Duplicity

Merge lp:~ross-ross-williams/duplicity/gpg-agent-fix into lp:duplicity/0.6

  1. gpg-agent-fix
  2. Merge into 0.6-series
Proposed by Ross Williams
Status: Merged
Merged at revision: 786
Proposed branch: lp:~ross-ross-williams/duplicity/gpg-agent-fix
Merge into: lp:duplicity/0.6
Diff against target: 47 lines (+18/-6)
1 file modified
duplicity/gpg.py (+18/-6)
To merge this branch: bzr merge lp:~ross-ross-williams/duplicity/gpg-agent-fix
Reviewer Review Type Date Requested Status
duplicity-team Pending
Review via email: mp+74278@code.launchpad.net

Description of the change

Have gpg.py check whether use_agent is enabled before asking GnuPGInterface to create a passphrase file descriptor. This works around a GnuPG 2.x-related issue in which --passphrase-fd takes priority over --use-agent as the source of the passphrase. The opposite was true in GnuPG 1.x, so this bug only occurs when using gpg2.

To post a comment you must log in.
Revision history for this message
edso (ed.so) wrote :

On 06.09.2011 20:59, Ross Williams wrote:
> Ross Williams has proposed merging lp:~ross-ross-williams/duplicity/gpg-agent-fix into lp:duplicity.
>
> Requested reviews:
> duplicity-team (duplicity-team)
> Related bugs:
> Bug #842990 in Duplicity: "use-agent doesn't work with gpg2"
> https://bugs.launchpad.net/duplicity/+bug/842990
>
> For more details, see:
> https://code.launchpad.net/~ross-ross-williams/duplicity/gpg-agent-fix/+merge/74278
>
> Have gpg.py check whether use_agent is enabled before asking GnuPGInterface to create a passphrase file descriptor. This works around a GnuPG 2.x-related issue in which --passphrase-fd takes priority over --use-agent as the source of the passphrase. The opposite was true in GnuPG 1.x, so this bug only occurs when using gpg2.

nice.. does it work for gpg1 and 2 now? ..ede/duply.net

Revision history for this message
Ross Williams (ross-ross-williams) wrote :

It doesn't break gpg1, and I'm successfully using gpg2 with separate encryption and signing keys. I have tested also without using gpg-agent, and that works fine.

On Sep 6, 2011, at 3:45 PM, edso <email address hidden> wrote:

> On 06.09.2011 20:59, Ross Williams wrote:
>> Ross Williams has proposed merging lp:~ross-ross-williams/duplicity/gpg-agent-fix into lp:duplicity.
>>
>> Requested reviews:
>> duplicity-team (duplicity-team)
>> Related bugs:
>> Bug #842990 in Duplicity: "use-agent doesn't work with gpg2"
>> https://bugs.launchpad.net/duplicity/+bug/842990
>>
>> For more details, see:
>> https://code.launchpad.net/~ross-ross-williams/duplicity/gpg-agent-fix/+merge/74278
>>
>> Have gpg.py check whether use_agent is enabled before asking GnuPGInterface to create a passphrase file descriptor. This works around a GnuPG 2.x-related issue in which --passphrase-fd takes priority over --use-agent as the source of the passphrase. The opposite was true in GnuPG 1.x, so this bug only occurs when using gpg2.
>
>
> nice.. does it work for gpg1 and 2 now? ..ede/duply.net
>
> --
> https://code.launchpad.net/~ross-ross-williams/duplicity/gpg-agent-fix/+merge/74278
> You are the owner of lp:~ross-ross-williams/duplicity/gpg-agent-fix.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'duplicity/gpg.py'
--- duplicity/gpg.py 2011-07-16 18:37:47 +0000
+++ duplicity/gpg.py 2011-09-06 19:10:12 +0000
@@ -131,25 +131,37 @@
131 cmdlist.append('--symmetric')131 cmdlist.append('--symmetric')
132 # use integrity protection132 # use integrity protection
133 gnupg.options.extra_args.append('--force-mdc')133 gnupg.options.extra_args.append('--force-mdc')
134 p1 = gnupg.run(cmdlist, create_fhs=['stdin', 'passphrase'],134 # Skip the passphrase if using the agent
135 if globals.use_agent:
136 gnupg_fhs = ['stdin',]
137 else:
138 gnupg_fhs = ['stdin','passphrase']
139 p1 = gnupg.run(cmdlist, create_fhs=gnupg_fhs,
135 attach_fhs={'stdout': encrypt_path.open("wb"),140 attach_fhs={'stdout': encrypt_path.open("wb"),
136 'stderr': self.stderr_fp,141 'stderr': self.stderr_fp,
137 'logger': self.logger_fp})142 'logger': self.logger_fp})
138 p1.handles['passphrase'].write(passphrase)143 if not(globals.use_agent):
139 p1.handles['passphrase'].close()144 p1.handles['passphrase'].write(passphrase)
145 p1.handles['passphrase'].close()
140 self.gpg_input = p1.handles['stdin']146 self.gpg_input = p1.handles['stdin']
141 else:147 else:
142 if profile.recipients and profile.encrypt_secring:148 if profile.recipients and profile.encrypt_secring:
143 cmdlist.append('--secret-keyring')149 cmdlist.append('--secret-keyring')
144 cmdlist.append(profile.encrypt_secring)150 cmdlist.append(profile.encrypt_secring)
145 self.status_fp = tempfile.TemporaryFile()151 self.status_fp = tempfile.TemporaryFile()
146 p1 = gnupg.run(['--decrypt'], create_fhs=['stdout', 'passphrase'],152 # Skip the passphrase if using the agent
153 if globals.use_agent:
154 gnupg_fhs = ['stdout',]
155 else:
156 gnupg_fhs = ['stdout','passphrase']
157 p1 = gnupg.run(['--decrypt'], create_fhs=gnupg_fhs,
147 attach_fhs={'stdin': encrypt_path.open("rb"),158 attach_fhs={'stdin': encrypt_path.open("rb"),
148 'status': self.status_fp,159 'status': self.status_fp,
149 'stderr': self.stderr_fp,160 'stderr': self.stderr_fp,
150 'logger': self.logger_fp})161 'logger': self.logger_fp})
151 p1.handles['passphrase'].write(passphrase)162 if not(globals.use_agent):
152 p1.handles['passphrase'].close()163 p1.handles['passphrase'].write(passphrase)
164 p1.handles['passphrase'].close()
153 self.gpg_output = p1.handles['stdout']165 self.gpg_output = p1.handles['stdout']
154 self.gpg_process = p1166 self.gpg_process = p1
155 self.encrypt = encrypt167 self.encrypt = encrypt

Subscribers

People subscribed via source and target branches

to all changes: