duplicity-team team mailing list archive
-
duplicity-team team
-
Mailing list archive
-
Message #00670
[Merge] lp:~ed.so/duplicity/encr-sign-key2 into lp:duplicity
edso has proposed merging lp:~ed.so/duplicity/encr-sign-key2 into lp:duplicity.
Requested reviews:
duplicity-team (duplicity-team)
For more details, see:
https://code.launchpad.net/~ed.so/duplicity/encr-sign-key2/+merge/68160
as discussed on the mailinglist
a check if encryption and signing keys are identical
bonus: --encrypt-sign-key parameter and minor enhancements
ede
--
https://code.launchpad.net/~ed.so/duplicity/encr-sign-key2/+merge/68160
Your team duplicity-team is requested to review the proposed merge of lp:~ed.so/duplicity/encr-sign-key2 into lp:duplicity.
=== modified file 'Changelog.GNU'
--- Changelog.GNU 2011-06-18 13:26:12 +0000
+++ Changelog.GNU 2011-07-16 19:14:23 +0000
@@ -1,3 +1,13 @@
+2011-07-16 Ede <edgar.soldin AT web.de>
+ branch encrypt-sign-key:
+ - introduce --encrypt-sign-key parameter
+ - duplicity-bin::get_passphrase
+ skip passphrase asking and reuse passphrase if
+ sign-key is also an encrypt key and
+ a passphrase for either one is already set
+ - add _() gettext to text in duplicity-bin::get_passphrase
+ - document changes and minor additions in manpage
+
2011-06-17 Kenneth Loafman <kenneth@xxxxxxxxxxx>
777377 collection-status asking for passphrase
=== modified file 'duplicity-bin'
--- duplicity-bin 2011-07-08 18:14:35 +0000
+++ duplicity-bin 2011-07-16 19:14:23 +0000
@@ -81,13 +81,24 @@
try:
if for_signing:
return os.environ['SIGN_PASSPHRASE']
+ else:
+ return os.environ['PASSPHRASE']
except KeyError:
pass
- try:
- return os.environ['PASSPHRASE']
- except KeyError:
- pass
+ # check if we can reuse an already set (signing_)passphrase
+ ## if signing key is also an encryption key assume that the passphrase is identical
+ if ( for_signing
+ and globals.gpg_profile.sign_key in globals.gpg_profile.recipients
+ and globals.gpg_profile.passphrase is not None ):
+ log.Notice(_("Reuse already set PASSPHRASE as SIGNING_PASSPHRASE"))
+ return globals.gpg_profile.passphrase
+ ## if one encryption key is also the signing key assume that the passphrase is identical
+ if ( not for_signing
+ and globals.gpg_profile.sign_key in globals.gpg_profile.recipients
+ and globals.gpg_profile.signing_passphrase is not None ):
+ log.Notice(_("Reuse already set SIGNING_PASSPHRASE as PASSPHRASE"))
+ return globals.gpg_profile.signing_passphrase
# Next, verify we need to ask the user
@@ -128,7 +139,7 @@
# Finally, ask the user for the passphrase
else:
- log.Info("PASSPHRASE variable not set, asking user.")
+ log.Info(_("PASSPHRASE variable not set, asking user."))
use_cache = True
while 1:
# ask the user to enter a new passphrase to avoid an infinite loop
@@ -143,27 +154,27 @@
if use_cache and globals.gpg_profile.signing_passphrase:
pass1 = globals.gpg_profile.signing_passphrase
else:
- pass1 = getpass.getpass("GnuPG passphrase for signing key: ")
+ pass1 = getpass.getpass(_("GnuPG passphrase for signing key:")+" ")
else:
if use_cache and globals.gpg_profile.passphrase:
pass1 = globals.gpg_profile.passphrase
else:
- pass1 = getpass.getpass("GnuPG passphrase: ")
+ pass1 = getpass.getpass(_("GnuPG passphrase:")+" ")
if n == 1:
pass2 = pass1
elif for_signing:
- pass2 = getpass.getpass("Retype passphrase for signing key to confirm: ")
+ pass2 = getpass.getpass(_("Retype passphrase for signing key to confirm: "))
else:
- pass2 = getpass.getpass("Retype passphrase to confirm: ")
+ pass2 = getpass.getpass(_("Retype passphrase to confirm: "))
if not pass1 == pass2:
- print "First and second passphrases do not match! Please try again."
+ print _("First and second passphrases do not match! Please try again.")
use_cache = False
continue
if not pass1 and not globals.gpg_profile.recipients and not for_signing:
- print "Cannot use empty passphrase with symmetric encryption! Please try again."
+ print _("Cannot use empty passphrase with symmetric encryption! Please try again.")
use_cache = False
continue
=== modified file 'duplicity.1'
--- duplicity.1 2011-06-17 13:41:54 +0000
+++ duplicity.1 2011-07-16 19:14:23 +0000
@@ -304,6 +304,14 @@
default secret keyring is used which is usually located at .gnupg/secring.gpg
.TP
+.BI "--encrypt-sign-key " key
+Convenience parameter. Same as
+.BR --encrypt-key
+.IR key
+.BR --sign-key
+.IR "key" .
+
+.TP
.BI "--exclude " shell_pattern
Exclude the file or files matched by
.IR shell_pattern .
@@ -603,13 +611,16 @@
.TP
.BI "--sign-key " key
-This option can be used when backing up or restoring. When backing
-up, all backup files will be signed with keyid
+This option can be used when backing up, restoring or verifying.
+When backing up, all backup files will be signed with keyid
.IR key .
When restoring, duplicity will signal an error if any remote file is
not signed with the given keyid.
.I key
-should be an 8 character hex string, like AA0E73D2.
+should be an 8 character hex string, like AA0E73D2.
+Should be specified only once because currently only
+.B one
+signing key is supported. Last entry overrides all other entries.
.TP
.B --ssh-askpass
=== modified file 'duplicity/commandline.py'
--- duplicity/commandline.py 2011-06-17 13:41:54 +0000
+++ duplicity/commandline.py 2011-07-16 19:14:23 +0000
@@ -248,6 +248,10 @@
# secret keyring in which the private encrypt key can be found
parser.add_option("--encrypt-secret-keyring", type="string", metavar=_("path"))
+
+ parser.add_option("--encrypt-sign-key", type="string", metavar=_("gpg-key-id"),
+ dest="", action="callback",
+ callback=lambda o, s, v, p: ( globals.gpg_profile.recipients.append(v), set_sign_key(v)) )
# TRANSL: Used in usage help to represent a "glob" style pattern for
# matching one or more files, as described in the documentation.
=== modified file 'duplicity/gpg.py'
--- duplicity/gpg.py 2011-06-17 13:41:54 +0000
+++ duplicity/gpg.py 2011-07-16 19:14:23 +0000
@@ -62,8 +62,6 @@
'AA0E73D2'.
"""
assert passphrase is None or type(passphrase) is types.StringType
- if sign_key:
- assert recipients # can only sign with asym encryption
self.passphrase = passphrase
self.signing_passphrase = passphrase
Follow ups
