X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup;h=1b899da1fe1dd0b676f1b3177218811b7db721b9;hb=cfc47e5571e61f4323b9f64f9cbb64dfbc4bf1b4;hp=c28619d08ccb9ec5d5a8a30af3a10a8b81475346;hpb=e8c8a32ac25f4346f3fa5e21e24801fcf15d3b54;p=matthijs%2Fupstream%2Fbackupninja.git

diff --git a/handlers/dup b/handlers/dup
index c28619d..1b899da 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -1,3 +1,4 @@
+# -*- mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil; -*-
 #
 # duplicity script for backupninja
 # requires duplicity
@@ -31,7 +32,6 @@ destdir=${destdir%/}
 
 [ "$destdir" != "" ] || fatal "Destination directory not set"
 [ "$include" != "" ] || fatal "No source includes specified"
-[ "$password" != "" ] || fatal "No password specified"
 
 ### vservers stuff ###
 
@@ -80,17 +80,27 @@ scpoptions="$sshoptions"
 
 execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
 
-# if encryptkey is set, add --encrypt-key to the command-line
-[ -z "$encryptkey" ] || execstr="${execstr}--encrypt-key $encryptkey "
-# if signkey is not set, set it to encryptkey
-[ -n "$signkey" ] || signkey="$encryptkey"
-# if needed, add --sign-key to command-line
-if [ "$sign" == "yes" ]; then
-    if [ -n "$signkey" ]; then
-	execstr="${execstr}--sign-key $signkey "
-    else
-	fatal "Either encryptkey or signkey option must be set when signing."
-    fi
+# deal with symmetric or asymmetric (public/private key pair) encryption
+if [ -n "$encryptkey" ]; then
+    execstr="${execstr}--encrypt-key $encryptkey "
+    debug "Data will be encrypted with the GnuPG key $encryptkey."
+else
+    [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption."
+    debug "Data will be encrypted using symmetric encryption."
+fi
+
+# deal with data signing
+if [ "$sign" == yes ]; then
+    # duplicity is not able to sign data when using symmetric encryption
+    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
+    # if needed, initialize signkey to a value that is not empty (checked above)
+    [ -n "$signkey" ] || signkey="$encryptkey"
+    # check password validity
+    [ -n "$password" ] || fatal "The password option must be set when signing."
+    execstr="${execstr}--sign-key $signkey "
+    debug "Data will be signed will the GnuPG key $signkey."
+else
+    debug "Data won't be signed."
 fi
 
 if [ "$keep" != "yes" ]; then