X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fbackupninja.git;a=blobdiff_plain;f=handlers%2Fdup.helper;h=eee025666b562a9fa10b6242a097e8b25be78e39;hp=9fe27180b31042d8af7d107391f9cd198ef85c41;hb=be75e4e6c536882c14db9a41c61585e7a9c045f6;hpb=3313ebbd62ab9b71fba375499a85e9bca87ba030

diff --git a/handlers/dup.helper b/handlers/dup.helper
index 9fe2718..eee0256 100644
--- a/handlers/dup.helper
+++ b/handlers/dup.helper
@@ -173,7 +173,7 @@ do_dup_gpg_signkey() {
 }
 
 do_dup_gpg_passphrase() {
-   local question="Enter the passphrase needed to $@:"
+   local question="Enter the passphrase needed to unlock the GnuPG key:"
    REPLY=
    while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
       passwordBox "$dup_title - GnuPG" "$question"
@@ -199,21 +199,12 @@ do_dup_gpg() {
       if [ "$dup_gpg_sign" == yes ]; then
 	 do_dup_gpg_signkey ; [ $? = 0 ] || return 1
       fi
+   else
+      dup_gpg_sign=no
    fi
 
-   # a passphrase is only needed when signing, or when symmetric encryption is used
-   if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
-	 do_dup_gpg_passphrase "encrypt the backups"
-	 [ $? = 0 ] || return 1
-   elif [ "$dup_gpg_sign" == "yes" ]; then
-      if [ -z "$dup_gpg_signkey" ]; then
-	 do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups"
-	 [ $? = 0 ] || return 1
-      else
-	 do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups"
-	 [ $? = 0 ] || return 1
-      fi
-   fi
+   # a passphrase is alway needed
+   do_dup_gpg_passphrase
 
    _gpg_done="(DONE)"
    setDefault adv
@@ -278,16 +269,18 @@ testconnect = $dup_testconnect
 ## gpg section
 ## (how to encrypt and optionally sign the backups)
 ##
-## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
 ##          the way the following options are used. Please read the following
 ##          carefully.
 ##
 ## If the encryptkey variable is set:
 ##   - data is encrypted with the GnuPG public key specified by the encryptkey
 ##     variable
-##   - if signing is enabled, the password variable is used to unlock the GnuPG
-##     private key used for signing; otherwise, you do not need to set the password
-##     variable
+##   - if signing is enabled, data is signed with the GnuPG private
+##     key specified by the signkey variable
+##   - the password variable is used to unlock the GnuPG key(s) used
+##     for encryption and (optionnal) signing
+##
 ## If the encryptkey option is not set:
 ##   - data signing is not possible
 ##   - the password variable is used to encrypt the data with symmetric
@@ -319,22 +312,23 @@ password = $dup_gpg_password
 
 [source]
 
+# A few notes about includes and excludes:
+# 1. include, exclude and vsinclude statements support globbing with '*'
+# 2. Symlinks are not dereferenced. Moreover, an include line whose path
+#    contains, at any level, a symlink to a directory, will only have the
+#    symlink backed-up, not the target directory's content. Yes, you have to
+#    dereference yourself the symlinks, or to use 'mount --bind' instead.
+#    Example: let's say /home is a symlink to /mnt/crypt/home ; the following
+#    line will only backup a "/home" symlink ; neither /home/user nor
+#    /home/user/Mail will be backed-up :
+#      include = /home/user/Mail
+#    A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to
+#    write :
+#      include = /mnt/crypt/home/user/Mail
+# 3. All the excludes come after all the includes. The order is not otherwise
+#    taken into account.
+
 # files to include in the backup
-# (supports globbing with '*')
-# BIG FAT WARNING
-# Symlinks are not dereferenced. Moreover, an include line whose path
-# contains, at any level, a symlink to a directory, will only have the
-# symlink backed-up, not the target directory's content. Yes, you have
-# to dereference yourself the symlinks, or to use 'mount --bind'
-# instead.
-# EXAMPLE
-# Let's say /home is a symlink to /mnt/crypt/home ; the following line
-# will only backup a "/home" symlink ; neither /home/user nor
-# /home/user/Mail will be backed-up :
-#   include = /home/user/Mail
-# A workaround is to 'mount --bind /mnt/crypt/home /home' ; another
-# one is to write :
-#   include = /mnt/crypt/home/user/Mail
 EOF
 
    if [ "$host_or_vservers" == host -o "$host_or_vservers" == both ]; then
@@ -361,7 +355,6 @@ EOF
 # vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
 # and /vservers/baz/home.
 # Vservers paths are derived from $VROOTDIR.
-# vsinclude supports globbing with '*'.
 
 EOF
 
@@ -377,9 +370,7 @@ EOF
    # excludes
    cat >> $next_filename <<EOF
 
-# rdiff-backup specific comment, TO ADAPT
 # files to exclude from the backup
-# (supports globbing with '*')
 EOF
     set -o noglob
     for i in $dup_excludes; do
@@ -410,8 +401,10 @@ keep = $dup_keep
 #bandwidthlimit = 128
 bandwidthlimit = $dup_bandwidth
 
-# passed directly to ssh and scp
-#sshoptions = -i /root/.ssh/id_dsa_duplicity
+# passed directly to ssh, scp (and sftp in duplicity >=0.4.2)
+# warning: sftp does not support all scp options, especially -i; as
+# a workaround, you can use "-o <SSHOPTION>"
+#sshoptions = -o IdentityFile=/root/.ssh/id_dsa_duplicity
 sshoptions = $dup_sshoptions
 
 # put the backups under this directory