[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] gpg key password asked for backup after verify
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] gpg key password asked for backup after verify |
Date: |
Wed, 24 May 2017 13:39:14 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 |
On 24.05.2017 13:17, Raphael Bauduin wrote:
>
>
> On Wed, May 24, 2017 at 12:19 PM, edgar.soldin--- via Duplicity-talk
> <address@hidden <mailto:address@hidden>> wrote:
>
> On 24.05.2017 11 <tel:24.05.2017%2011>:28, Raphael Bauduin via
> Duplicity-talk wrote:
> > Hi,
> >
> > I had encrypted backups working fine for weeks on a server. As the
> encryption uses the public key, it doesn't ask for a password.
> >
> > Then I did a duplicity verify, which requires the gpg private key, and
> asks for a password.
> > The verify went fine, but since then the gpg key password is also asked
> for backups, preventing the automation.... I'm nearly sure this is linked
> >
> > I have removed the duplicity cache in ~/.cache/duplicity, but to no
> avail....
> >
> > Any suggestion?
> >
>
> 1.
> are you using duply?
>
>
> no
>
>
>
> 2.
> what is your backup command line?
>
>
> LC_ALL=en_US /bin/duplicity inc --encrypt-key 'XXXX' --exclude
> /root/.cache/duplicity --exclude /home/backups --exclude /home/restore
> --exclude /backups --include /home/sftp --include /etc --include /home
> --include /root --exclude '**' / par2+rsync://rsync/duplicity/ --verbosity
> debug
>
>
>
>
> 3.
> what's the language locale of your os?
>
>
> I'm forcing it to en_US, which worked fine.
>
> Investigating further, I think I might have deleted the cache before I did
> the verify. So not sure which one causes what.
> I took a look at the code. Here is the code in question asking for the
> password when the cache was empty, where I added a print:
> if local_missing and (rem_needpass or loc_needpass):
> if decrypt:
> # password for the --encrypt-key
> print "local_missing = %s,-- %s, -- %s" %
> (local_missing, rem_needpass, loc_needpass)
> globals.gpg_profile.passphrase = get_passphrase(1, "sync")
>
> local_missing was a set of .sigtar.gpg files, rem_needpass was True and
> loc_needpass was False.
>
> Now I have done a backup manually (providing the key password), I have the
> else clause below asking for the password although the action is inc:
>
> elif (action == "inc" and
> (globals.gpg_profile.recipients or
> globals.gpg_profile.hidden_recipients) and not
> globals.gpg_profile.sign_key and not globals.restart):
> return ""
>
> # Finally, ask the user for the passphrase
> else:
> print "action = %s" % action
> log.Info(_("PASSPHRASE variable not set, asking user."))
> use_cache = True
>
>
> globals.gpg_profile.recipients is my encryption key id,
> globals.gpg_profile.sign_key is None, but globals.restart= <__main__.Restart
> instance at 0x13a8518>
>
> So it seems that the globals.restart is set and makes the code skip the
> action == "inc" part.
>
> Any idea what the problem might be?
>
> Thanks
>
ok, your backup is restarting. restarting _needs_ to decode some information
from the backed, which can only be done w/ priv key and passphrase.
what you ran into here is essentially the reason, why