude and vsinclude statements support globbing with '*'
+# 2. Symlinks are not dereferenced. Moreover, an include line whose path
+# contains, at any level, a symlink to a directory, will only have the
+# symlink backed-up, not the target directory's content. Yes, you have to
+# dereference yourself the symlinks, or to use 'mount --bind' instead.
+# Example: let's say /home is a symlink to /mnt/crypt/home ; the following
+# line will only backup a "/home" symlink ; neither /home/user nor
+# /home/user/Mail will be backed-up :
+# include = /home/user/Mail
+# A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to
+# write :
+# include = /mnt/crypt/home/user/Mail
+# 3. All the excludes come after all the includes. The order is not otherwise
+# taken into account.
+
# files to include in the backup
-# (supports globbing with '*')
-# BIG FAT WARNING
-# Symlinks are not dereferenced. Moreover, an include line whose path
-# contains, at any level, a symlink to a directory, will only have the
-# symlink backed-up, not the target directory's content. Yes, you have
-# to dereference yourself the symlinks, or to use 'mount --bind'
-# instead.
-# EXAMPLE
-# Let's say /home is a symlink to /mnt/crypt/home ; the following line
-# will only backup a "/home" symlink ; neither /home/user nor
-# /home/user/Mail will be backed-up :
-# include = /home/user/Mail
-# A workaround is to 'mount --bind /mnt/crypt/home /home' ; another
-# one is to write :
-# include = /mnt/crypt/home/user/Mail
EOF
if [ "$host_or_vservers" == host -o "$host_or_vservers" == both ]; then
# vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
# and /vservers/baz/home.
# Vservers paths are derived from $VROOTDIR.
-# vsinclude supports globbing with '*'.
EOF
# excludes
cat >> $next_filename <<EOF
-# rdiff-backup specific comment, TO ADAPT
# files to exclude from the backup
-# (supports globbing with '*')
EOF
set -o noglob
for i in $dup_excludes; do
# Global variables whose '*' shall not be expanded
set -o noglob
dup_default_includes="/var/spool/cron/crontabs /var/backups /etc /root /home /usr/local/*bin /var/lib/dpkg/status*"
- dup_default_excludes="/home/*/.gnupg"
+ dup_default_excludes="/home/*/.gnupg /home/*/.gnupg /home/*/.local/share/Trash /home/*/.Trash /home/*/.thumbnails /home/*/.beagle /home/*/.aMule /home/*/gtk-gnutella-downloads"
set +o noglob
dup_main_menu