duplicity-team team mailing list archive

[Mike Turquette <mturquette@xxxxxxxxxx>]

Mike Turquette has proposed merging lp:~mturquette/duplicity/duplicity into lp:duplicity.

Requested reviews:
  duplicity-team (duplicity-team)

For more details, see:
https://code.launchpad.net/~mturquette/duplicity/duplicity/+merge/232153

I ran into a problem while using duplicity on my laptop, where I store my public gpg key, but not my private key. This is because my laptop may be stolen, lost or otherwise detained.

I still want to encrypt backups, which I can do sufficiently with a public key and Duplicity does this just fine. But things fall apart when Duplicity tries to decrypt the first volume of the backup in validate_encryption_settings() and fails on my laptop due to the lack of private key.

To handle this case I have introduced the --no-secret-key option, which was first proposed on the list in 2010:
http://article.gmane.org/gmane.comp.sysutils.backup.duplicity.general/4299

This option simply skips the encryption settings validation if set. The responsibility is on the user to periodically sanity check backups.
-- 
https://code.launchpad.net/~mturquette/duplicity/duplicity/+merge/232153
Your team duplicity-team is requested to review the proposed merge of lp:~mturquette/duplicity/duplicity into lp:duplicity.

=== modified file 'bin/duplicity'
--- bin/duplicity	2014-05-11 11:50:12 +0000
+++ bin/duplicity	2014-08-26 01:27:30 +0000
@@ -323,20 +323,22 @@
         that we're using the same encryption settings (i.e. we don't switch
         from encrypted to non in the middle of a backup chain), so we check
         that the vol1 filename on the server matches the settings of this run.
+        Skip this check if the --no-secret-key option is set.
         """
-        vol1_filename = file_naming.get(backup_type, 1,
-                                        encrypted=globals.encryption,
-                                        gzipped=globals.compression)
-        if vol1_filename != backup_set.volume_name_dict[1]:
-            log.FatalError(_("Restarting backup, but current encryption "
-                             "settings do not match original settings"),
-                           log.ErrorCode.enryption_mismatch)
+        if not globals.no_secret_key:
+            vol1_filename = file_naming.get(backup_type, 1,
+                                            encrypted=globals.encryption,
+                                            gzipped=globals.compression)
+            if vol1_filename != backup_set.volume_name_dict[1]:
+                log.FatalError(_("Restarting backup, but current encryption "
+                                 "settings do not match original settings"),
+                               log.ErrorCode.enryption_mismatch)
 
-        # Settings are same, let's check passphrase itself if we are encrypted
-        if globals.encryption:
-            fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename,
-                                              manifest.volume_info_dict[1])
-            fileobj.close()
+            # Settings are same, let's check passphrase itself if we are encrypted
+            if globals.encryption:
+                fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename,
+                                                  manifest.volume_info_dict[1])
+                fileobj.close()
 
     if not globals.restart:
         # normal backup start