X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup;h=bbdb0aeff2dc4bddaa75f538e438603c7807dbc2;hb=c6c3cc98b476fdd575ef52b9e1b63c380828e8f3;hp=22f915f53306f45a78765b447ad77f4faa893005;hpb=bfe530dc59b9cec4a0cbdfdaafb5addb0e4484b2;p=matthijs%2Fupstream%2Fbackupninja.git

diff --git a/handlers/dup b/handlers/dup
index 22f915f..bbdb0ae 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -11,6 +11,7 @@ setsection gpg
 getconf password
 getconf sign no
 getconf encryptkey
+getconf signkey
 
 setsection source
 getconf include
@@ -19,6 +20,7 @@ getconf vsinclude
 getconf exclude
 
 setsection dest
+getconf incremental yes
 getconf keep 60
 getconf sshoptions
 getconf bandwidthlimit 0
@@ -29,7 +31,6 @@ destdir=${destdir%/}
 
 [ "$destdir" != "" ] || fatal "Destination directory not set"
 [ "$include" != "" ] || fatal "No source includes specified"
-[ "$password" != "" ] || fatal "No password specified"
 
 ### vservers stuff ###
 
@@ -78,11 +79,27 @@ scpoptions="$sshoptions"
 
 execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
 
-if [ "$encryptkey" == "" ]; then
-    [ "$sign" != "yes" ] || fatal "encryptkey option must be set when signing."
-else
+# deal with symmetric or asymmetric (public/private key pair) encryption
+if [ -n "$encryptkey" ]; then
     execstr="${execstr}--encrypt-key $encryptkey "
-    [ "$sign" != "yes" ] || execstr="${execstr}--sign-key $encryptkey "
+    debug "Data will be encrypted with the GnuPG key $encryptkey."
+else
+    [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption."
+    debug "Data will be encrypted using symmetric encryption."
+fi
+
+# deal with data signing
+if [ "$sign" == yes ]; then
+    # duplicity is not able to sign data when using symmetric encryption
+    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
+    # if needed, initialize signkey to a value that is not empty (checked above)
+    [ -n "$signkey" ] || signkey="$encryptkey"
+    # check password validity
+    [ -n "$password" ] || fatal "The password option must be set when signing."
+    execstr="${execstr}--sign-key $signkey "
+    debug "Data will be signed will the GnuPG key $signkey."
+else
+    debug "Data won't be signed."
 fi
 
 if [ "$keep" != "yes" ]; then
@@ -92,6 +109,10 @@ if [ "$keep" != "yes" ]; then
     execstr="${execstr}--remove-older-than $keep "
 fi
 
+if [ "$incremental" == "no" ]; then
+    execstr="${execstr}--full "
+fi
+
 execstr_serverpart="scp://$destuser@$desthost/$destdir"
 execstr_clientpart="/"
 
@@ -100,13 +121,13 @@ execstr_clientpart="/"
 # excludes
 for i in $exclude; do
 	str="${i//__star__/*}"
-	execstr="${execstr}--exclude $str "
+	execstr="${execstr}--exclude '$str' "
 done
 	
 # includes 
 for i in $include; do
 	str="${i//__star__/*}"
-	execstr="${execstr}--include $str "
+	execstr="${execstr}--include '$str' "
 done
 
 # vsincludes
@@ -131,17 +152,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
 	output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
 	code=$?
-	if [ "$code" == "0" ]; then
+	if [ $code -eq 0 ]; then
 		debug $output
 		info "Duplicity finished successfully."
 	else
-		warning $output
-		warning "Duplicity failed."
+		debug $output
+		fatal "Duplicity failed."
 	fi
 fi