dup: now possible to use different keys to sign and encrypt

[matthijs/upstream/backupninja.git] / handlers / dup

diff --git a/handlers/dup b/handlers/dup
index 3b4d0323947d4e84775e262a6b1a189c98b95915..c28619d08ccb9ec5d5a8a30af3a10a8b81475346 100644 (file)
--- a/handlers/dup
+++ b/handlers/dup
@@ -11,6 +11,7 @@ setsection gpg
 getconf password
 getconf sign no
 getconf encryptkey
+getconf signkey
 
 setsection source
 getconf include
@@ -19,6 +20,7 @@ getconf vsinclude
 getconf exclude
 
 setsection dest
+getconf incremental yes
 getconf keep 60
 getconf sshoptions
 getconf bandwidthlimit 0
@@ -39,7 +41,7 @@ if [ "$vservers" == "yes" ]; then
     [ -d "$VROOTDIR" ] || fatal "vservers enabled, but $VROOTDIR does not exist!"
     if [ "$vsnames" == "all" ]; then
        vsnames=""
-       for vserver in `ls $VROOTDIR | grep -v lost+found | grep -v ARCHIVES`; do
+       for vserver in `ls $VROOTDIR | grep -E -v "lost+found|ARCHIVES"`; do
            vsnames="$vserver $vsnames"
        done
     else
@@ -62,7 +64,7 @@ fi
 if [ "$testconnect" == "yes" ]; then
     debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
     if [ ! $test ]; then
-       result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1' 2>&1`
+       result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
        if [ "$result" != "1" ]; then
            fatal "Can't connect to $desthost as $destuser."
        else
@@ -78,11 +80,17 @@ scpoptions="$sshoptions"
 
 execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
 
-if [ "$encryptkey" == "" ]; then
-    [ "$sign" != "yes" ] || fatal "encryptkey option must be set when signing."
-else
-    execstr="${execstr}--encrypt-key $encryptkey "
-    [ "$sign" != "yes" ] || execstr="${execstr}--sign-key $encryptkey "
+# if encryptkey is set, add --encrypt-key to the command-line
+[ -z "$encryptkey" ] || execstr="${execstr}--encrypt-key $encryptkey "
+# if signkey is not set, set it to encryptkey
+[ -n "$signkey" ] || signkey="$encryptkey"
+# if needed, add --sign-key to command-line
+if [ "$sign" == "yes" ]; then
+    if [ -n "$signkey" ]; then
+       execstr="${execstr}--sign-key $signkey "
+    else
+       fatal "Either encryptkey or signkey option must be set when signing."
+    fi
 fi
 
 if [ "$keep" != "yes" ]; then
@@ -92,6 +100,10 @@ if [ "$keep" != "yes" ]; then
     execstr="${execstr}--remove-older-than $keep "
 fi
 
+if [ "$incremental" == "no" ]; then
+    execstr="${execstr}--full "
+fi
+
 execstr_serverpart="scp://$destuser@$desthost/$destdir"
 execstr_clientpart="/"
 
@@ -100,13 +112,13 @@ execstr_clientpart="/"
 # excludes
 for i in $exclude; do
        str="${i//__star__/*}"
-       execstr="${execstr}--exclude $str "
+       execstr="${execstr}--exclude '$str' "
 done
        
 # includes 
 for i in $include; do
        str="${i//__star__/*}"
-       execstr="${execstr}--include $str "
+       execstr="${execstr}--include '$str' "
 done
 
 # vsincludes
@@ -131,17 +143,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
        output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
        code=$?
-       if [ "$code" == "0" ]; then
+       if [ $code -eq 0 ]; then
                debug $output
                info "Duplicity finished successfully."
        else
-               warning $output
-               warning "Duplicity failed."
+               debug $output
+               fatal "Duplicity failed."
        fi
 fi