← Back to team overview

duplicity-team team mailing list archive

Re: [Merge] lp:~mwilck/duplicity/0.7-series into lp:duplicity/0.7-series

 

Hi Edgar,

> although already merged, i don't think it's perfect already.
> 
> afaiu gpg2+ _always_ uses the agent if input is necessary. that's why the manpage contained, auntil you removed
> "
> GnuPG 2 and newer ignore this option and will always use a running
> .B gpg-agent
> if no passphrase was delivered.
> "
> this is because the passphrase input routines got moved from gpg into gpg-agent. 

My thinking was that it's not relevant for duplicity users whether or
not gpg uses/starts the agent. The point is if, and how, the user is
queried for the pass phrase. I found that sentence was rather irritating
than helpful, but I don't mind if you add it back.

The part that IMO wasn't clear enough from the previous man page text is
that the deviations between gpg version matter if --use-agent is NOT given.

> 
> additionally if we want gpg to ask for a passphrase and block the process we need to deliver '--pinentry-mode=loopback', which seems to be used in the current gpg.py
>   http://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/view/head:/duplicity/gpg.py#L142
> 
> 1.
> out of interest, why did your earlier patch use '--pinentry-mode=cancel'?

Mostly because I wasn't aware of "loopback". As I explained in the log
message of that patch, my use case was different - I wanted duplicity
NOT to ask for a passphrase (the intention was to run a fully
non-interactive backup job to a GPG-encrypted repository. In this case
the pass phrase is only needed to verify the signatures which I'd rather
skip than not backup at all).

If I need passphrase interaction, I personally always use --use-agent; I
find the agent UI much more comfortable than the normal prompt. But I
guess my original patch was a ignorant of of other people's needs, sorry
for that (I though I'd tested pass phrase entry for decryption and it
worked ..., but I may have missed something. I don't recall the details,
it's too long ago).

Regards
Martin

> 
> 2.
> please check if gpg2.1 does start a gpg-agent. according to my tests a gpg-agent instance is started and keeps lingering if not killed manually.
> 
> ..ede/duply.net
> 
> 
> On 09.02.2017 14:44, Martin Wilck wrote:
>> Martin Wilck has proposed merging lp:~mwilck/duplicity/0.7-series into lp:duplicity/0.7-series.
>>
>> Requested reviews:
>>   duplicity-team (duplicity-team)
>>
>> For more details, see:
>> https://code.launchpad.net/~mwilck/duplicity/0.7-series/+merge/316852
>>
>> Fixed the documentation of --use-agent in the man page. It was still talking about --pinentry-mode=cancel. Also, clarify that the gnupg version dependency applies if the --use-agent parameter is NOT used.
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~duplicity-team
>> Post to     : duplicity-team@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~duplicity-team
>> More help   : https://help.launchpad.net/ListHelp
>>
> 


-- 
https://code.launchpad.net/~mwilck/duplicity/0.7-series/+merge/316852
Your team duplicity-team is requested to review the proposed merge of lp:~mwilck/duplicity/0.7-series into lp:duplicity/0.7-series.


References