X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup;h=b6c2bfd2991f77b8ee39471981bbae176c695b42;hb=0d606253af6ecb8ede07b0991a1f295fb70e7e65;hp=79be2fc61fd5f13c078c746fbdd3b63ef43fb4cb;hpb=d5c8686efd9ea9a5c4f8bc8c3566c2e6a0165ace;p=matthijs%2Fupstream%2Fbackupninja.git

diff --git a/handlers/dup b/handlers/dup
index 79be2fc..b6c2bfd 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -1,3 +1,4 @@
+# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
 #
 # duplicity script for backupninja
 # requires duplicity
@@ -11,6 +12,7 @@ setsection gpg
 getconf password
 getconf sign no
 getconf encryptkey
+getconf signkey
 
 setsection source
 getconf include
@@ -30,7 +32,6 @@ destdir=${destdir%/}
 
 [ "$destdir" != "" ] || fatal "Destination directory not set"
 [ "$include" != "" ] || fatal "No source includes specified"
-[ "$password" != "" ] || fatal "No password specified"
 
 ### vservers stuff ###
 
@@ -79,11 +80,27 @@ scpoptions="$sshoptions"
 
 execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
 
-if [ "$encryptkey" == "" ]; then
-    [ "$sign" != "yes" ] || fatal "encryptkey option must be set when signing."
-else
+# deal with symmetric or asymmetric (public/private key pair) encryption
+if [ -n "$encryptkey" ]; then
     execstr="${execstr}--encrypt-key $encryptkey "
-    [ "$sign" != "yes" ] || execstr="${execstr}--sign-key $encryptkey "
+    debug "Data will be encrypted with the GnuPG key $encryptkey."
+else
+    [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption."
+    debug "Data will be encrypted using symmetric encryption."
+fi
+
+# deal with data signing
+if [ "$sign" == yes ]; then
+    # duplicity is not able to sign data when using symmetric encryption
+    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
+    # if needed, initialize signkey to a value that is not empty (checked above)
+    [ -n "$signkey" ] || signkey="$encryptkey"
+    # check password validity
+    [ -n "$password" ] || fatal "The password option must be set when signing."
+    execstr="${execstr}--sign-key $signkey "
+    debug "Data will be signed will the GnuPG key $signkey."
+else
+    debug "Data won't be signed."
 fi
 
 if [ "$keep" != "yes" ]; then