duplicity-team team mailing list archive
-
duplicity-team team
-
Mailing list archive
-
Message #02653
Fwd: [ftplicity:bugs] #76 GPG 2.1 passphrase entry change
-
To:
duplicity-team <duplicity-team@xxxxxxxxxxxxxxxxxxx>
-
From:
edgar.soldin@xxxxxx
-
Date:
Sat, 29 Nov 2014 16:41:14 +0100
-
In-reply-to:
</p/ftplicity/bugs/76/3f79d1313ff8a2e81cb5c1fe1399ea9be1a2db5f.bugs@ftplicity.p.sourceforge.net>
-
User-agent:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
just fyi. gpg 2.1 retires passphrase from pipe for key auth.
..ede
-------- Forwarded Message --------
Subject: [ftplicity:bugs] #76 GPG 2.1 passphrase entry change
Date: Sat, 29 Nov 2014 14:23:30 +0000
From: troy engel <tengel@xxxxxxxxxxxx>
Reply-To: [ftplicity:bugs] <76@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: [ftplicity:bugs] <76@xxxxxxxxxxxxxxxxxxxxxxxxxx>
With 2.1 the agent is required now, there's no way to get a passphrase into gpg without gpg-agent/pinentry (that's the big change, agree with it or not). It's all just basic config in my duply instance conf file with the passphrase set:
$ egrep -v "^(#|$)" .duply/XXXXX/conf
GPG_KEY='XXXXXXXX'
GPG_PW='XXXXXXXX'
GPG_OPTS='--pinentry-mode loopback'
TARGET='gs://YYYY'
TARGET_USER='ZZZZZZZZ'
TARGET_PASS='ZZZZZZZZ'
SOURCE='/home/AAAA'
FILENAME='.duplicity-ignore'
DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'"
MAX_AGE=2M
MAX_FULL_BACKUPS=2
That, with this:
$ egrep -v "^(#|$)" .gnupg/gpg-agent.conf
allow-loopback-pinentry
...is what works, From the duply end of things, the only change needed is the one I suggested in the patch for GPG_OPTS, that's it.
-te
---
** [bugs:#76] GPG 2.1 passphrase entry change**
**Status:** open
**Group:** duply
**Created:** Fri Nov 28, 2014 02:41 PM UTC by troy engel
**Last Updated:** Sat Nov 29, 2014 01:42 PM UTC
**Owner:** nobody
The method fo unattended passphrase entry has changed with GPG 2.1+, using a new option is required (as well as setting an option in ~/.gpg-agent.conf) to achieve the same functionality.
Please see the upstream issue: https://bugs.g10code.com/gnupg/issue1772
Suggested patch for now to raise awareness:
~~~~
--- duply-1.9.1-orig 2014-11-28 08:33:07.843465503 -0600
+++ duply-1.9.1-gpg21 2014-11-28 08:36:02.579515130 -0600
@@ -677,6 +677,7 @@
# or "--compress-algo=bzip2 --bzip2-compress-level=9"
# or "--personal-cipher-preferences AES256,AES192,AES..."
# or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
+# or "--pinentry-mode loopback" - for GPG 2.1+
#GPG_OPTS=''
# disable preliminary tests with the following setting
~~~~
I'm personally still testing and working on this so don't have 100% confirmed what will/won't work with regards to duply/duplicity.
---
Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/ftplicity/bugs/76/>
To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>