From 098952b69d5b39ea27bbe544cd85345422d03d80 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 30 May 2006 03:40:34 +0000 Subject: [PATCH] dup (helper + handler + example config) : don't pretend anymore that duplicity can work without any passphrase ; thanks Micah for the bug report --- ChangeLog | 2 ++ NEWS | 2 +- examples/example.dup | 10 ++++++---- handlers/dup | 6 +++--- handlers/dup.helper | 27 +++++++++------------------ 5 files changed, 21 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae871bf..c334bf5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ version 0.9.4 -- unreleased dup: . Fixed improper include/exclude symlink dereference . Removed over zealous vsnames check + . Does not pretend anymore that duplicity can work without + any passphrase sys: . Many more system checks were added, thanks to Petr KlĂ­ma lib changes diff --git a/NEWS b/NEWS index af964be..fbf6654 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,5 @@ WARNING FOR DUPLICITY USERS -Old (pre-0.9.2) example.dup file used to give false information about the way +Old (pre-0.9.4) example.dup file used to give false information about the way the GnuPG-related options are used. Please read the new example.dup file, and update your own configuration files if needed. diff --git a/examples/example.dup b/examples/example.dup index 8a880f8..b906551 100644 --- a/examples/example.dup +++ b/examples/example.dup @@ -12,16 +12,18 @@ nicelevel = 19 ## gpg section ## (how to encrypt and optionally sign the backups) ## -## WARNING: old (pre-0.9.2) example.dup used to give wrong information about +## WARNING: old (pre-0.9.4) example.dup used to give wrong information about ## the way the following options are used. Please read the following ## carefully. ## ## If the encryptkey variable is set: ## - data is encrypted with the GnuPG public key specified by the encryptkey ## variable -## - if signing is enabled, the password variable is used to unlock the GnuPG -## private key used for signing; otherwise, you do not need to set the password -## variable +## - if signing is enabled, data is signed with the GnuPG private +## key specified by the signkey variable +## - the password variable is used to unlock the GnuPG key(s) used +## for encryption and (optionnal) signing +## ## If the encryptkey option is not set: ## - data signing is not possible ## - the password variable is used to encrypt the data with symmetric diff --git a/handlers/dup b/handlers/dup index e490aa5..7c8a7c6 100644 --- a/handlers/dup +++ b/handlers/dup @@ -79,7 +79,6 @@ if [ -n "$encryptkey" ]; then execstr="${execstr}--encrypt-key $encryptkey " debug "Data will be encrypted with the GnuPG key $encryptkey." else - [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption." debug "Data will be encrypted using symmetric encryption." fi @@ -89,14 +88,15 @@ if [ "$sign" == yes ]; then [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing." # if needed, initialize signkey to a value that is not empty (checked above) [ -n "$signkey" ] || signkey="$encryptkey" - # check password validity - [ -n "$password" ] || fatal "The password option must be set when signing." execstr="${execstr}--sign-key $signkey " debug "Data will be signed will the GnuPG key $signkey." else debug "Data won't be signed." fi +# deal with GnuPG passphrase +[ -n "$password" ] || fatal "The password option must be set." + if [ "$keep" != "yes" ]; then if [ "`echo $keep | tr -d 0-9`" == "" ]; then keep="${keep}D" diff --git a/handlers/dup.helper b/handlers/dup.helper index 9fe2718..a18063d 100644 --- a/handlers/dup.helper +++ b/handlers/dup.helper @@ -173,7 +173,7 @@ do_dup_gpg_signkey() { } do_dup_gpg_passphrase() { - local question="Enter the passphrase needed to $@:" + local question="Enter the passphrase needed to unlock the GnuPG key:" REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do passwordBox "$dup_title - GnuPG" "$question" @@ -201,19 +201,8 @@ do_dup_gpg() { fi fi - # a passphrase is only needed when signing, or when symmetric encryption is used - if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then - do_dup_gpg_passphrase "encrypt the backups" - [ $? = 0 ] || return 1 - elif [ "$dup_gpg_sign" == "yes" ]; then - if [ -z "$dup_gpg_signkey" ]; then - do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups" - [ $? = 0 ] || return 1 - else - do_dup_gpg_passphrase "unlock the GnuPG key used to sign the backups" - [ $? = 0 ] || return 1 - fi - fi + # a passphrase is alway needed + do_dup_gpg_passphrase _gpg_done="(DONE)" setDefault adv @@ -278,16 +267,18 @@ testconnect = $dup_testconnect ## gpg section ## (how to encrypt and optionally sign the backups) ## -## WARNING: old (pre-0.9.2) example.dup used to give wrong information about +## WARNING: old (pre-0.9.4) example.dup used to give wrong information about ## the way the following options are used. Please read the following ## carefully. ## ## If the encryptkey variable is set: ## - data is encrypted with the GnuPG public key specified by the encryptkey ## variable -## - if signing is enabled, the password variable is used to unlock the GnuPG -## private key used for signing; otherwise, you do not need to set the password -## variable +## - if signing is enabled, data is signed with the GnuPG private +## key specified by the signkey variable +## - the password variable is used to unlock the GnuPG key(s) used +## for encryption and (optionnal) signing +## ## If the encryptkey option is not set: ## - data signing is not possible ## - the password variable is used to encrypt the data with symmetric -- 2.30.2