Package: duplicity
Version: 0.4.1-8
Severity: normal
If one wants duplicity to not sign but encrypt asymmetrically and
run truly noninteractive with no passphrases given to it for the
backup operation ever, then --archive-dir seems perfect:
while not properly documented (except in the source - item #1),
if a local archive dir is a/v, duplicity saves the sigtar and a
manifest (manifests are not known to the manpage, item #2) locally
and an encrypted copy of the manifest remotely.
the local copies in the archive dir are never encrypted (after all if you
can't trust your local box you're screwed, so that's a good idea...) and
thus stay available without any passphrases.
this works great for full dumps.
(commandline like this: duplicity --encrypt-key 42bd645d --archive-dir
some_local_spot something_precious rsync://otherbox/backups/)
however, when duplicity tries to do incrementals it needs access to the
file hashes. the local unencrypted manifest and the sigtar have these
available, but the manifest is checked against the remote encrypted
version - which of course fails if one doesn't give duplicity his
precious passphrase.
this is item #3, the main one.
note that this is not a necessary step, as the local info is available
and sufficient for proper operations.
line 118+ in collections.py tries to diff the manifests; commenting these
out makes things work fine, ie. duplicity trusts the local manifest and
doesn't try do decrypt anything ever.
i think that the local manifest should have precedence over the remote one
and that duplicity should never need to decrypt anything unless restoring
data when --archive-dir is in force.
regards
az
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (980, 'testing'), (970, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=de_AT (charmap=ISO-8859-1)
Versions of packages duplicity depends on:
ii gnupg 1.4.1-1.sarge3 GNU privacy guard - a free PGP rep
ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii librsync1 0.9.7-1 Library which implements the rsync
ii python-gnupginterface 0.3.2-6 Python interface to GnuPG (GPG)
ii python2.3 2.3.5-3sarge1 An interactive high-level object-o
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
