X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup.helper;h=7036dd87134aa6e30ee16391cceb5a14d4407da4;hb=cfc47e5571e61f4323b9f64f9cbb64dfbc4bf1b4;hp=7c71ecc42ed817cd91ba34637a0f8d0ea0552119;hpb=b27f7e71b6962bf60ca25405fac9b21557ef9791;p=matthijs%2Fupstream%2Fbackupninja.git

diff --git a/handlers/dup.helper b/handlers/dup.helper
index 7c71ecc..7036dd8 100644
--- a/handlers/dup.helper
+++ b/handlers/dup.helper
@@ -1,3 +1,4 @@
+# -*- mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil; -*-
 HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup"
 
 ### Functions
@@ -8,7 +9,8 @@ do_dup_host_includes() {
    REPLY=
    while [ -z "$REPLY" ]; do
       formBegin "$dup_title - host system: includes"
-         for i in $dup_default_includes; do
+         [ -z "$dup_includes" ] && dup_includes="$dup_default_includes"
+         for i in $dup_includes; do
             formItem include "$i"
 	 done
 	 formItem include ""
@@ -31,7 +33,8 @@ do_dup_vserver() {
    REPLY=
    while [ -z "$REPLY" ]; do
       formBegin "$dup_title - vservers: includes"
-         for i in $dup_default_includes; do
+         [ -z "$dup_vsincludes" ] && dup_vsincludes="$dup_default_includes"
+         for i in $dup_vsincludes; do
             formItem include "$i"
 	 done
 	 formItem include ""
@@ -47,7 +50,8 @@ do_dup_vserver() {
 do_dup_excludes() {
    set -o noglob
    formBegin "$dup_title: excludes"
-     for i in $dup_default_excludes; do
+     [ -z "$dup_excludes" ] && dup_excludes="$dup_default_excludes"
+     for i in $dup_excludes; do
         formItem exclude "$i"
      done
      formItem exclude ""
@@ -96,7 +100,7 @@ do_dup_dest() {
    set -o noglob
    REPLY=
    while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do
-      formBegin "$dup_title - destination: last three items are compulsory"
+      formBegin "$dup_title - destination: first three items are compulsory"
 	formItem "desthost" "$dup_desthost"
 	formItem "destuser" "$dup_destuser"
 	formItem "destdir" "$dup_destdir"
@@ -128,35 +132,88 @@ do_dup_dest() {
    setDefault gpg
 }
 
-do_dup_gpg() {
-   
-   set -o noglob
-
-   # encryptkey ?
+do_dup_gpg_encryptkey() {
    REPLY=
    while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do
-      inputBox "$dup_title - GnuPG" "Enter the GnuPG key ID to be used to encrypt the backups:" "$dup_gpg_encryptkey"
+      inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey"
       [ $? = 0 ] || return 1
       dup_gpg_encryptkey="$REPLY"
    done
+}
+
+do_dup_gpg_sign() {
+   # sign ?
+   booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign"
+   if [ $? = 0 ]; then
+      dup_gpg_sign=yes
+   else
+      dup_gpg_sign=no
+   fi
+}
+
+do_dup_gpg_signkey() {
+   # one key pair ?
+   booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair"
+   if [ $? = 0 ]; then
+      dup_gpg_onekeypair=yes
+   else
+      dup_gpg_onekeypair=no
+   fi
 
-   # passphrase ?
+   if [ "$dup_gpg_onekeypair" == "no" }; then
+      # signkey ?
+      REPLY=
+      while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do
+	 inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey"
+	 [ $? = 0 ] || return 1
+	 dup_gpg_signkey="$REPLY"
+      done
+   fi
+}
+
+do_dup_gpg_passphrase() {
+   local question="Enter the passphrase needed to $@:"
    REPLY=
    while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
-      passwordBox "$dup_title - GnuPG" "Enter the passphrase needed to unlock the key 0x$dup_gpg_encryptkey"
+      passwordBox "$dup_title - GnuPG" "$question"
       [ $? = 0 ] || return 1
       dup_gpg_password="$REPLY"
    done
+}
 
-   # sign ?
-   booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign"
+do_dup_gpg() {
+   
+   # symmetric or public key encryption ?
+   booleanBox "$dup_title - GnuPG" "Use public key encryption? Else, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption"
    if [ $? = 0 ]; then
-      dup_gpg_sign=yes
+      dup_gpg_asymmetric_encryption=yes
    else
-      dup_gpg_sign=no
+      dup_gpg_asymmetric_encryption=no
+   fi
+
+   # when using public/private key pair encryption, ask for the keys to use
+   if [ "$dup_gpg_asymmetric_encryption" == yes ]; then
+      do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1
+      do_dup_gpg_sign ; [ $? = 0 ] || return 1
+      if [ "$dup_gpg_sign" == yes ]; then
+	 do_dup_gpg_signkey ; [ $? = 0 ] || return 1
+      fi
+   fi
+
+   # a passphrase is only needed when signing, or when symmetric encryption is used
+   if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
+	 do_dup_gpg_passphrase "encrypt the backups"
+	 [ $? = 0 ] || return 1
+   elif [ "$dup_gpg_sign" == "yes" ]; then
+      if [ -z "$dup_gpg_signkey" ]; then
+	 do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_signkey key used to sign the backups"
+	 [ $? = 0 ] || return 1
+      else
+	 do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_encryptkey key used to sign the backups"
+	 [ $? = 0 ] || return 1
+      fi
    fi
 
-   set +o noglob
    _gpg_done="(DONE)"
    setDefault adv
    # TODO: replace the above line by the following when do_dup_conn is written
@@ -219,21 +276,42 @@ testconnect = $dup_testconnect
 ######################################################
 ## gpg section
 ## (how to encrypt and optionnally sign the backups)
+##
+## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
+##          the way the following options are used. Please read ahead
+##          carefully.
+##
+## If the encryptkey variable is set:
+##   - data is encrypted with the GnuPG public key specified by the encryptkey
+##     variable
+##   - if signing is enabled, the password variable is used to unlock the GnuPG
+##     private key used for signing; else, you do not need to set the password
+##     variable
+## If the encryptkey option is not set:
+##   - data signing is not possible
+##   - the password variable is used to encrypt the data with symmetric
+##     encryption: no GnuPG key pair is needed
 
 [gpg]
 
-# passphrase needed to unlock the GnuPG key
-# NB: do not quote it, and it should not contain any quote
-password = $dup_gpg_password
-
+# when set to yes, encryptkey variable must be set bellow; if you want to use
+# two different keys for encryption and signing, you must also set the signkey
+# variable bellow.
 # default is no, for backward compatibility with backupninja <= 0.5.
-# when set to yes, encryptkey option must be set below.
 sign = $dup_gpg_sign
 
-# key ID used for data encryption and, optionnally, signing.
-# if not set, local root's default gpg key is used.
+# ID of the GnuPG public key used for data encryption.
+# if not set, symmetric encryption is used, and data signing is not possible.
 encryptkey = $dup_gpg_encryptkey
 
+# ID of the GnuPG private key used for data signing.
+# if not set, encryptkey will be used.
+signkey = $dup_gpg_signkey
+
+# password
+# NB: do not quote it, and it should not contain any quote
+password = $dup_gpg_password
+
 ######################################################
 ## source section
 ## (where the files to be backed up are coming from)
@@ -402,11 +480,9 @@ dup_wizard() {
    _con_done=
    _gpg_done=
    _adv_done=
-   declare -a dup_default_includes
-   declare -a dup_default_excludes
-   declare -a dup_includes
-   declare -a dup_excludes
-   declare -a dup_vsincludes
+   dup_includes=
+   dup_excludes=
+   dup_vsincludes=
    dup_incremental=yes
    dup_keep=60
    dup_bandwidth=
@@ -414,8 +490,11 @@ dup_wizard() {
    dup_destdir="/backups/`hostname`"
    dup_desthost=
    dup_destuser=
-   dup_gpg_sign="yes"
+   dup_gpg_asymmetric_encryption="yes"
    dup_gpg_encryptkey=""
+   dup_gpg_sign="yes"
+   dup_gpg_onekeypair="yes"
+   dup_gpg_signkey=""
    dup_gpg_password=""
    dup_nicelevel=19
    dup_testconnect=yes