Bug#950881: duply: Autoset trust of keys always fails

Fri, 07 Feb 2020 08:58:51 -0800 

Package: duply
Version: 2.1-1
Severity: normal
Tags: patch

Dear Maintainer,

I occasionally restore servers by installing a basic Debian server,
recovering the /root/.duply and then use duply restore.
However, then, I don't have a gnupg home, so that that keys are imported on
first run. This works fine.
However, then, the key needs to be trusted, and it *always* fail.

Step to reproduce:

mv .gnupg .gnupg.bak
duply ... status

You then get something like:
> Encryption public key 'DEBF3E88927A9346' not found.
> Import keyfile '/root/.duply/hosname/gpgkey.DEBF3E88927A9346.pub.asc' to 
> keyring (OK)
> Import keyfile '/root/.duply/hosname/gpgkey.DEBF3E88927A9346.sec.asc' to 
> keyring (OK)
> Autoset trust of key 'DEBF3E88927A9346' to ultimate (FAILED)
> For duply to work you have to set the trust level
> with the command "trust" to "ultimate" (5) now.
> Exit the edit mode of gpg with "quit".
> Running gpg to manually edit key 'D790F566D0CC0472'Secret key is available.

This is really annoying.

I traced back the issue to the function gpg_fingerprint that's not working.

The attached patch fixes the issue.

Thank you for taking care of duply :)

-- System Information:
Debian Release: 10.3
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages duply depends on:
ii  duplicity  0.7.18.2-1
ii  gnupg      2.2.12-1+deb10u1

duply recommends no packages.

Versions of packages duply suggests:
ii  openssh-client  1:7.9p1-10+deb10u2

-- no debconf information
--- /usr/bin/duply.orig	2018-11-17 22:27:30.000000000 +0000
+++ /usr/bin/duply	2020-02-07 16:07:04.261144459 +0000
@@ -1100,7 +1100,7 @@
 
 # see 'How to specify a user ID' on gpg manpage
 function gpg_fingerprint {
-  local PRINT=$(gpg $GPG_OPTS --fingerprint "$1" 2>&1|awk -F= 'NR==2{gsub(/ /,"",$2);$2=toupper($2); if ( $2 ~ /^[A-F0-9]+$/ && length($2) == 40 ) print $2; else exit 1}') \
+  local PRINT=$(gpg $GPG_OPTS --fingerprint "$1" 2>&1|awk -F= 'NR==2{gsub(/ /,"",$1);$2=toupper($1); if ( $1 ~ /^[A-F0-9]+$/ && length($1) == 40 ) print $1; else exit 1}') \
     && [ -n "$PRINT" ] && echo $PRINT && return 0
   return 1
 }

Attachment: signature.asc
Description: This is a digitally signed message part.

  • Bug#950881: duply: Autoset trust of keys alwa... Jean-Michel Vourgère

Reply via email to