From e8c8a32ac25f4346f3fa5e21e24801fcf15d3b54 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Tue, 27 Dec 2005 19:38:15 +0000
Subject: [PATCH] dup: now possible to use different keys to sign and encrypt

---
 ChangeLog            |  2 ++
 examples/example.dup | 10 +++++++---
 handlers/dup         | 17 ++++++++++++-----
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index be7fb0f..2c75eca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,8 @@ version 0.9.2 -- unreleased
 		a nice menu to choose the Vservers to backup (thanks to
 		lib/vserver)
 	added man/ninjahelper.1 man page
+	duplicity handler: now possible to use different keys to encrypt and
+		sign
 	
 version 0.9.1 -- November 05 2005
 	rearranged source so that it is relocatable with autotools
diff --git a/examples/example.dup b/examples/example.dup
index 7db7771..88ac28c 100644
--- a/examples/example.dup
+++ b/examples/example.dup
@@ -19,13 +19,17 @@ nicelevel = 19
 password = a_very_complicated_passphrase
 
 # default is no, for backward compatibility with backupninja <= 0.5.
-# when set to yes, encryptkey option must be set below.
+# when set to yes, either signkey or encryptkey option must be set below.
 sign = yes
 
-# key ID used for data encryption and, optionnally, signing.
-# if not set, local root's default gpg key is used.
+# key ID used for data encryption.
+# if not set, local root's default GnuPG key is used.
 encryptkey = 04D9EA79
 
+# key ID used for data signing.
+# if not set, encryptkey will be used.
+#signkey = 04D9EA79
+
 ######################################################
 ## source section
 ## (where the files to be backed up are coming from)
diff --git a/handlers/dup b/handlers/dup
index 79be2fc..c28619d 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -11,6 +11,7 @@ setsection gpg
 getconf password
 getconf sign no
 getconf encryptkey
+getconf signkey
 
 setsection source
 getconf include
@@ -79,11 +80,17 @@ scpoptions="$sshoptions"
 
 execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
 
-if [ "$encryptkey" == "" ]; then
-    [ "$sign" != "yes" ] || fatal "encryptkey option must be set when signing."
-else
-    execstr="${execstr}--encrypt-key $encryptkey "
-    [ "$sign" != "yes" ] || execstr="${execstr}--sign-key $encryptkey "
+# if encryptkey is set, add --encrypt-key to the command-line
+[ -z "$encryptkey" ] || execstr="${execstr}--encrypt-key $encryptkey "
+# if signkey is not set, set it to encryptkey
+[ -n "$signkey" ] || signkey="$encryptkey"
+# if needed, add --sign-key to command-line
+if [ "$sign" == "yes" ]; then
+    if [ -n "$signkey" ]; then
+	execstr="${execstr}--sign-key $signkey "
+    else
+	fatal "Either encryptkey or signkey option must be set when signing."
+    fi
 fi
 
 if [ "$keep" != "yes" ]; then
-- 
2.30.2