duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] gpg key password asked for backup after verify

From: Raphael Bauduin
Subject: Re: [Duplicity-talk] gpg key password asked for backup after verify
Date: Wed, 24 May 2017 13:17:13 +0200


On Wed, May 24, 2017 at 12:19 PM, edgar.soldin--- via Duplicity-talk <address@hidden> wrote:
On 24.05.2017 11:28, Raphael Bauduin via Duplicity-talk wrote:
> Hi,
>
> I had encrypted backups working fine for weeks on a server. As the encryption uses the public key, it doesn't ask for a password.
>
> Then I did a duplicity verify, which requires the gpg private key, and asks for a password.
> The verify went fine, but since then the gpg key password is also asked for backups, preventing the automation.... I'm nearly sure this is linked
>
> I have removed the duplicity cache in ~/.cache/duplicity, but to no avail....
>
> Any suggestion?
>

1.
are you using duply?

no
 

2.
what is your backup command line?

 LC_ALL=en_US /bin/duplicity   inc --encrypt-key 'XXXX' --exclude /root/.cache/duplicity --exclude  /home/backups --exclude /home/restore --exclude /backups  --include /home/sftp --include /etc --include /home --include /root --exclude '**' / par2+rsync://rsync/duplicity/   --verbosity debug

 

3.
what's the language locale of your os?

I'm forcing it to en_US, which worked fine.

Investigating further, I think I might have deleted the cache before I did the verify. So not sure which one causes what.
I took a look at the code. Here is the code in question asking for the password when the cache was empty, where I added a print:
            if local_missing and (rem_needpass or loc_needpass):
                if decrypt:
                    # password for the --encrypt-key
                    print "local_missing = %s,--  %s, -- %s" % (local_missing, rem_needpass, loc_needpass)
                    globals.gpg_profile.passphrase = get_passphrase(1, "sync")

local_missing was a set of .sigtar.gpg files, rem_needpass was True and loc_needpass was False.

Now I have done a backup manually (providing the key password), I have the else clause below asking for the password although the action is inc:

    elif (action == "inc" and
          (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) and not
          globals.gpg_profile.sign_key and not globals.restart):
        return ""

    # Finally, ask the user for the passphrase
    else:
        print "action = "" % action
        log.Info(_("PASSPHRASE variable not set, asking user."))
        use_cache = True


globals.gpg_profile.recipients is my encryption key id, globals.gpg_profile.sign_key is None, but globals.restart= <__main__.Restart instance at 0x13a8518>

So it seems that the globals.restart is set and makes the code skip the action == "inc" part.

Any idea what the problem might be?

Thanks

 

..ede/duply.net

_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk



--
Web database: http://www.myowndb.com
Free Software Developers Meeting: http://www.fosdem.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]