|
| From: | Kenneth Loafman |
| Subject: | Re: [Duplicity-talk] remove-all-inc-of-but-n-full <num> and decryption |
| Date: | Sun, 8 Nov 2015 10:21:38 -0600 |
Ok - clear. I was sort of hoping the comparison to the accuracy of the collection data would by by something like a signed signature (so you know source and destination are in sync) — after which you can do it from the source side its ‘in the clear copy' ‘safely’ without needing to have a private key involved in the safe purging of (old) backups. (As I sort of need to give duplicity credentials that on sftp level already allow that environment to ‘corrupt’ my backups).Dw.On 01 Nov 2015, at 13:12, Kenneth Loafman <address@hidden> wrote:Collection-status does not make any changes to the collection. Right now, any command that changes the collection causes a sync of local and remote metadata, which causes a need for the key to unlock the remote metadata for comparison.At some point that will be fixed, but not soon._______________________________________________On Sat, Oct 31, 2015 at 12:36 PM, Dirk-Willem van Gulik <address@hidden> wrote:Right - I assume you mean this the other way round ? Remote encrypted, local copy not.
What I am trying to understand — I am trying to clean up the all-inc-but-n “from” the local. And was sort of hoping that would not require access to the private key used (which is in fact kept off-line).
I noted that if I do a normal "collection-status” — one gets pretty much exactly the info you need to do such a cleanup.
So i am a bit confused as to why this needs access to the GPG private key.
Thanks,
Dw.
> On 30 Oct 2015, at 16:27, Kenneth Loafman <address@hidden> wrote:
>
> Being dense, sorry!
>
> Whenever you see Synchronizing remote metadata to local cache, duplicity is going to need your passphrase in order to decrypt the manifest. It's encrypted on the remote, but not on local, so the local copy has to be decrypted.
>
> ...Ken
>
>
>
>
> On Thu, Oct 29, 2015 at 10:31 AM, Dirk-Willem van Gulik <address@hidden> wrote:
> Yes, absolutely. This is in a long fuctioning tower of Hanoi incr/full dump setup.
>
> To which we now want to add auto cleanup of ancient dumps/superseded incrementals. With as little credentials as possible.
>
> Note the prompt for a gpg password.
>
> Dw.
>
> On 29 Oct 2015, at 14:26, Kenneth Loafman <address@hidden> wrote:
>
>> Is backup-xs-key set up without a passphrase?
>>
>> Can you ssh into the target manually?
>>
>>
>> On Thu, Oct 29, 2015 at 7:02 AM, Dirk-Willem van Gulik <address@hidden> wrote:
>>
>> > On 29 Oct 2015, at 12:57, Dirk-Willem van Gulik <address@hidden> wrote:
>> >
>> >
>> >> On 29 Oct 2015, at 12:41, Kenneth Loafman <address@hidden> wrote:
>> >>
>> >> The newest versions do not. What version are you running?
>> >>
>> >
>> > the ‘un’stable branch: duplicity 0.7.02 under python 7. Worth going to the 7.05 — nothing springs out in the release messages.
>>
>> No joy on 7.05
>>
>> $/usr/local/bin/python2.7 /usr/local/bin/duplicity-7.05 \
>> remove-all-inc-of-but-n-full 2 \
>> --ssh-options "-oIdentityFile=/home/backup-xxx/backup-xs-key” \
>> pexpect+sftp://address@hidden
>> Synchronizing remote metadata to local cache..
>> GnuPG passphrase: …
>> ctrl-C
>> $
>>
>> which version should I go to ?
>>
>> > Dw
>> >
>> >
>> >
>> >> On Wed, Oct 28, 2015 at 12:06 PM, Dirk-Willem van Gulik <address@hidden> wrote:
>> >> Can someone help me understand why the ‘remove-all-inc-of-but-n-full’ et.al. flags of a pub-key-ed backup require the decryption key (while the basic info needed seems accessible to flags like collection-status without such key) ?
>> >>
>> >> Much appreciated,
>> >>
>> >> Dw
>> >>
>> >>
>> >> _______________________________________________
>> >> Duplicity-talk mailing list
>> >> address@hidden
>> >> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>> >>
>> >> _______________________________________________
>> >> Duplicity-talk mailing list
>> >> address@hidden
>> >> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>> >
>> >
>> > _______________________________________________
>> > Duplicity-talk mailing list
>> > address@hidden
>> > https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>> >
>>
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
| [Prev in Thread] | Current Thread | [Next in Thread] |