Support duplicity >= 0.4.3 invocation syntax

[matthijs/upstream/backupninja.git] / handlers / dup.in

# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
#
# duplicity script for backupninja
# requires duplicity
#

getconf options
getconf testconnect yes
getconf nicelevel 0

setsection gpg
getconf password
getconf sign no
getconf encryptkey
getconf signkey

setsection source
getconf include
getconf vsnames all
getconf vsinclude
getconf exclude

setsection dest
getconf incremental yes
getconf keep 60
getconf sshoptions
getconf bandwidthlimit 0
getconf desthost
getconf destdir
getconf destuser
destdir=${destdir%/}

[ "$destdir" != "" ] || fatal "Destination directory not set"
[ "$include" != "" ] || fatal "No source includes specified"

### vservers stuff ###

# If vservers are configured, check that the ones listed in $vsnames do exist.
local usevserver=no
if [ $vservers_are_available = yes ]; then
   if [ "$vsnames" = all ]; then
      vsnames="$found_vservers"
   else
      if ! vservers_exist "$vsnames" ; then
            fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
      fi
   fi
   if [ -n "$vsinclude" ]; then
      info "Using vservers '$vsnames'"
      usevserver=yes
   fi
else
   [ -z "$vsinclude" ] || warning 'vservers support disabled in backupninja.conf, vsincludes configuration lines will be ignored'
fi


### see if we can login ###

if [ "$testconnect" == "yes" ]; then
    debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
    if [ ! $test ]; then
        result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
        if [ "$result" != "1" ]; then
            fatal "Can't connect to $desthost as $destuser."
        else
            debug "Connected to $desthost as $destuser successfully"
        fi
    fi
fi

### COMMAND-LINE MANGLING ###

duplicity_version="`duplicity --version | @AWK@ '{print $2}'`"
duplicity_major="`echo $duplicity_version | @AWK@ -F '.' '{print $1}'`"
duplicity_minor="`echo $duplicity_version | @AWK@ -F '.' '{print $2}'`"
duplicity_sub="`echo $duplicity_version | @AWK@ -F '.' '{print $3}'`"

# 1. duplicity >= 0.4.2 needs --sftp-command (NB: sftp does not support the -l option)
# 2. duplicity >= 0.4.3 replaces --ssh-command with --ssh-options, which:
#      - is passed to scp and sftp commands by duplicity
#      - has a special syntax we can not feed the command line with
#    so we don't use it: since this version does not use the ssh command anymore,
#    we keep compatibility with our previous config files by passing $sshoptions to
#    --scp-command and --sftp-command ourselves

scpoptions="$sshoptions"
[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"

execstr="$options --no-print-statistics "

# < 0.4.2 : only uses ssh and scp
if [ "$duplicity_major" -le 0 -a "$duplicity_minor" -le 4 -a "$duplicity_sub" -le 2 ]; then
   execstr="$execstr --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
# >= 0.4.2 : also uses sftp, --sftp-command option is now supported
else
   sftpoptions="$sshoptions"
   # == 0.4.2 : uses ssh, scp and sftp
   if [ "$duplicity_major" -eq 0 -a "$duplicity_minor" -eq 4 -a "$duplicity_sub" -eq 2 ]; then
      execstr="$execstr --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions' --ssh-command 'ssh $sshoptions' "
   # >= 0.4.3 : uses only scp and sftp, --ssh-command option is not supported anymore
   else
      execstr="$execstr --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions' "
   fi
fi

# deal with symmetric or asymmetric (public/private key pair) encryption
if [ -n "$encryptkey" ]; then
    execstr="${execstr}--encrypt-key $encryptkey "
    debug "Data will be encrypted with the GnuPG key $encryptkey."
else
    debug "Data will be encrypted using symmetric encryption."
fi

# deal with data signing
if [ "$sign" == yes ]; then
    # duplicity is not able to sign data when using symmetric encryption
    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
    # if needed, initialize signkey to a value that is not empty (checked above)
    [ -n "$signkey" ] || signkey="$encryptkey"
    execstr="${execstr}--sign-key $signkey "
    debug "Data will be signed will the GnuPG key $signkey."
else
    debug "Data won't be signed."
fi

# deal with GnuPG passphrase
[ -n "$password" ] || fatal "The password option must be set."

if [ "$keep" != "yes" ]; then
    if [ "`echo $keep | tr -d 0-9`" == "" ]; then
        keep="${keep}D"
    fi
    execstr="${execstr}--remove-older-than $keep "
fi

if [ "$incremental" == "no" ]; then
    execstr="${execstr}--full "
fi

execstr_serverpart="scp://$destuser@$desthost/$destdir"
execstr_clientpart="/"

### SOURCE ###

set -o noglob

# excludes
for i in $exclude; do
   str="${i//__star__/*}"
   execstr="${execstr}--exclude '$str' "
done
        
# includes 
for i in $include; do
   [ "$i" != "/" ] || fatal "Sorry, you cannot use 'include = /'"
   str="${i//__star__/*}"
   execstr="${execstr}--include '$str' "
done

# vsincludes
if [ $usevserver = yes ]; then
   for vserver in $vsnames; do
      for vi in $vsinclude; do
         str="${vi//__star__/*}"
         str="$VROOTDIR/$vserver$str"
         execstr="${execstr}--include '$str' "
      done
   done
fi

set +o noglob

### EXECUTE ###

execstr=${execstr//\\*/\\\\\\*}

debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
if [ ! $test ]; then
        export PASSPHRASE=$password
        output=`nice -n $nicelevel \
                  su -c \
                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
        code=$?
        if [ $code -eq 0 ]; then
                debug $output
                info "Duplicity finished successfully."
        else
                debug $output
                fatal "Duplicity failed."
        fi
fi      

return 0