Your message dated Tue, 25 Sep 2012 15:02:34 +0000 with message-id <[email protected]> and subject line Bug#680670: fixed in obnam 1.1-1.1 has caused the Debian Bug report #680670, regarding obnam: add_key doesn't encrypt symmetric key with new key to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 680670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680670 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: obnam Version: 1.1-1 Severity: normal Hei, in encryption_plugin.py: add_key calls add_to_userkeys for the shared toplevel and all listed clients, but add_to_userkeys only calls write_keyring whicht in turn only calls filter_write (which encrypts symmetrically) and then writes the new 'userkeys'. The symmetric key used to encrypt userkeys ('key') is never written, and indeed it remains encrypted only with the old key. Therefore, add-key effectively doesn't add a new key. For that, it had to somehow call obnamlib.encryption.encrypt_with_keyring, which it never does. It could of course also be possible, that I completely misunderstood the operation of add-key. Comparing to liw.fi/obnam/encryption, I think that I got it right in principle - 'key' should be encrypted with all keys in 'userkeys'. But "obnam --keyid=NEWKEY add-key [client …]" only updates the 'userkeys' without reencrypting 'key'. Maybe we need a new function in encryption_plugin.py as class function of EncryptionPlugin: def rewrite_symmetric_key(self, repo, toplevel): pubkeys = self.read_keyring(repo, toplevel) symmetric_key = self.get_symmetric_key(self, repo, toplevel) encrypted_symmetric_key = obnamlib.encrypt_with_keyring(symmetric_key, pubkeys) pathname = os.path.join(toplevel, 'key') self._overwrite_file(repo, pathname, encrypted_symmetric_key) which then needs to be called from add_key after self.add_to_userkeys. Another approach would be adding that work directly to write_keyring, as it is not really useful to add/remove a key from 'userkeys' without reencrypting the symmetric key. If you agree with my analysis, I could write a patch implementing either method (and maybe I can cook up a test, too). When this gets fixed existing repos should get their 'key' reencrypted, too, I guess. Terveiset, Mika -- System Information: Debian Release: wheezy/sid APT prefers testing-proposed-updates APT policy: (650, 'testing-proposed-updates'), (650, 'testing'), (450, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages obnam depends on: ii libc6 2.13-33 ii python 2.7.3~rc2-1 ii python-cliapp 1.20120630-1 ii python-larch 1.20120527-1 ii python-paramiko 1.7.7.1-2 ii python-tracing 0.6-2 ii python-ttystatus 0.19-1 ii python2.6 2.6.8-0.2 ii python2.7 2.7.3~rc2-2.1 obnam recommends no packages. obnam suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: obnam Source-Version: 1.1-1.1 We believe that the bug you reported is fixed in the latest version of obnam, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gaudenz Steinlin <[email protected]> (supplier of updated obnam package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 20 Sep 2012 16:22:16 +0200 Source: obnam Binary: obnam Architecture: source amd64 Version: 1.1-1.1 Distribution: unstable Urgency: low Maintainer: Lars Wirzenius <[email protected]> Changed-By: Gaudenz Steinlin <[email protected]> Description: obnam - online and disk-based backup application Closes: 680670 Changes: obnam (1.1-1.1) unstable; urgency=low . * Non-maintainer upload. * Fix encription key handling (Closes: #680670) Checksums-Sha1: 13091f3db847c850f709d5a87214ec935a3a7b80 1916 obnam_1.1-1.1.dsc aa7615e591b793b84af05198d37c67008cc86962 1576 obnam_1.1-1.1.diff.gz 65d93e1aa6ccad250992cac9637708ced53e84a1 95930 obnam_1.1-1.1_amd64.deb Checksums-Sha256: f06cf9e304c2e6b6e9ab693c2458e86008a68452a4b415594b0db5e7dee75590 1916 obnam_1.1-1.1.dsc 243326712a1e3bc02cd90099db6588156780552253f6f51d62a1a1b800f5eb88 1576 obnam_1.1-1.1.diff.gz 7d12680fc97f44b8438476281393d7ab6bd1c30011c9191b06625fdf2681fbf6 95930 obnam_1.1-1.1_amd64.deb Files: 5dd88c79d0a9db44170e0bca494c7b8f 1916 python optional obnam_1.1-1.1.dsc 4fba8cc1f7a77f66f8923d7bbf38dff1 1576 python optional obnam_1.1-1.1.diff.gz 4ac695dd3e3fd7a4ed7e158a0da221a3 95930 python optional obnam_1.1-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBUFsoA83PKyWkzVd5AQoRxg//RS+QvedqAbjpw4zpUcPefZHUcDy83hOJ 6SPXdbyWFKO3thuWf+AavYd1CiIBI1Krxc/fXYhPQcckSDMCus6tP2xwSsSmddqP 8KkrA8IZTa++D/7qjmnzFZz4Q3w2Y+bJ27RefHXZ1RPEjB5bIxLpQLPupr5wbQq6 +vzM8EB0NMBL785jd6orvSk4z2mkqEjDe/MhDgNAguoS01nYCnlzcTdLBTJrB3C9 UUmwpAB45u/h1do4mN/Y3Zb/dWInd10jVT0FFW28VTjx4tRHD8YI0jY0srSkcK36 tUPU3SDYfNQKxk8MXzBLfrLxjxPDhK6PBv9GJJ2QnI4045DHWsymbteVEDsNseeK a3Zmekk6PN6Ntop5yncP32xYp5iJl5LUq9Vo8FuMaW8/4pHt88a8M7dpS/zegICw k3b4tzRv/zKBZjmFj8w0/EbYL6jF53j9Uyel8UWZBAA12hBu6Ug3EKDmNfldZsvn nlXJGI3IpWsc8aPE3qx0VYmZJG3SeL+JZ3/S8GTi4TLHpvJ6Ox9B5d6gepD4GUpA QWlgNjUILOKuDhFthZpQ2kbBpqXn6w7XqMk27SIU5wgE1gVaMC0J2gwgmzPsGUIN qjXFknd/Lyz3RTndYal6GyVIUqFazAB2ah0IC1Jzrv5EVkOdKwyGti2NafnLeGv9 hhASPe02BjQ= =sfKr -----END PGP SIGNATURE-----
--- End Message ---
