Merge lp:~lenharo-h/duplicity/duplicity into lp:duplicity/0.6
- duplicity
- Merge into 0.6-series
Status: | Merged |
---|---|
Approved by: | edso |
Approved revision: | 901 |
Merged at revision: | 899 |
Proposed branch: | lp:~lenharo-h/duplicity/duplicity |
Merge into: | lp:duplicity/0.6 |
Diff against target: |
260 lines (+97/-9) 8 files modified
bin/duplicity (+8/-6) bin/duplicity.1 (+11/-0) duplicity/commandline.py (+6/-0) duplicity/gpg.py (+12/-3) duplicity/gpginterface.py (+2/-0) testing/tests/finaltest.py (+10/-0) testing/tests/gpgtest.py (+31/-0) testing/tests/restarttest.py (+17/-0) |
To merge this branch: | bzr merge lp:~lenharo-h/duplicity/duplicity |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
edso | Approve | ||
Review via email: mp+137424@code.launchpad.net |
This proposal supersedes a proposal from 2012-11-21.
Commit message
Description of the change
Hi,
I thought that we could also generate encrypted backups without revealing the user's key id.
So I created a new switch (--hidden-
Please, let me know if you need more info.
Thanks,
Marcos
edso (ed.so) wrote : Posted in a previous version of this proposal | # |
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal | # |
Hi,
the typo was fixed and already pushed.
Regarding restoring, if you only have hidden-recipients on you encrypted
file, gpg will try every secret key you have on your keyring and use the
right one if it finds it.
Otherwise it will say that didn't find a secret key. Like the following:
[tmp]$ gpg duplicity-
gpg: anonymous recipient; trying secret key 12345678 ...
gpg: anonymous recipient; trying secret key 9ABCDEF0...
*gpg: okay, we are the anonymous recipient.*
gpg: encrypted with RSA key, ID 00000000
...
or
[tmp]$ gpg duplicity-
gpg: anonymous recipient; trying secret key 12345678 ...
gpg: anonymous recipient; trying secret key 87654321 ...
gpg: encrypted with RSA key, ID 00000000
*gpg: decryption failed: No secret key*
Please let me know if you have questions on other scenarios.
Best Regards,
Marcos A. Lenharo
On 21-11-2012 08:11, edso wrote:
> Review: Needs Fixing
>
> hi,
>
> 1. there is a typo in the manpage change.
> 2. how does it work on restoring? wouldn't gpg have to ask for a keyid to use?
>
> ..ede
edso (ed.so) wrote : Posted in a previous version of this proposal | # |
On 21.11.2012 14:03, Marcos Aurelio Lenharo wrote:
> Hi,
>
> the typo was fixed and already pushed.
>
> Regarding restoring, if you only have hidden-recipients on you encrypted file, gpg will try every secret key you have on your keyring and use the right one if it finds it.
[snip]
>
>
> Please let me know if you have questions on other scenarios.
> Best Regards,
>
otherwise it looked good to me.
maybe it'd make sense to mention 'uses gpg --hidden-recipient' and 'try's every key' in the manpage as well.
..ede/duply.net
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal | # |
Hi,
It seems to be better now. Please, take a look on revision 900.
Best Regards,
Marcos A. Lenharo
On 21-11-2012 11:46, edso wrote:
> On 21.11.2012 14:03, Marcos Aurelio Lenharo wrote:
>> Hi,
>>
>> the typo was fixed and already pushed.
>>
>> Regarding restoring, if you only have hidden-recipients on you encrypted file, gpg will try every secret key you have on your keyring and use the right one if it finds it.
> [snip]
>>
>> Please let me know if you have questions on other scenarios.
>> Best Regards,
>>
> otherwise it looked good to me.
>
> maybe it'd make sense to mention 'uses gpg --hidden-recipient' and 'try's every key' in the manpage as well.
>
> ..ede/duply.net
>
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal | # |
Has anyone tried restore with the _ssh_pexpect backend?
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal | # |
No, but I can try it later.
Why?
Regards
Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
> Has anyone tried restore with the _ssh_pexpect backend?
> --
> https:/
> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal | # |
It will need to be modded, probably, since the responses from gpg are
different.
On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden> wrote:
> No, but I can try it later.
> Why?
>
> Regards
> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
>
> > Has anyone tried restore with the _ssh_pexpect backend?
> > --
> > https:/
> > You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >
>
> --
> https:/
> You are subscribed to branch lp:duplicity.
>
edso (ed.so) wrote : Posted in a previous version of this proposal | # |
how does a specific backend directly deal with gpg? isn't that the job of gpg_interface?
..ede
On 22.11.2012 15:38, Kenneth Loafman wrote:
> It will need to be modded, probably, since the responses from gpg are
> different.
>
> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden> wrote:
>
>> No, but I can try it later.
>> Why?
>>
>> Regards
>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
>>
>>> Has anyone tried restore with the _ssh_pexpect backend?
>>> --
>>> https:/
>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>
>>
>> --
>> https:/
>> You are subscribed to branch lp:duplicity.
>>
>
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal | # |
It uses pexpect to check the return strings. Sometimes that's from gpg.
...Ken
On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
> how does a specific backend directly deal with gpg? isn't that the job of
> gpg_interface?
>
> ..ede
>
> On 22.11.2012 15:38, Kenneth Loafman wrote:
> > It will need to be modded, probably, since the responses from gpg are
> > different.
> >
> > On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
> wrote:
> >
> >> No, but I can try it later.
> >> Why?
> >>
> >> Regards
> >> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
> >>
> >>> Has anyone tried restore with the _ssh_pexpect backend?
> >>> --
> >>>
> https:/
> >>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >>>
> >>
> >> --
> >> https:/
> >> You are subscribed to branch lp:duplicity.
> >>
> >
>
>
> --
> https:/
> You are subscribed to branch lp:duplicity.
>
edso (ed.so) wrote : Posted in a previous version of this proposal | # |
just scanned
http://
and can only see sftp and scp being used.
what am i missing?
..ede
On 22.11.2012 15:55, Kenneth Loafman wrote:
> It uses pexpect to check the return strings. Sometimes that's from gpg.
>
> ...Ken
>
> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
>
>> how does a specific backend directly deal with gpg? isn't that the job of
>> gpg_interface?
>>
>> ..ede
>>
>> On 22.11.2012 15:38, Kenneth Loafman wrote:
>>> It will need to be modded, probably, since the responses from gpg are
>>> different.
>>>
>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
>> wrote:
>>>
>>>> No, but I can try it later.
>>>> Why?
>>>>
>>>> Regards
>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
>>>>
>>>>> Has anyone tried restore with the _ssh_pexpect backend?
>>>>> --
>>>>>
>> https:/
>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>>>
>>>>
>>>> --
>>>> https:/
>>>> You are subscribed to branch lp:duplicity.
>>>>
>>>
>>
>>
>> --
>> https:/
>> You are subscribed to branch lp:duplicity.
>>
>
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal | # |
Look at the responses from sftp and scp. If the gpg response is expected,
check that the new option supplies that, otherwise we have to match on
additional strings.
...Ken
On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
> just scanned
>
> http://
> and can only see sftp and scp being used.
>
> what am i missing?
>
> ..ede
>
> On 22.11.2012 15:55, Kenneth Loafman wrote:
> > It uses pexpect to check the return strings. Sometimes that's from gpg.
> >
> > ...Ken
> >
> > On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
> >
> >> how does a specific backend directly deal with gpg? isn't that the job
> of
> >> gpg_interface?
> >>
> >> ..ede
> >>
> >> On 22.11.2012 15:38, Kenneth Loafman wrote:
> >>> It will need to be modded, probably, since the responses from gpg are
> >>> different.
> >>>
> >>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
> >> wrote:
> >>>
> >>>> No, but I can try it later.
> >>>> Why?
> >>>>
> >>>> Regards
> >>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
> escreveu:
> >>>>
> >>>>> Has anyone tried restore with the _ssh_pexpect backend?
> >>>>> --
> >>>>>
> >> https:/
> >>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >>>>>
> >>>>
> >>>> --
> >>>>
> https:/
> >>>> You are subscribed to branch lp:duplicity.
> >>>>
> >>>
> >>
> >>
> >> --
> >> https:/
> >> You are subscribed to branch lp:duplicity.
> >>
> >
>
> --
> https:/
> You are subscribed to branch lp:duplicity.
>
edso (ed.so) wrote : Posted in a previous version of this proposal | # |
you totally loose me here :( sorry...
the patch provided by Lenharo merely changes the way how gpg_interface.py encrypts the datastream locally. did you have a look at what is actually patched?
http://
it does in no way affect up/downloading in any backend as far as i can see. still you come across convincing, so i might miss something ;)
..ede
On 22.11.2012 17:31, Kenneth Loafman wrote:
> Look at the responses from sftp and scp. If the gpg response is expected,
> check that the new option supplies that, otherwise we have to match on
> additional strings.
>
> ...Ken
>
> On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
>
>> just scanned
>>
>> http://
>> and can only see sftp and scp being used.
>>
>> what am i missing?
>>
>> ..ede
>>
>> On 22.11.2012 15:55, Kenneth Loafman wrote:
>>> It uses pexpect to check the return strings. Sometimes that's from gpg.
>>>
>>> ...Ken
>>>
>>> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
>>>
>>>> how does a specific backend directly deal with gpg? isn't that the job
>> of
>>>> gpg_interface?
>>>>
>>>> ..ede
>>>>
>>>> On 22.11.2012 15:38, Kenneth Loafman wrote:
>>>>> It will need to be modded, probably, since the responses from gpg are
>>>>> different.
>>>>>
>>>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
>>>> wrote:
>>>>>
>>>>>> No, but I can try it later.
>>>>>> Why?
>>>>>>
>>>>>> Regards
>>>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
>> escreveu:
>>>>>>
>>>>>>> Has anyone tried restore with the _ssh_pexpect backend?
>>>>>>> --
>>>>>>>
>>>> https:/
>>>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>> https:/
>>>>>> You are subscribed to branch lp:duplicity.
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> https:/
>>>> You are subscribed to branch lp:duplicity.
>>>>
>>>
>>
>> --
>> https:/
>> You are subscribed to branch lp:duplicity.
>>
>
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal | # |
Hi,
without looking into the code ede seems right.
Anyway, I made the following test:
duplicity --hidden-
source scp://target/
duplicity --use-scp --ssh-backend pexpect scp://target/
And it behaved like expected: asked for GPG passphrase and restored the
backup.
Did I do it right?
Best Regards,
Marcos A. Lenharo
On 22-11-2012 14:40, edso wrote:
> you totally loose me here :( sorry...
>
> the patch provided by Lenharo merely changes the way how gpg_interface.py encrypts the datastream locally. did you have a look at what is actually patched?
> http://
>
> it does in no way affect up/downloading in any backend as far as i can see. still you come across convincing, so i might miss something ;)
>
> ..ede
>
>
> On 22.11.2012 17:31, Kenneth Loafman wrote:
>> Look at the responses from sftp and scp. If the gpg response is expected,
>> check that the new option supplies that, otherwise we have to match on
>> additional strings.
>>
>> ...Ken
>>
>> On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
>>
>>> just scanned
>>>
>>> http://
>>> and can only see sftp and scp being used.
>>>
>>> what am i missing?
>>>
>>> ..ede
>>>
>>> On 22.11.2012 15:55, Kenneth Loafman wrote:
>>>> It uses pexpect to check the return strings. Sometimes that's from gpg.
>>>>
>>>> ...Ken
>>>>
>>>> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
>>>>
>>>>> how does a specific backend directly deal with gpg? isn't that the job
>>> of
>>>>> gpg_interface?
>>>>>
>>>>> ..ede
>>>>>
>>>>> On 22.11.2012 15:38, Kenneth Loafman wrote:
>>>>>> It will need to be modded, probably, since the responses from gpg are
>>>>>> different.
>>>>>>
>>>>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
>>>>> wrote:
>>>>>>> No, but I can try it later.
>>>>>>> Why?
>>>>>>>
>>>>>>> Regards
>>>>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
>>> escreveu:
>>>>>>>> Has anyone tried restore with the _ssh_pexpect backend?
>>>>>>>> --
>>>>>>>>
>>>>> https:/
>>>>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>>>>>>
>>>>>>> --
>>>>>>>
>>> https:/
>>>>>>> You are subscribed to branch lp:duplicity.
>>>>>>>
>>>>>
>>>>> --
>>>>> https:/
>>>>> You are subscribed to branch lp:duplicity.
>>>>>
>>> --
>>> https:/
>>> You are subscribed to branch lp:duplicity.
>>>
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal | # |
You did it right and it worked, so that's all I was asking.
...Ken
On Thu, Nov 22, 2012 at 5:55 PM, Marcos Aurelio Lenharo
<email address hidden>wrote:
> Hi,
>
> without looking into the code ede seems right.
>
> Anyway, I made the following test:
>
> duplicity --hidden-
> source scp://target/
> duplicity --use-scp --ssh-backend pexpect scp://target/
>
> And it behaved like expected: asked for GPG passphrase and restored the
> backup.
> Did I do it right?
>
> Best Regards,
>
> Marcos A. Lenharo
>
> On 22-11-2012 14:40, edso wrote:
> > you totally loose me here :( sorry...
> >
> > the patch provided by Lenharo merely changes the way how
> gpg_interface.py encrypts the datastream locally. did you have a look at
> what is actually patched?
> > http://
> >
> > it does in no way affect up/downloading in any backend as far as i can
> see. still you come across convincing, so i might miss something ;)
> >
> > ..ede
> >
> >
> > On 22.11.2012 17:31, Kenneth Loafman wrote:
> >> Look at the responses from sftp and scp. If the gpg response is
> expected,
> >> check that the new option supplies that, otherwise we have to match on
> >> additional strings.
> >>
> >> ...Ken
> >>
> >> On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
> >>
> >>> just scanned
> >>>
> >>>
> http://
> >>> and can only see sftp and scp being used.
> >>>
> >>> what am i missing?
> >>>
> >>> ..ede
> >>>
> >>> On 22.11.2012 15:55, Kenneth Loafman wrote:
> >>>> It uses pexpect to check the return strings. Sometimes that's from
> gpg.
> >>>>
> >>>> ...Ken
> >>>>
> >>>> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
> >>>>
> >>>>> how does a specific backend directly deal with gpg? isn't that the
> job
> >>> of
> >>>>> gpg_interface?
> >>>>>
> >>>>> ..ede
> >>>>>
> >>>>> On 22.11.2012 15:38, Kenneth Loafman wrote:
> >>>>>> It will need to be modded, probably, since the responses from gpg
> are
> >>>>>> different.
> >>>>>>
> >>>>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
> >>>>> wrote:
> >>>>>>> No, but I can try it later.
> >>>>>>> Why?
> >>>>>>>
> >>>>>>> Regards
> >>>>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
> >>> escreveu:
> >>>>>>>> Has anyone tried restore with the _ssh_pexpect backend?
> >>>>>>>> --
> >>>>>>>>
> >>>>>
> https:/
> >>>>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >>>>>>>>
> >>>>>>> --
> >>>>>>>
> >>>
> https:/
> >>>>>>> You are subscribed to branch lp:duplicity.
> >>>>>>>
> >>>>>
> >>>>> --
> >>>>>
> https:/
> >>>>> You are subscribed to branch lp:duplicity.
> >>>>>
> >>> --
> >>>
> https:/
> >>> You are subscribed to branch lp:duplicity.
> >>>
>
>
edso (ed.so) wrote : Posted in a previous version of this proposal | # |
On 23.11.2012 16:46, Kenneth Loafman wrote:
> We should check against the other backends,
that does not hurt. but why is it necessary? gpg encryption is in no way connected to our backends. volumes are built. when finished uploaded. the same in reverse for restoring. a two step process, which is totally separated. gpg is already done when volumes are loaded up or the other way around.
>plus check what happens if this option is used on an older gpg.
just checked the gpg-1.4 changelog (attached). the options seems to around at least since 2002, so it is actually no new option.
also gpg errors are shown to the user, so if gpg would not support the option it'll tell the user so.
> Do we catch the errors properly or simply ignore them? We probably need to add some test cases for this one as well.
that's analogue to our current scenario if the private key on restore is missing or the entered passphrase is plain wrong. gpg fails and a stack is shown.
while i really don't insist on this functionality (don't need it), i don't see why you treat as a major change, as if it had the possibility to break the application completely.
on the other hand, it's only fair to have contributors with new functionality add a test case.
@Lenharo: would you do so?
..ede
> ...Ken
>
> On Fri, Nov 23, 2012 at 9:24 AM, <<email address hidden> <mailto:<email address hidden>>> wrote:
>
> still i wonder why it was necessary, as opposed testing it against any other backend we got.
>
> ..ede
>
> On 23.11.2012 13:42, Kenneth Loafman wrote:
> > You did it right and it worked, so that's all I was asking.
> >
> > ...Ken
> >
> > On Thu, Nov 22, 2012 at 5:55 PM, Marcos Aurelio Lenharo <<email address hidden> <mailto:<email address hidden>> <mailto:<email address hidden> <mailto:<email address hidden>>>> wrote:
> >
> > Hi,
> >
> > without looking into the code ede seems right.
> >
> > Anyway, I made the following test:
> >
> > duplicity --hidden-
> > source scp://target/
> > duplicity --use-scp --ssh-backend pexpect scp://target/
> >
> > And it behaved like expected: asked for GPG passphrase and restored the
> > backup.
> > Did I do it right?
> >
> > Best Regards,
> >
> > Marcos A. Lenharo
> >
> > On 22-11-2012 14:40, edso wrote:
> > > you totally loose me here :( sorry...
> > >
> > > the patch provided by Lenharo merely changes the way how gpg_interface.py encrypts the datastream locally. did you have a look at what is actually patched?
> > > http://
> > >
> > > it does in no way affect up/downloading in any backend as far as i can see. still you come across convincing, so i might miss something ;)
> > >
> > > ..ede
> > >
> > >
> > > On 22.11.2012 17:31, K...
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal | # |
Hi guys,
I updated test cases to also test the new switch. They are under:
http://
By the way, I am using Arch Linux, which has python 2.7 and python 3
installed and the line #!/usr/bin/env *python* inside duplicity and
rdiffdir is causing python 3 to be used and the tests are failing
(mainly due to new print function).
In my repository I changed them to #!/usr/bin/env *python2* and all test
passed.
I am not a python developer so I didn't get why duplicity is working at
command line but not when called by the tests.
Best Regards,
Marcos A. Lenharo
On 23-11-2012 14:17, edso wrote:
> On 23.11.2012 16:46, Kenneth Loafman wrote:
>> We should check against the other backends,
> that does not hurt. but why is it necessary? gpg encryption is in no way connected to our backends. volumes are built. when finished uploaded. the same in reverse for restoring. a two step process, which is totally separated. gpg is already done when volumes are loaded up or the other way around.
>
>> plus check what happens if this option is used on an older gpg.
> just checked the gpg-1.4 changelog (attached). the options seems to around at least since 2002, so it is actually no new option.
>
> also gpg errors are shown to the user, so if gpg would not support the option it'll tell the user so.
>
>> Do we catch the errors properly or simply ignore them? We probably need to add some test cases for this one as well.
> that's analogue to our current scenario if the private key on restore is missing or the entered passphrase is plain wrong. gpg fails and a stack is shown.
>
> while i really don't insist on this functionality (don't need it), i don't see why you treat as a major change, as if it had the possibility to break the application completely.
>
> on the other hand, it's only fair to have contributors with new functionality add a test case.
> @Lenharo: would you do so?
>
> ..ede
>
>
>> ...Ken
>>
>> On Fri, Nov 23, 2012 at 9:24 AM, <<email address hidden> <mailto:<email address hidden>>> wrote:
>>
>> still i wonder why it was necessary, as opposed testing it against any other backend we got.
>>
>> ..ede
>>
>> On 23.11.2012 13:42, Kenneth Loafman wrote:
>> > You did it right and it worked, so that's all I was asking.
>> >
>> > ...Ken
>> >
>> > On Thu, Nov 22, 2012 at 5:55 PM, Marcos Aurelio Lenharo <<email address hidden> <mailto:<email address hidden>> <mailto:<email address hidden> <mailto:<email address hidden>>>> wrote:
>> >
>> > Hi,
>> >
>> > without looking into the code ede seems right.
>> >
>> > Anyway, I made the following test:
>> >
>> > duplicity --hidden-
>> > source scp://target/
>> > duplicity --use-scp --ssh-backend pexpect scp://target/
>> >
>> > And it behaved like expected: asked for GPG passphrase and restored the
>> > backup.
>> > Did I do it right?
>> >
>> > Best Regards,
>> >
>> > Marcos A. Lenharo
>> >
>> > On 22-11-2012 14:40, edso wrote:
>> > > you totall...
Preview Diff
1 | === modified file 'bin/duplicity' |
2 | --- bin/duplicity 2012-11-13 21:53:24 +0000 |
3 | +++ bin/duplicity 2012-12-02 16:39:20 +0000 |
4 | @@ -93,13 +93,15 @@ |
5 | # check if we can reuse an already set (signing_)passphrase |
6 | ## if signing key is also an encryption key assume that the passphrase is identical |
7 | if ( for_signing |
8 | - and globals.gpg_profile.sign_key in globals.gpg_profile.recipients |
9 | + and (globals.gpg_profile.sign_key in globals.gpg_profile.recipients |
10 | + or globals.gpg_profile.sign_key in globals.gpg_profile.hidden_recipients) |
11 | and 'PASSPHRASE' in os.environ ): |
12 | log.Notice(_("Reuse configured PASSPHRASE as SIGN_PASSPHRASE")) |
13 | return os.environ['PASSPHRASE'] |
14 | ## if one encryption key is also the signing key assume that the passphrase is identical |
15 | if ( not for_signing |
16 | - and globals.gpg_profile.sign_key in globals.gpg_profile.recipients |
17 | + and (globals.gpg_profile.sign_key in globals.gpg_profile.recipients |
18 | + or globals.gpg_profile.sign_key in globals.gpg_profile.hidden_recipients) |
19 | and 'SIGN_PASSPHRASE' in os.environ ): |
20 | log.Notice(_("Reuse configured SIGN_PASSPHRASE as PASSPHRASE")) |
21 | return os.environ['SIGN_PASSPHRASE'] |
22 | @@ -127,14 +129,14 @@ |
23 | # for a full backup, we don't need a password if |
24 | # there is no sign_key and there are recipients |
25 | elif (action == "full" |
26 | - and globals.gpg_profile.recipients |
27 | + and (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) |
28 | and not globals.gpg_profile.sign_key): |
29 | return "" |
30 | |
31 | # for an inc backup, we don't need a password if |
32 | # there is no sign_key and there are recipients |
33 | elif (action == "inc" |
34 | - and globals.gpg_profile.recipients |
35 | + and (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) |
36 | and not globals.gpg_profile.sign_key): |
37 | return "" |
38 | |
39 | @@ -174,7 +176,7 @@ |
40 | use_cache = False |
41 | continue |
42 | |
43 | - if not pass1 and not globals.gpg_profile.recipients and not for_signing: |
44 | + if not pass1 and not (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) and not for_signing: |
45 | print _("Cannot use empty passphrase with symmetric encryption! Please try again.") |
46 | use_cache = False |
47 | continue |
48 | @@ -1350,7 +1352,7 @@ |
49 | |
50 | # if there are no recipients (no --encrypt-key), it must be a |
51 | # symmetric key. Therefore, confirm the passphrase |
52 | - if not globals.gpg_profile.recipients: |
53 | + if not (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients): |
54 | globals.gpg_profile.passphrase = get_passphrase(2, action) |
55 | # a limitation in the GPG implementation does not allow for |
56 | # inputting different passphrases, this affects symmetric+sign. |
57 | |
58 | === modified file 'bin/duplicity.1' |
59 | --- bin/duplicity.1 2012-11-03 14:10:38 +0000 |
60 | +++ bin/duplicity.1 2012-12-02 16:39:20 +0000 |
61 | @@ -478,6 +478,17 @@ |
62 | Use the GIO backend and interpret any URLs as GIO would. |
63 | |
64 | .TP |
65 | +.BI "--hidden-encrypt-key " key-id |
66 | +Same as |
67 | +.BR --encrypt-key , |
68 | +but it hides user's key id from encrypted file. It uses the gpg's |
69 | +.B --hidden-recipient |
70 | +command to obfuscate the owner of the backup. On restore, gpg will |
71 | +automatically try all available secret keys in order to decrypt the |
72 | +backup. See gpg(1) for more details. |
73 | + |
74 | + |
75 | +.TP |
76 | .B --ignore-errors |
77 | Try to ignore certain errors if they happen. This option is only |
78 | intended to allow the restoration of a backup in the face of certain |
79 | |
80 | === modified file 'duplicity/commandline.py' |
81 | --- duplicity/commandline.py 2012-10-29 10:01:25 +0000 |
82 | +++ duplicity/commandline.py 2012-12-02 16:39:20 +0000 |
83 | @@ -350,6 +350,12 @@ |
84 | |
85 | parser.add_option("--gpg-options", action="extend", metavar=_("options")) |
86 | |
87 | + # TRANSL: Used in usage help to represent an ID for a hidden GnuPG key. Example: |
88 | + # --hidden-encrypt-key <gpg_key_id> |
89 | + parser.add_option("--hidden-encrypt-key", type="string", metavar=_("gpg-key-id"), |
90 | + dest="", action="callback", |
91 | + callback=lambda o, s, v, p: globals.gpg_profile.hidden_recipients.append(v)) #@UndefinedVariable |
92 | + |
93 | # ignore (some) errors during operations; supposed to make it more |
94 | # likely that you are able to restore data under problematic |
95 | # circumstances. the default should absolutely always be False unless |
96 | |
97 | === modified file 'duplicity/gpg.py' |
98 | --- duplicity/gpg.py 2012-10-15 17:13:08 +0000 |
99 | +++ duplicity/gpg.py 2012-12-02 16:39:20 +0000 |
100 | @@ -54,7 +54,7 @@ |
101 | Just hold some GPG settings, avoid passing tons of arguments |
102 | """ |
103 | def __init__(self, passphrase = None, sign_key = None, |
104 | - recipients = None): |
105 | + recipients = None, hidden_recipients = None): |
106 | """ |
107 | Set all data with initializer |
108 | |
109 | @@ -76,6 +76,12 @@ |
110 | else: |
111 | self.recipients = [] |
112 | |
113 | + if hidden_recipients is not None: |
114 | + assert type(hidden_recipients) is types.ListType # must be list, not tuple |
115 | + self.hidden_recipients = hidden_recipients |
116 | + else: |
117 | + self.hidden_recipients = [] |
118 | + |
119 | |
120 | class GPGFile: |
121 | """ |
122 | @@ -131,7 +137,10 @@ |
123 | if profile.recipients: |
124 | gnupg.options.recipients = profile.recipients |
125 | cmdlist.append('--encrypt') |
126 | - else: |
127 | + if profile.hidden_recipients: |
128 | + gnupg.options.hidden_recipients = profile.hidden_recipients |
129 | + cmdlist.append('--encrypt') |
130 | + if not (profile.recipients or profile.hidden_recipients): |
131 | cmdlist.append('--symmetric') |
132 | # use integrity protection |
133 | gnupg.options.extra_args.append('--force-mdc') |
134 | @@ -149,7 +158,7 @@ |
135 | p1.handles['passphrase'].close() |
136 | self.gpg_input = p1.handles['stdin'] |
137 | else: |
138 | - if profile.recipients and profile.encrypt_secring: |
139 | + if (profile.recipients or profile.hidden_recipients) and profile.encrypt_secring: |
140 | cmdlist.append('--secret-keyring') |
141 | cmdlist.append(profile.encrypt_secring) |
142 | self.status_fp = tempfile.TemporaryFile( dir=tempdir.default().dir() ) |
143 | |
144 | === modified file 'duplicity/gpginterface.py' |
145 | --- duplicity/gpginterface.py 2012-10-15 17:13:08 +0000 |
146 | +++ duplicity/gpginterface.py 2012-12-02 16:39:20 +0000 |
147 | @@ -570,6 +570,7 @@ |
148 | # lists |
149 | self.encrypt_to = [] |
150 | self.recipients = [] |
151 | + self.hidden_recipients = [] |
152 | |
153 | # miscellaneous arguments |
154 | self.extra_args = [] |
155 | @@ -602,6 +603,7 @@ |
156 | if self.openpgp: args.append( '--openpgp' ) |
157 | |
158 | for r in self.recipients: args.extend( [ '--recipient', r ] ) |
159 | + for r in self.hidden_recipients: args.extend( [ '--hidden-recipient', r ] ) |
160 | for r in self.encrypt_to: args.extend( [ '--encrypt-to', r ] ) |
161 | |
162 | return args |
163 | |
164 | === modified file 'testing/tests/finaltest.py' |
165 | --- testing/tests/finaltest.py 2011-11-07 15:08:24 +0000 |
166 | +++ testing/tests/finaltest.py 2012-12-02 16:39:20 +0000 |
167 | @@ -168,6 +168,16 @@ |
168 | self.test_basic_cycle(backup_options = backup_options, |
169 | restore_options = restore_options) |
170 | |
171 | + def test_asym_with_hidden_recipient_cycle(self): |
172 | + """Like test_basic_cycle but use asymmetric encryption (hidding key id) and signing""" |
173 | + backup_options = ["--hidden-encrypt-key " + helper.encrypt_key1, |
174 | + "--sign-key " + helper.sign_key] |
175 | + restore_options = ["--hidden-encrypt-key " + helper.encrypt_key1, |
176 | + "--sign-key " + helper.sign_key] |
177 | + helper.set_environ("SIGN_PASSPHRASE", helper.sign_passphrase) |
178 | + self.test_basic_cycle(backup_options = backup_options, |
179 | + restore_options = restore_options) |
180 | + |
181 | def test_single_regfile(self): |
182 | """Test backing and restoring up a single regular file""" |
183 | self.runtest(["testfiles/various_file_types/regular_file"]) |
184 | |
185 | === modified file 'testing/tests/gpgtest.py' |
186 | --- testing/tests/gpgtest.py 2011-11-04 12:48:04 +0000 |
187 | +++ testing/tests/gpgtest.py 2012-12-02 16:39:20 +0000 |
188 | @@ -87,6 +87,17 @@ |
189 | recipients = [helper.encrypt_key1]) |
190 | self.gpg_cycle("aoeu" * 10000, profile2) |
191 | |
192 | + def test_gpg_hidden_asym(self): |
193 | + """Test GPG asymmetric encryption with hidden key id""" |
194 | + profile = gpg.GPGProfile(passphrase = helper.sign_passphrase, |
195 | + hidden_recipients = [helper.encrypt_key1, |
196 | + helper.encrypt_key2]) |
197 | + self.gpg_cycle("aoensutha aonetuh saoe", profile) |
198 | + |
199 | + profile2 = gpg.GPGProfile(passphrase = helper.sign_passphrase, |
200 | + hidden_recipients = [helper.encrypt_key1]) |
201 | + self.gpg_cycle("aoeu" * 10000, profile2) |
202 | + |
203 | def test_gpg_signing(self): |
204 | """Test to make sure GPG reports the proper signature key""" |
205 | self.deltmp() |
206 | @@ -107,6 +118,26 @@ |
207 | sig = decrypted_file.get_signature() |
208 | assert sig == helper.sign_key, sig |
209 | |
210 | + def test_gpg_signing_and_hidden_encryption(self): |
211 | + """Test to make sure GPG reports the proper signature key even with hidden encryption key id""" |
212 | + self.deltmp() |
213 | + plaintext = "hello" * 50000 |
214 | + |
215 | + signing_profile = gpg.GPGProfile(passphrase = helper.sign_passphrase, |
216 | + sign_key = helper.sign_key, |
217 | + hidden_recipients = [helper.encrypt_key1]) |
218 | + |
219 | + epath = path.Path("testfiles/output/encrypted_file") |
220 | + encrypted_signed_file = gpg.GPGFile(1, epath, signing_profile) |
221 | + encrypted_signed_file.write(plaintext) |
222 | + encrypted_signed_file.close() |
223 | + |
224 | + decrypted_file = gpg.GPGFile(0, epath, signing_profile) |
225 | + assert decrypted_file.read() == plaintext |
226 | + decrypted_file.close() |
227 | + sig = decrypted_file.get_signature() |
228 | + assert sig == helper.sign_key, sig |
229 | + |
230 | def test_GPGWriteFile(self): |
231 | """Test GPGWriteFile""" |
232 | self.deltmp() |
233 | |
234 | === modified file 'testing/tests/restarttest.py' |
235 | --- testing/tests/restarttest.py 2012-11-19 14:13:59 +0000 |
236 | +++ testing/tests/restarttest.py 2012-12-02 16:39:20 +0000 |
237 | @@ -253,6 +253,23 @@ |
238 | self.backup("full", "testfiles/largefiles", options = enc_opts) |
239 | self.verify("testfiles/largefiles") |
240 | |
241 | + def test_restart_sign_and_hidden_encrypt(self): |
242 | + """ |
243 | + Test restarting a backup using same key for sign and encrypt (hidden key id) |
244 | + https://bugs.launchpad.net/duplicity/+bug/946988 |
245 | + """ |
246 | + self.make_largefiles() |
247 | + enc_opts = ["--sign-key " + helper.sign_key, "--hidden-encrypt-key " + helper.sign_key] |
248 | + # Force a failure partway through |
249 | + try: |
250 | + self.backup("full", "testfiles/largefiles", options = ["--vols 1", "--fail 2"] + enc_opts) |
251 | + self.fail() |
252 | + except CmdError, e: |
253 | + self.assertEqual(30, e.exit_status) |
254 | + # Now finish that backup |
255 | + self.backup("full", "testfiles/largefiles", options = enc_opts) |
256 | + self.verify("testfiles/largefiles") |
257 | + |
258 | def test_last_file_missing_in_middle(self): |
259 | """ |
260 | Test restart when the last file being backed up is missing on restart. |
hi,
1. there is a typo in the manpage change.
2. how does it work on restoring? wouldn't gpg have to ask for a keyid to use?
..ede