duplicity-team team mailing list archive

Thread
Date
Re: [Merge] lp:~lekensteyn/duplicity/multipass into lp:duplicity

To: mp+64307@xxxxxxxxxxxxxxxxxx
From: edso <edgar.soldin@xxxxxx>
Date: Sun, 12 Jun 2011 16:11:18 -0000
In-reply-to: <20110612150136.28468.21279.codereview@wampee.canonical.com>
Reply-to: mp+64307@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx
On 12.06.2011 17:01, Lekensteyn wrote:
> Review: Needs Fixing
>> On 11.06.2011 18:21, Lekensteyn wrote:
>>> Lekensteyn has proposed merging lp:~lekensteyn/duplicity/multipass into
>> lp:duplicity.
>>>
>>> Requested reviews:
>>>   duplicity-team (duplicity-team)
>>> Related bugs:
>>>   Bug #684025 in ProjectStats: "Funktionalität von aus den Games in die
>> Tabellen verlagern"
>>>   https://bugs.launchpad.net/projectstats/+bug/684025
>>>   Bug #793096 in Duplicity: "Allow to pass different passwords for --sign-
>> key and --encrypt-key"
>>>   https://bugs.launchpad.net/duplicity/+bug/793096
>>>
>>> For more details, see:
>>> https://code.launchpad.net/~lekensteyn/duplicity/multipass/+merge/64307
>>>
>>> Enables the use of a different passphrase for the GPG signing and encryption
>> key. (Closes #793096)
>>> Allows to specify a different secret keyring for the GPG encryption key.
>>> Updated manual page with the above two changes.
>>> Do not keep asking for a passphrase confirmation, but start over on asking
>> the passphrase to prevent an infinite loop. (Closes #680425)
>>>
>>
>> massive such a small change ;) .. one question why did you conditionalize
>>
>> 136     - globals.gpg_profile.passphrase = get_passphrase(2, action)
>> 137     + if not globals.gpg_profile.sign_key:
>> 138     + globals.gpg_profile.passphrase = get_passphrase(2, action)
>>
>> what happens if one wants to sign a symmetric encryption? currently this
>> worked using the agent or the "same pass" for encryption and signing (not
>> suggesting of course) .. with your addition this limitation could be lifted
>> easily. did you?
>>
>> thanks for the contribution, ede/duply.net
> 
> You're right, it should not check for globals.gpg_profile.sign_key but globals.gpg_profile.recipients instead. I'll test all cases as described in https://bugs.launchpad.net/duplicity/+bug/793096/comments/4
> 
> I'm setting this branch to work-in-progress so I can consider symmetric + sign.
> 
> The current duplicity version in the repository does not sign a package even if --sign-key is given.
> 
> Test:
> $ duplicity --sign-key B5F0C812 /usr/share/doc/duplicity/ file://target; echo $?
> ...
> 0
> $ duplicity verify --sign-key B5F0C812 /usr/share/doc/duplicity/ file://target; echo $?
> Volume was signed by key None, not B5F0C812
> 22
> 
> In this branch, it signs the archive, but uses the signing key instead of the encryption key.
> 
> WIP, check back later
> 

isn't life wip overall ...

double checked your test above against the latest release 0.6.13 and it works there see below. what occurred to me is that if one set of the backup (regardless if latest incremental or not) is done without signing the 'Volume was signed by key None' comes up. So start with a fresh full and it should work on your side too.

what do you mean by 
> In this branch, it signs the archive, but uses the signing key instead of the encryption key.
using a different signing key was possible all the time. you just had to use gpg-agent to use it with a different password than the encryption key or have a signing key without a password.

..regards ede/duply.net

PS: problems are just solutions in work clothing - couldn't help myself;)

:~>gpg --list-secret-keys
...

sec   1024D/7CDF5D28 2011-05-02
uid                  test nopass
ssb   1024g/8AB13891 2011-05-02

sec   1024D/6B6875B0 2011-06-12
uid                  no pass
ssb   2048g/54296424 2011-06-12


:~> PASSPHRASE='pass' duplicity --sign-key 7CDF5D28 duply_dev/ file:///tmp/symsign2 ; echo $?
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1307893489.22 (Sun Jun 12 17:44:49 2011)
EndTime 1307893489.52 (Sun Jun 12 17:44:49 2011)
ElapsedTime 0.30 (0.30 seconds)
SourceFiles 49
SourceFileSize 1631843 (1.56 MB)
NewFiles 49
NewFileSize 1631843 (1.56 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 49
RawDeltaSize 1574499 (1.50 MB)
TotalDestinationSizeChange 996369 (973 KB)
Errors 0
-------------------------------------------------

0

:~>PASSPHRASE='pass' duplicity verify --sign-key 7CDF5D28 file:///tmp/symsign2 duply_dev/; echo $?
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sun Jun 12 17:44:49 2011
Verify complete: 49 files compared, 0 differences found.
0

:~> PASSPHRASE='pass' duplicity verify --sign-key 6B6875B0 file:///tmp/symsign2 duply_dev/; echo $?
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sun Jun 12 17:44:49 2011
Volume was signed by key 7CDF5D28, not 6B6875B0
22

-- 
https://code.launchpad.net/~lekensteyn/duplicity/multipass/+merge/64307
Your team duplicity-team is requested to review the proposed merge of lp:~lekensteyn/duplicity/multipass into lp:duplicity.
References

Re: [Merge] lp:~lekensteyn/duplicity/multipass into lp:duplicity
From: Lekensteyn, 2011-06-12