On Mon, 22 Jun 2026 11:27:20 +1000 Alexander Zangerl wrote: > On Sun, 21 Jun 2026 23:05:51 +0200, "Francesco Poli (wintermute)" > writes: > >I performed one full backup, but I could no longer perform > >incremental backups with OpenPGP encryption: > > > > $ duplicity --encrypt-key 3E1C27E11F69BFFE --full-if-older-than > > 30D --include-filelist .duplicity.include . file://backup > > since 3.0.6 you need to add --no-check-remote to your backup > invocation if you want asymmetric encryption (as evident from your > command line). that's documented in NEWS.Debian as a > backwards-incompatible change that upstream made.
Hi Alexander, thanks a lot for pointing this change out to me! Shame on me, I didn't think to take a look at the NEWS.Debian file! I should have checked there, before filing a bug report... I can confirm that adding option '--no-check-remote' to the command seems to make the incremental backups work again. > > >Please note that the previous version asked for the passphrase > >(which is annoying, and I am not sure I understand why it needed to, > >as old versions almost never had this need...). > > it didn't ever actually need to, and it should never have tried to; > 3.0.6 had some ugly hacks and special case code that attempted to > guess whether it should ask or not. > > in 3.0.8 all the broken code was removed, but upstream has not given > up on the notion that decrypting all remote manifests on every backup > is a good idea, which is why --no-check-remote is required and will > remain. Isn't this a bug anyway, even though of smaller severity? I mean: without option '--no-check-remote', duplicity wants to decrypt remote manifests, before backing anything up. OK, let's assume that the user agrees. In order to let this happen, the user has to provide the secret key, thus needing to enter the passphrase to unlock the secret key. But duplicity does not manage to make GnuPG ask for a passphrase to unlock the secret key, even in cases where the secret key is available locally... Should this bug report be reopened with severity lowered to 'normal' and title set to something like 'duplicity: no longer makes GnuPG ask for a passphrase, when needed' ? What do you think? Please let me know, thanks for your time and patience! -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpe9gcf_o4qv.pgp
Description: OpenPGP digital signature
