Duplicity

Merge lp:~lenharo-h/duplicity/duplicity into lp:duplicity/0.6

  1. duplicity
  2. Merge into 0.6-series
Proposed by Marcos Lenharo
Status: Merged
Approved by: edso
Approved revision: 901
Merged at revision: 899
Proposed branch: lp:~lenharo-h/duplicity/duplicity
Merge into: lp:duplicity/0.6
Diff against target: 260 lines (+97/-9)
8 files modified
bin/duplicity (+8/-6)
bin/duplicity.1 (+11/-0)
duplicity/commandline.py (+6/-0)
duplicity/gpg.py (+12/-3)
duplicity/gpginterface.py (+2/-0)
testing/tests/finaltest.py (+10/-0)
testing/tests/gpgtest.py (+31/-0)
testing/tests/restarttest.py (+17/-0)
To merge this branch: bzr merge lp:~lenharo-h/duplicity/duplicity
Reviewer Review Type Date Requested Status
edso Approve
Review via email: mp+137424@code.launchpad.net

This proposal supersedes a proposal from 2012-11-21.

Description of the change

Hi,

I thought that we could also generate encrypted backups without revealing the user's key id.
So I created a new switch (--hidden-encrypt-key) that will act like --encrypt-key but will use gpg's --hidden-recipient switch instead of --recipient.

Please, let me know if you need more info.

Thanks,
Marcos

To post a comment you must log in.
Revision history for this message
edso (ed.so) wrote : Posted in a previous version of this proposal

hi,

1. there is a typo in the manpage change.
2. how does it work on restoring? wouldn't gpg have to ask for a keyid to use?

..ede

review: Needs Fixing
Revision history for this message
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal

Hi,

the typo was fixed and already pushed.

Regarding restoring, if you only have hidden-recipients on you encrypted
file, gpg will try every secret key you have on your keyring and use the
right one if it finds it.
Otherwise it will say that didn't find a secret key. Like the following:

[tmp]$ gpg duplicity-full.20121121T001521Z.vol1.difftar.gpg
gpg: anonymous recipient; trying secret key 12345678 ...
gpg: anonymous recipient; trying secret key 9ABCDEF0...
*gpg: okay, we are the anonymous recipient.*
gpg: encrypted with RSA key, ID 00000000
...

or

[tmp]$ gpg duplicity-full.20121121T001521Z.vol1.difftar.gpg
gpg: anonymous recipient; trying secret key 12345678 ...
gpg: anonymous recipient; trying secret key 87654321 ...
gpg: encrypted with RSA key, ID 00000000
*gpg: decryption failed: No secret key*

Please let me know if you have questions on other scenarios.
Best Regards,

Marcos A. Lenharo

On 21-11-2012 08:11, edso wrote:
> Review: Needs Fixing
>
> hi,
>
> 1. there is a typo in the manpage change.
> 2. how does it work on restoring? wouldn't gpg have to ask for a keyid to use?
>
> ..ede

Revision history for this message
edso (ed.so) wrote : Posted in a previous version of this proposal

On 21.11.2012 14:03, Marcos Aurelio Lenharo wrote:
> Hi,
>
> the typo was fixed and already pushed.
>
> Regarding restoring, if you only have hidden-recipients on you encrypted file, gpg will try every secret key you have on your keyring and use the right one if it finds it.

[snip]
>
>
> Please let me know if you have questions on other scenarios.
> Best Regards,
>

otherwise it looked good to me.

maybe it'd make sense to mention 'uses gpg --hidden-recipient' and 'try's every key' in the manpage as well.

..ede/duply.net

Revision history for this message
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal

Hi,

It seems to be better now. Please, take a look on revision 900.

Best Regards,

Marcos A. Lenharo

On 21-11-2012 11:46, edso wrote:
> On 21.11.2012 14:03, Marcos Aurelio Lenharo wrote:
>> Hi,
>>
>> the typo was fixed and already pushed.
>>
>> Regarding restoring, if you only have hidden-recipients on you encrypted file, gpg will try every secret key you have on your keyring and use the right one if it finds it.
> [snip]
>>
>> Please let me know if you have questions on other scenarios.
>> Best Regards,
>>
> otherwise it looked good to me.
>
> maybe it'd make sense to mention 'uses gpg --hidden-recipient' and 'try's every key' in the manpage as well.
>
> ..ede/duply.net
>

Revision history for this message
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal

Has anyone tried restore with the _ssh_pexpect backend?

Revision history for this message
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal

No, but I can try it later.
Why?

Regards
Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:

> Has anyone tried restore with the _ssh_pexpect backend?
> --
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>

Revision history for this message
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal

It will need to be modded, probably, since the responses from gpg are
different.

On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden> wrote:

> No, but I can try it later.
> Why?
>
> Regards
> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
>
> > Has anyone tried restore with the _ssh_pexpect backend?
> > --
> > https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> > You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >
>
> --
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> You are subscribed to branch lp:duplicity.
>

Revision history for this message
edso (ed.so) wrote : Posted in a previous version of this proposal

how does a specific backend directly deal with gpg? isn't that the job of gpg_interface?

..ede

On 22.11.2012 15:38, Kenneth Loafman wrote:
> It will need to be modded, probably, since the responses from gpg are
> different.
>
> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden> wrote:
>
>> No, but I can try it later.
>> Why?
>>
>> Regards
>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
>>
>>> Has anyone tried restore with the _ssh_pexpect backend?
>>> --
>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>
>>
>> --
>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>> You are subscribed to branch lp:duplicity.
>>
>

Revision history for this message
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal

It uses pexpect to check the return strings. Sometimes that's from gpg.

...Ken

On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:

> how does a specific backend directly deal with gpg? isn't that the job of
> gpg_interface?
>
> ..ede
>
> On 22.11.2012 15:38, Kenneth Loafman wrote:
> > It will need to be modded, probably, since the responses from gpg are
> > different.
> >
> > On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
> wrote:
> >
> >> No, but I can try it later.
> >> Why?
> >>
> >> Regards
> >> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
> >>
> >>> Has anyone tried restore with the _ssh_pexpect backend?
> >>> --
> >>>
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >>>
> >>
> >> --
> >> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >> You are subscribed to branch lp:duplicity.
> >>
> >
>
>
> --
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> You are subscribed to branch lp:duplicity.
>

Revision history for this message
edso (ed.so) wrote : Posted in a previous version of this proposal

just scanned
http://bazaar.launchpad.net/~duplicity-team/duplicity/0.6-series/view/head:/duplicity/backends/_ssh_pexpect.py
and can only see sftp and scp being used.

what am i missing?

..ede

On 22.11.2012 15:55, Kenneth Loafman wrote:
> It uses pexpect to check the return strings. Sometimes that's from gpg.
>
> ...Ken
>
> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
>
>> how does a specific backend directly deal with gpg? isn't that the job of
>> gpg_interface?
>>
>> ..ede
>>
>> On 22.11.2012 15:38, Kenneth Loafman wrote:
>>> It will need to be modded, probably, since the responses from gpg are
>>> different.
>>>
>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
>> wrote:
>>>
>>>> No, but I can try it later.
>>>> Why?
>>>>
>>>> Regards
>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden> escreveu:
>>>>
>>>>> Has anyone tried restore with the _ssh_pexpect backend?
>>>>> --
>>>>>
>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>>>
>>>>
>>>> --
>>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>> You are subscribed to branch lp:duplicity.
>>>>
>>>
>>
>>
>> --
>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>> You are subscribed to branch lp:duplicity.
>>
>

Revision history for this message
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal

Look at the responses from sftp and scp. If the gpg response is expected,
check that the new option supplies that, otherwise we have to match on
additional strings.

...Ken

On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:

> just scanned
>
> http://bazaar.launchpad.net/~duplicity-team/duplicity/0.6-series/view/head:/duplicity/backends/_ssh_pexpect.py
> and can only see sftp and scp being used.
>
> what am i missing?
>
> ..ede
>
> On 22.11.2012 15:55, Kenneth Loafman wrote:
> > It uses pexpect to check the return strings. Sometimes that's from gpg.
> >
> > ...Ken
> >
> > On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
> >
> >> how does a specific backend directly deal with gpg? isn't that the job
> of
> >> gpg_interface?
> >>
> >> ..ede
> >>
> >> On 22.11.2012 15:38, Kenneth Loafman wrote:
> >>> It will need to be modded, probably, since the responses from gpg are
> >>> different.
> >>>
> >>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
> >> wrote:
> >>>
> >>>> No, but I can try it later.
> >>>> Why?
> >>>>
> >>>> Regards
> >>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
> escreveu:
> >>>>
> >>>>> Has anyone tried restore with the _ssh_pexpect backend?
> >>>>> --
> >>>>>
> >> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >>>>>
> >>>>
> >>>> --
> >>>>
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>>> You are subscribed to branch lp:duplicity.
> >>>>
> >>>
> >>
> >>
> >> --
> >> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >> You are subscribed to branch lp:duplicity.
> >>
> >
>
> --
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> You are subscribed to branch lp:duplicity.
>

Revision history for this message
edso (ed.so) wrote : Posted in a previous version of this proposal

you totally loose me here :( sorry...

the patch provided by Lenharo merely changes the way how gpg_interface.py encrypts the datastream locally. did you have a look at what is actually patched?
http://bazaar.launchpad.net/~lenharo-h/duplicity/duplicity/revision/898

it does in no way affect up/downloading in any backend as far as i can see. still you come across convincing, so i might miss something ;)

..ede

On 22.11.2012 17:31, Kenneth Loafman wrote:
> Look at the responses from sftp and scp. If the gpg response is expected,
> check that the new option supplies that, otherwise we have to match on
> additional strings.
>
> ...Ken
>
> On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
>
>> just scanned
>>
>> http://bazaar.launchpad.net/~duplicity-team/duplicity/0.6-series/view/head:/duplicity/backends/_ssh_pexpect.py
>> and can only see sftp and scp being used.
>>
>> what am i missing?
>>
>> ..ede
>>
>> On 22.11.2012 15:55, Kenneth Loafman wrote:
>>> It uses pexpect to check the return strings. Sometimes that's from gpg.
>>>
>>> ...Ken
>>>
>>> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
>>>
>>>> how does a specific backend directly deal with gpg? isn't that the job
>> of
>>>> gpg_interface?
>>>>
>>>> ..ede
>>>>
>>>> On 22.11.2012 15:38, Kenneth Loafman wrote:
>>>>> It will need to be modded, probably, since the responses from gpg are
>>>>> different.
>>>>>
>>>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
>>>> wrote:
>>>>>
>>>>>> No, but I can try it later.
>>>>>> Why?
>>>>>>
>>>>>> Regards
>>>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
>> escreveu:
>>>>>>
>>>>>>> Has anyone tried restore with the _ssh_pexpect backend?
>>>>>>> --
>>>>>>>
>>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>>>> You are subscribed to branch lp:duplicity.
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>> You are subscribed to branch lp:duplicity.
>>>>
>>>
>>
>> --
>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>> You are subscribed to branch lp:duplicity.
>>
>

Revision history for this message
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal

Hi,

without looking into the code ede seems right.

Anyway, I made the following test:

duplicity --hidden-encrypt-key=12345678 --use-scp --ssh-backend pexpect
source scp://target//tmp/test
duplicity --use-scp --ssh-backend pexpect scp://target//tmp/test /tmp/scr

And it behaved like expected: asked for GPG passphrase and restored the
backup.
Did I do it right?

Best Regards,

Marcos A. Lenharo

On 22-11-2012 14:40, edso wrote:
> you totally loose me here :( sorry...
>
> the patch provided by Lenharo merely changes the way how gpg_interface.py encrypts the datastream locally. did you have a look at what is actually patched?
> http://bazaar.launchpad.net/~lenharo-h/duplicity/duplicity/revision/898
>
> it does in no way affect up/downloading in any backend as far as i can see. still you come across convincing, so i might miss something ;)
>
> ..ede
>
>
> On 22.11.2012 17:31, Kenneth Loafman wrote:
>> Look at the responses from sftp and scp. If the gpg response is expected,
>> check that the new option supplies that, otherwise we have to match on
>> additional strings.
>>
>> ...Ken
>>
>> On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
>>
>>> just scanned
>>>
>>> http://bazaar.launchpad.net/~duplicity-team/duplicity/0.6-series/view/head:/duplicity/backends/_ssh_pexpect.py
>>> and can only see sftp and scp being used.
>>>
>>> what am i missing?
>>>
>>> ..ede
>>>
>>> On 22.11.2012 15:55, Kenneth Loafman wrote:
>>>> It uses pexpect to check the return strings. Sometimes that's from gpg.
>>>>
>>>> ...Ken
>>>>
>>>> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
>>>>
>>>>> how does a specific backend directly deal with gpg? isn't that the job
>>> of
>>>>> gpg_interface?
>>>>>
>>>>> ..ede
>>>>>
>>>>> On 22.11.2012 15:38, Kenneth Loafman wrote:
>>>>>> It will need to be modded, probably, since the responses from gpg are
>>>>>> different.
>>>>>>
>>>>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
>>>>> wrote:
>>>>>>> No, but I can try it later.
>>>>>>> Why?
>>>>>>>
>>>>>>> Regards
>>>>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
>>> escreveu:
>>>>>>>> Has anyone tried restore with the _ssh_pexpect backend?
>>>>>>>> --
>>>>>>>>
>>>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
>>>>>>>>
>>>>>>> --
>>>>>>>
>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>>>>> You are subscribed to branch lp:duplicity.
>>>>>>>
>>>>>
>>>>> --
>>>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>>>> You are subscribed to branch lp:duplicity.
>>>>>
>>> --
>>> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
>>> You are subscribed to branch lp:duplicity.
>>>

Revision history for this message
Kenneth Loafman (kenneth-loafman) wrote : Posted in a previous version of this proposal

You did it right and it worked, so that's all I was asking.

...Ken

On Thu, Nov 22, 2012 at 5:55 PM, Marcos Aurelio Lenharo
<email address hidden>wrote:

> Hi,
>
> without looking into the code ede seems right.
>
> Anyway, I made the following test:
>
> duplicity --hidden-encrypt-key=12345678 --use-scp --ssh-backend pexpect
> source scp://target//tmp/test
> duplicity --use-scp --ssh-backend pexpect scp://target//tmp/test /tmp/scr
>
> And it behaved like expected: asked for GPG passphrase and restored the
> backup.
> Did I do it right?
>
> Best Regards,
>
> Marcos A. Lenharo
>
> On 22-11-2012 14:40, edso wrote:
> > you totally loose me here :( sorry...
> >
> > the patch provided by Lenharo merely changes the way how
> gpg_interface.py encrypts the datastream locally. did you have a look at
> what is actually patched?
> > http://bazaar.launchpad.net/~lenharo-h/duplicity/duplicity/revision/898
> >
> > it does in no way affect up/downloading in any backend as far as i can
> see. still you come across convincing, so i might miss something ;)
> >
> > ..ede
> >
> >
> > On 22.11.2012 17:31, Kenneth Loafman wrote:
> >> Look at the responses from sftp and scp. If the gpg response is
> expected,
> >> check that the new option supplies that, otherwise we have to match on
> >> additional strings.
> >>
> >> ...Ken
> >>
> >> On Thu, Nov 22, 2012 at 9:04 AM, edso <email address hidden> wrote:
> >>
> >>> just scanned
> >>>
> >>>
> http://bazaar.launchpad.net/~duplicity-team/duplicity/0.6-series/view/head:/duplicity/backends/_ssh_pexpect.py
> >>> and can only see sftp and scp being used.
> >>>
> >>> what am i missing?
> >>>
> >>> ..ede
> >>>
> >>> On 22.11.2012 15:55, Kenneth Loafman wrote:
> >>>> It uses pexpect to check the return strings. Sometimes that's from
> gpg.
> >>>>
> >>>> ...Ken
> >>>>
> >>>> On Thu, Nov 22, 2012 at 8:46 AM, edso <email address hidden> wrote:
> >>>>
> >>>>> how does a specific backend directly deal with gpg? isn't that the
> job
> >>> of
> >>>>> gpg_interface?
> >>>>>
> >>>>> ..ede
> >>>>>
> >>>>> On 22.11.2012 15:38, Kenneth Loafman wrote:
> >>>>>> It will need to be modded, probably, since the responses from gpg
> are
> >>>>>> different.
> >>>>>>
> >>>>>> On Thu, Nov 22, 2012 at 7:01 AM, Marcos Lenharo <email address hidden>
> >>>>> wrote:
> >>>>>>> No, but I can try it later.
> >>>>>>> Why?
> >>>>>>>
> >>>>>>> Regards
> >>>>>>> Em 22/11/2012 10:52, "Kenneth Loafman" <email address hidden>
> >>> escreveu:
> >>>>>>>> Has anyone tried restore with the _ssh_pexpect backend?
> >>>>>>>> --
> >>>>>>>>
> >>>>>
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>>>>>>> You are the owner of lp:~lenharo-h/duplicity/duplicity.
> >>>>>>>>
> >>>>>>> --
> >>>>>>>
> >>>
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>>>>>> You are subscribed to branch lp:duplicity.
> >>>>>>>
> >>>>>
> >>>>> --
> >>>>>
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>>>> You are subscribed to branch lp:duplicity.
> >>>>>
> >>> --
> >>>
> https://code.launchpad.net/~lenharo-h/duplicity/duplicity/+merge/135300
> >>> You are subscribed to branch lp:duplicity.
> >>>
>
>

Revision history for this message
edso (ed.so) wrote : Posted in a previous version of this proposal
Download full text (6.9 KiB)

On 23.11.2012 16:46, Kenneth Loafman wrote:
> We should check against the other backends,

that does not hurt. but why is it necessary? gpg encryption is in no way connected to our backends. volumes are built. when finished uploaded. the same in reverse for restoring. a two step process, which is totally separated. gpg is already done when volumes are loaded up or the other way around.

>plus check what happens if this option is used on an older gpg.

just checked the gpg-1.4 changelog (attached). the options seems to around at least since 2002, so it is actually no new option.

also gpg errors are shown to the user, so if gpg would not support the option it'll tell the user so.

> Do we catch the errors properly or simply ignore them? We probably need to add some test cases for this one as well.

that's analogue to our current scenario if the private key on restore is missing or the entered passphrase is plain wrong. gpg fails and a stack is shown.

while i really don't insist on this functionality (don't need it), i don't see why you treat as a major change, as if it had the possibility to break the application completely.

on the other hand, it's only fair to have contributors with new functionality add a test case.
@Lenharo: would you do so?

..ede

> ...Ken
>
> On Fri, Nov 23, 2012 at 9:24 AM, <<email address hidden> <mailto:<email address hidden>>> wrote:
>
> still i wonder why it was necessary, as opposed testing it against any other backend we got.
>
> ..ede
>
> On 23.11.2012 13:42, Kenneth Loafman wrote:
> > You did it right and it worked, so that's all I was asking.
> >
> > ...Ken
> >
> > On Thu, Nov 22, 2012 at 5:55 PM, Marcos Aurelio Lenharo <<email address hidden> <mailto:<email address hidden>> <mailto:<email address hidden> <mailto:<email address hidden>>>> wrote:
> >
> > Hi,
> >
> > without looking into the code ede seems right.
> >
> > Anyway, I made the following test:
> >
> > duplicity --hidden-encrypt-key=12345678 --use-scp --ssh-backend pexpect
> > source scp://target//tmp/test
> > duplicity --use-scp --ssh-backend pexpect scp://target//tmp/test /tmp/scr
> >
> > And it behaved like expected: asked for GPG passphrase and restored the
> > backup.
> > Did I do it right?
> >
> > Best Regards,
> >
> > Marcos A. Lenharo
> >
> > On 22-11-2012 14:40, edso wrote:
> > > you totally loose me here :( sorry...
> > >
> > > the patch provided by Lenharo merely changes the way how gpg_interface.py encrypts the datastream locally. did you have a look at what is actually patched?
> > > http://bazaar.launchpad.net/~lenharo-h/duplicity/duplicity/revision/898 <http://bazaar.launchpad.net/%7Elenharo-h/duplicity/duplicity/revision/898> <http://bazaar.launchpad.net/%7Elenharo-h/duplicity/duplicity/revision/898>
> > >
> > > it does in no way affect up/downloading in any backend as far as i can see. still you come across convincing, so i might miss something ;)
> > >
> > > ..ede
> > >
> > >
> > > On 22.11.2012 17:31, K...

Read more...

Revision history for this message
Marcos Lenharo (lenharo-h) wrote : Posted in a previous version of this proposal
Download full text (7.7 KiB)

Hi guys,

I updated test cases to also test the new switch. They are under:
http://bazaar.launchpad.net/~lenharo-h/duplicity/duplicity/revision/901

By the way, I am using Arch Linux, which has python 2.7 and python 3
installed and the line #!/usr/bin/env *python* inside duplicity and
rdiffdir is causing python 3 to be used and the tests are failing
(mainly due to new print function).
In my repository I changed them to #!/usr/bin/env *python2* and all test
passed.

I am not a python developer so I didn't get why duplicity is working at
command line but not when called by the tests.

Best Regards,

Marcos A. Lenharo

On 23-11-2012 14:17, edso wrote:
> On 23.11.2012 16:46, Kenneth Loafman wrote:
>> We should check against the other backends,
> that does not hurt. but why is it necessary? gpg encryption is in no way connected to our backends. volumes are built. when finished uploaded. the same in reverse for restoring. a two step process, which is totally separated. gpg is already done when volumes are loaded up or the other way around.
>
>> plus check what happens if this option is used on an older gpg.
> just checked the gpg-1.4 changelog (attached). the options seems to around at least since 2002, so it is actually no new option.
>
> also gpg errors are shown to the user, so if gpg would not support the option it'll tell the user so.
>
>> Do we catch the errors properly or simply ignore them? We probably need to add some test cases for this one as well.
> that's analogue to our current scenario if the private key on restore is missing or the entered passphrase is plain wrong. gpg fails and a stack is shown.
>
> while i really don't insist on this functionality (don't need it), i don't see why you treat as a major change, as if it had the possibility to break the application completely.
>
> on the other hand, it's only fair to have contributors with new functionality add a test case.
> @Lenharo: would you do so?
>
> ..ede
>
>
>> ...Ken
>>
>> On Fri, Nov 23, 2012 at 9:24 AM, <<email address hidden> <mailto:<email address hidden>>> wrote:
>>
>> still i wonder why it was necessary, as opposed testing it against any other backend we got.
>>
>> ..ede
>>
>> On 23.11.2012 13:42, Kenneth Loafman wrote:
>> > You did it right and it worked, so that's all I was asking.
>> >
>> > ...Ken
>> >
>> > On Thu, Nov 22, 2012 at 5:55 PM, Marcos Aurelio Lenharo <<email address hidden> <mailto:<email address hidden>> <mailto:<email address hidden> <mailto:<email address hidden>>>> wrote:
>> >
>> > Hi,
>> >
>> > without looking into the code ede seems right.
>> >
>> > Anyway, I made the following test:
>> >
>> > duplicity --hidden-encrypt-key=12345678 --use-scp --ssh-backend pexpect
>> > source scp://target//tmp/test
>> > duplicity --use-scp --ssh-backend pexpect scp://target//tmp/test /tmp/scr
>> >
>> > And it behaved like expected: asked for GPG passphrase and restored the
>> > backup.
>> > Did I do it right?
>> >
>> > Best Regards,
>> >
>> > Marcos A. Lenharo
>> >
>> > On 22-11-2012 14:40, edso wrote:
>> > > you totall...

Read more...

Revision history for this message
edso (ed.so) wrote :

fine with me

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'bin/duplicity'
2--- bin/duplicity 2012-11-13 21:53:24 +0000
3+++ bin/duplicity 2012-12-02 16:39:20 +0000
4@@ -93,13 +93,15 @@
5 # check if we can reuse an already set (signing_)passphrase
6 ## if signing key is also an encryption key assume that the passphrase is identical
7 if ( for_signing
8- and globals.gpg_profile.sign_key in globals.gpg_profile.recipients
9+ and (globals.gpg_profile.sign_key in globals.gpg_profile.recipients
10+ or globals.gpg_profile.sign_key in globals.gpg_profile.hidden_recipients)
11 and 'PASSPHRASE' in os.environ ):
12 log.Notice(_("Reuse configured PASSPHRASE as SIGN_PASSPHRASE"))
13 return os.environ['PASSPHRASE']
14 ## if one encryption key is also the signing key assume that the passphrase is identical
15 if ( not for_signing
16- and globals.gpg_profile.sign_key in globals.gpg_profile.recipients
17+ and (globals.gpg_profile.sign_key in globals.gpg_profile.recipients
18+ or globals.gpg_profile.sign_key in globals.gpg_profile.hidden_recipients)
19 and 'SIGN_PASSPHRASE' in os.environ ):
20 log.Notice(_("Reuse configured SIGN_PASSPHRASE as PASSPHRASE"))
21 return os.environ['SIGN_PASSPHRASE']
22@@ -127,14 +129,14 @@
23 # for a full backup, we don't need a password if
24 # there is no sign_key and there are recipients
25 elif (action == "full"
26- and globals.gpg_profile.recipients
27+ and (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients)
28 and not globals.gpg_profile.sign_key):
29 return ""
30
31 # for an inc backup, we don't need a password if
32 # there is no sign_key and there are recipients
33 elif (action == "inc"
34- and globals.gpg_profile.recipients
35+ and (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients)
36 and not globals.gpg_profile.sign_key):
37 return ""
38
39@@ -174,7 +176,7 @@
40 use_cache = False
41 continue
42
43- if not pass1 and not globals.gpg_profile.recipients and not for_signing:
44+ if not pass1 and not (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) and not for_signing:
45 print _("Cannot use empty passphrase with symmetric encryption! Please try again.")
46 use_cache = False
47 continue
48@@ -1350,7 +1352,7 @@
49
50 # if there are no recipients (no --encrypt-key), it must be a
51 # symmetric key. Therefore, confirm the passphrase
52- if not globals.gpg_profile.recipients:
53+ if not (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients):
54 globals.gpg_profile.passphrase = get_passphrase(2, action)
55 # a limitation in the GPG implementation does not allow for
56 # inputting different passphrases, this affects symmetric+sign.
57
58=== modified file 'bin/duplicity.1'
59--- bin/duplicity.1 2012-11-03 14:10:38 +0000
60+++ bin/duplicity.1 2012-12-02 16:39:20 +0000
61@@ -478,6 +478,17 @@
62 Use the GIO backend and interpret any URLs as GIO would.
63
64 .TP
65+.BI "--hidden-encrypt-key " key-id
66+Same as
67+.BR --encrypt-key ,
68+but it hides user's key id from encrypted file. It uses the gpg's
69+.B --hidden-recipient
70+command to obfuscate the owner of the backup. On restore, gpg will
71+automatically try all available secret keys in order to decrypt the
72+backup. See gpg(1) for more details.
73+
74+
75+.TP
76 .B --ignore-errors
77 Try to ignore certain errors if they happen. This option is only
78 intended to allow the restoration of a backup in the face of certain
79
80=== modified file 'duplicity/commandline.py'
81--- duplicity/commandline.py 2012-10-29 10:01:25 +0000
82+++ duplicity/commandline.py 2012-12-02 16:39:20 +0000
83@@ -350,6 +350,12 @@
84
85 parser.add_option("--gpg-options", action="extend", metavar=_("options"))
86
87+ # TRANSL: Used in usage help to represent an ID for a hidden GnuPG key. Example:
88+ # --hidden-encrypt-key <gpg_key_id>
89+ parser.add_option("--hidden-encrypt-key", type="string", metavar=_("gpg-key-id"),
90+ dest="", action="callback",
91+ callback=lambda o, s, v, p: globals.gpg_profile.hidden_recipients.append(v)) #@UndefinedVariable
92+
93 # ignore (some) errors during operations; supposed to make it more
94 # likely that you are able to restore data under problematic
95 # circumstances. the default should absolutely always be False unless
96
97=== modified file 'duplicity/gpg.py'
98--- duplicity/gpg.py 2012-10-15 17:13:08 +0000
99+++ duplicity/gpg.py 2012-12-02 16:39:20 +0000
100@@ -54,7 +54,7 @@
101 Just hold some GPG settings, avoid passing tons of arguments
102 """
103 def __init__(self, passphrase = None, sign_key = None,
104- recipients = None):
105+ recipients = None, hidden_recipients = None):
106 """
107 Set all data with initializer
108
109@@ -76,6 +76,12 @@
110 else:
111 self.recipients = []
112
113+ if hidden_recipients is not None:
114+ assert type(hidden_recipients) is types.ListType # must be list, not tuple
115+ self.hidden_recipients = hidden_recipients
116+ else:
117+ self.hidden_recipients = []
118+
119
120 class GPGFile:
121 """
122@@ -131,7 +137,10 @@
123 if profile.recipients:
124 gnupg.options.recipients = profile.recipients
125 cmdlist.append('--encrypt')
126- else:
127+ if profile.hidden_recipients:
128+ gnupg.options.hidden_recipients = profile.hidden_recipients
129+ cmdlist.append('--encrypt')
130+ if not (profile.recipients or profile.hidden_recipients):
131 cmdlist.append('--symmetric')
132 # use integrity protection
133 gnupg.options.extra_args.append('--force-mdc')
134@@ -149,7 +158,7 @@
135 p1.handles['passphrase'].close()
136 self.gpg_input = p1.handles['stdin']
137 else:
138- if profile.recipients and profile.encrypt_secring:
139+ if (profile.recipients or profile.hidden_recipients) and profile.encrypt_secring:
140 cmdlist.append('--secret-keyring')
141 cmdlist.append(profile.encrypt_secring)
142 self.status_fp = tempfile.TemporaryFile( dir=tempdir.default().dir() )
143
144=== modified file 'duplicity/gpginterface.py'
145--- duplicity/gpginterface.py 2012-10-15 17:13:08 +0000
146+++ duplicity/gpginterface.py 2012-12-02 16:39:20 +0000
147@@ -570,6 +570,7 @@
148 # lists
149 self.encrypt_to = []
150 self.recipients = []
151+ self.hidden_recipients = []
152
153 # miscellaneous arguments
154 self.extra_args = []
155@@ -602,6 +603,7 @@
156 if self.openpgp: args.append( '--openpgp' )
157
158 for r in self.recipients: args.extend( [ '--recipient', r ] )
159+ for r in self.hidden_recipients: args.extend( [ '--hidden-recipient', r ] )
160 for r in self.encrypt_to: args.extend( [ '--encrypt-to', r ] )
161
162 return args
163
164=== modified file 'testing/tests/finaltest.py'
165--- testing/tests/finaltest.py 2011-11-07 15:08:24 +0000
166+++ testing/tests/finaltest.py 2012-12-02 16:39:20 +0000
167@@ -168,6 +168,16 @@
168 self.test_basic_cycle(backup_options = backup_options,
169 restore_options = restore_options)
170
171+ def test_asym_with_hidden_recipient_cycle(self):
172+ """Like test_basic_cycle but use asymmetric encryption (hidding key id) and signing"""
173+ backup_options = ["--hidden-encrypt-key " + helper.encrypt_key1,
174+ "--sign-key " + helper.sign_key]
175+ restore_options = ["--hidden-encrypt-key " + helper.encrypt_key1,
176+ "--sign-key " + helper.sign_key]
177+ helper.set_environ("SIGN_PASSPHRASE", helper.sign_passphrase)
178+ self.test_basic_cycle(backup_options = backup_options,
179+ restore_options = restore_options)
180+
181 def test_single_regfile(self):
182 """Test backing and restoring up a single regular file"""
183 self.runtest(["testfiles/various_file_types/regular_file"])
184
185=== modified file 'testing/tests/gpgtest.py'
186--- testing/tests/gpgtest.py 2011-11-04 12:48:04 +0000
187+++ testing/tests/gpgtest.py 2012-12-02 16:39:20 +0000
188@@ -87,6 +87,17 @@
189 recipients = [helper.encrypt_key1])
190 self.gpg_cycle("aoeu" * 10000, profile2)
191
192+ def test_gpg_hidden_asym(self):
193+ """Test GPG asymmetric encryption with hidden key id"""
194+ profile = gpg.GPGProfile(passphrase = helper.sign_passphrase,
195+ hidden_recipients = [helper.encrypt_key1,
196+ helper.encrypt_key2])
197+ self.gpg_cycle("aoensutha aonetuh saoe", profile)
198+
199+ profile2 = gpg.GPGProfile(passphrase = helper.sign_passphrase,
200+ hidden_recipients = [helper.encrypt_key1])
201+ self.gpg_cycle("aoeu" * 10000, profile2)
202+
203 def test_gpg_signing(self):
204 """Test to make sure GPG reports the proper signature key"""
205 self.deltmp()
206@@ -107,6 +118,26 @@
207 sig = decrypted_file.get_signature()
208 assert sig == helper.sign_key, sig
209
210+ def test_gpg_signing_and_hidden_encryption(self):
211+ """Test to make sure GPG reports the proper signature key even with hidden encryption key id"""
212+ self.deltmp()
213+ plaintext = "hello" * 50000
214+
215+ signing_profile = gpg.GPGProfile(passphrase = helper.sign_passphrase,
216+ sign_key = helper.sign_key,
217+ hidden_recipients = [helper.encrypt_key1])
218+
219+ epath = path.Path("testfiles/output/encrypted_file")
220+ encrypted_signed_file = gpg.GPGFile(1, epath, signing_profile)
221+ encrypted_signed_file.write(plaintext)
222+ encrypted_signed_file.close()
223+
224+ decrypted_file = gpg.GPGFile(0, epath, signing_profile)
225+ assert decrypted_file.read() == plaintext
226+ decrypted_file.close()
227+ sig = decrypted_file.get_signature()
228+ assert sig == helper.sign_key, sig
229+
230 def test_GPGWriteFile(self):
231 """Test GPGWriteFile"""
232 self.deltmp()
233
234=== modified file 'testing/tests/restarttest.py'
235--- testing/tests/restarttest.py 2012-11-19 14:13:59 +0000
236+++ testing/tests/restarttest.py 2012-12-02 16:39:20 +0000
237@@ -253,6 +253,23 @@
238 self.backup("full", "testfiles/largefiles", options = enc_opts)
239 self.verify("testfiles/largefiles")
240
241+ def test_restart_sign_and_hidden_encrypt(self):
242+ """
243+ Test restarting a backup using same key for sign and encrypt (hidden key id)
244+ https://bugs.launchpad.net/duplicity/+bug/946988
245+ """
246+ self.make_largefiles()
247+ enc_opts = ["--sign-key " + helper.sign_key, "--hidden-encrypt-key " + helper.sign_key]
248+ # Force a failure partway through
249+ try:
250+ self.backup("full", "testfiles/largefiles", options = ["--vols 1", "--fail 2"] + enc_opts)
251+ self.fail()
252+ except CmdError, e:
253+ self.assertEqual(30, e.exit_status)
254+ # Now finish that backup
255+ self.backup("full", "testfiles/largefiles", options = enc_opts)
256+ self.verify("testfiles/largefiles")
257+
258 def test_last_file_missing_in_middle(self):
259 """
260 Test restart when the last file being backed up is missing on restart.

Subscribers

People subscribed via source and target branches