From: intrigeri Date: Tue, 27 Dec 2005 19:38:15 +0000 (+0000) Subject: dup: now possible to use different keys to sign and encrypt X-Git-Tag: backupninja-0.9.2~15 X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;h=e8c8a32ac25f4346f3fa5e21e24801fcf15d3b54;p=matthijs%2Fupstream%2Fbackupninja.git dup: now possible to use different keys to sign and encrypt --- diff --git a/ChangeLog b/ChangeLog index be7fb0f..2c75eca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ version 0.9.2 -- unreleased a nice menu to choose the Vservers to backup (thanks to lib/vserver) added man/ninjahelper.1 man page + duplicity handler: now possible to use different keys to encrypt and + sign version 0.9.1 -- November 05 2005 rearranged source so that it is relocatable with autotools diff --git a/examples/example.dup b/examples/example.dup index 7db7771..88ac28c 100644 --- a/examples/example.dup +++ b/examples/example.dup @@ -19,13 +19,17 @@ nicelevel = 19 password = a_very_complicated_passphrase # default is no, for backward compatibility with backupninja <= 0.5. -# when set to yes, encryptkey option must be set below. +# when set to yes, either signkey or encryptkey option must be set below. sign = yes -# key ID used for data encryption and, optionnally, signing. -# if not set, local root's default gpg key is used. +# key ID used for data encryption. +# if not set, local root's default GnuPG key is used. encryptkey = 04D9EA79 +# key ID used for data signing. +# if not set, encryptkey will be used. +#signkey = 04D9EA79 + ###################################################### ## source section ## (where the files to be backed up are coming from) diff --git a/handlers/dup b/handlers/dup index 79be2fc..c28619d 100644 --- a/handlers/dup +++ b/handlers/dup @@ -11,6 +11,7 @@ setsection gpg getconf password getconf sign no getconf encryptkey +getconf signkey setsection source getconf include @@ -79,11 +80,17 @@ scpoptions="$sshoptions" execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' " -if [ "$encryptkey" == "" ]; then - [ "$sign" != "yes" ] || fatal "encryptkey option must be set when signing." -else - execstr="${execstr}--encrypt-key $encryptkey " - [ "$sign" != "yes" ] || execstr="${execstr}--sign-key $encryptkey " +# if encryptkey is set, add --encrypt-key to the command-line +[ -z "$encryptkey" ] || execstr="${execstr}--encrypt-key $encryptkey " +# if signkey is not set, set it to encryptkey +[ -n "$signkey" ] || signkey="$encryptkey" +# if needed, add --sign-key to command-line +if [ "$sign" == "yes" ]; then + if [ -n "$signkey" ]; then + execstr="${execstr}--sign-key $signkey " + else + fatal "Either encryptkey or signkey option must be set when signing." + fi fi if [ "$keep" != "yes" ]; then