Duplicity

Merge lp:~mterry/duplicity/resume-encrypt-no-pass into lp:~duplicity-team/duplicity/0.8-series

  1. resume-encrypt-no-pass
  2. Merge into 0.8-series
Proposed by Michael Terry
Status: Merged
Merged at revision: 1503
Proposed branch: lp:~mterry/duplicity/resume-encrypt-no-pass
Merge into: lp:~duplicity-team/duplicity/0.8-series
Diff against target: 61 lines (+25/-2)
2 files modified
duplicity/dup_main.py (+9/-2)
testing/functional/test_restart.py (+16/-0)
To merge this branch: bzr merge lp:~mterry/duplicity/resume-encrypt-no-pass
Reviewer Review Type Date Requested Status
duplicity-team Pending
Review via email: mp+375468@code.launchpad.net

Description of the change

This branch arose from a Debian patch that has been disabling the encryption validation of volume1 during restarts for years.

Debian has been preserving the ability to back up with just an encrypt key and no password (i.e. to have no secrets on the backup machine).

This seems like a reasonable use case. So here's a patch to skip encryption validation in that scenario.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'duplicity/dup_main.py'
2--- duplicity/dup_main.py 2019-09-22 23:44:56 +0000
3+++ duplicity/dup_main.py 2019-11-13 04:19:44 +0000
4@@ -153,14 +153,14 @@
5 # there is no sign_key and there are recipients
6 elif (action == u"full" and
7 (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) and not
8- globals.gpg_profile.sign_key and not globals.restart):
9+ globals.gpg_profile.sign_key):
10 return u""
11
12 # for an inc backup, we don't need a password if
13 # there is no sign_key and there are recipients
14 elif (action == u"inc" and
15 (globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) and not
16- globals.gpg_profile.sign_key and not globals.restart):
17+ globals.gpg_profile.sign_key):
18 return u""
19
20 # Finally, ask the user for the passphrase
21@@ -346,6 +346,13 @@
22 from encrypted to non in the middle of a backup chain), so we check
23 that the vol1 filename on the server matches the settings of this run.
24 """
25+ if ((globals.gpg_profile.recipients or globals.gpg_profile.hidden_recipients) and
26+ not globals.gpg_profile.sign_key):
27+ # When using gpg encryption without a signing key, we skip this validation
28+ # step to ensure that we can still backup without needing the secret key
29+ # on the machine.
30+ return
31+
32 vol1_filename = file_naming.get(backup_type, 1,
33 encrypted=globals.encryption,
34 gzipped=globals.compression)
35
36=== modified file 'testing/functional/test_restart.py'
37--- testing/functional/test_restart.py 2019-09-26 14:58:52 +0000
38+++ testing/functional/test_restart.py 2019-11-13 04:19:44 +0000
39@@ -79,6 +79,22 @@
40 self.backup(u"full", u"testfiles/largefiles")
41 self.verify(u"testfiles/largefiles")
42
43+ def test_restart_encrypt_without_password(self):
44+ u"""
45+ Test that we can successfully restart a encrypt-key-only backup without
46+ providing a password for it. (Normally, we'd need to decrypt the first
47+ volume, but there is special code to skip that with an encrypt key.)
48+ """
49+ self.set_environ(u'PASSPHRASE', None)
50+ self.set_environ(u'SIGN_PASSPHRASE', None)
51+ self.make_largefiles()
52+ enc_opts = [u"--encrypt-key", self.encrypt_key1]
53+ self.backup(u"full", u"testfiles/largefiles", options=enc_opts, fail=2)
54+ self.backup(u"full", u"testfiles/largefiles", options=enc_opts)
55+
56+ self.set_environ(u'PASSPHRASE', self.sign_passphrase)
57+ self.verify(u"testfiles/largefiles")
58+
59 def test_restart_sign_and_encrypt(self):
60 u"""
61 Test restarting a backup using same key for sign and encrypt

Subscribers

People subscribed via source and target branches