edso has proposed merging lp:~ed.so/duplicity/encr-sign-key2 into lp:duplicity.
Requested reviews: duplicity-team (duplicity-team) For more details, see: https://code.launchpad.net/~ed.so/duplicity/encr-sign-key2/+merge/68160 as discussed on the mailinglist a check if encryption and signing keys are identical bonus: --encrypt-sign-key parameter and minor enhancements ede -- https://code.launchpad.net/~ed.so/duplicity/encr-sign-key2/+merge/68160 Your team duplicity-team is requested to review the proposed merge of lp:~ed.so/duplicity/encr-sign-key2 into lp:duplicity.
=== modified file 'Changelog.GNU' --- Changelog.GNU 2011-06-18 13:26:12 +0000 +++ Changelog.GNU 2011-07-16 19:14:23 +0000 @@ -1,3 +1,13 @@ +2011-07-16 Ede <edgar.soldin AT web.de> + branch encrypt-sign-key: + - introduce --encrypt-sign-key parameter + - duplicity-bin::get_passphrase + skip passphrase asking and reuse passphrase if + sign-key is also an encrypt key and + a passphrase for either one is already set + - add _() gettext to text in duplicity-bin::get_passphrase + - document changes and minor additions in manpage + 2011-06-17 Kenneth Loafman <[email protected]> 777377 collection-status asking for passphrase === modified file 'duplicity-bin' --- duplicity-bin 2011-07-08 18:14:35 +0000 +++ duplicity-bin 2011-07-16 19:14:23 +0000 @@ -81,13 +81,24 @@ try: if for_signing: return os.environ['SIGN_PASSPHRASE'] + else: + return os.environ['PASSPHRASE'] except KeyError: pass - try: - return os.environ['PASSPHRASE'] - except KeyError: - pass + # check if we can reuse an already set (signing_)passphrase + ## if signing key is also an encryption key assume that the passphrase is identical + if ( for_signing + and globals.gpg_profile.sign_key in globals.gpg_profile.recipients + and globals.gpg_profile.passphrase is not None ): + log.Notice(_("Reuse already set PASSPHRASE as SIGNING_PASSPHRASE")) + return globals.gpg_profile.passphrase + ## if one encryption key is also the signing key assume that the passphrase is identical + if ( not for_signing + and globals.gpg_profile.sign_key in globals.gpg_profile.recipients + and globals.gpg_profile.signing_passphrase is not None ): + log.Notice(_("Reuse already set SIGNING_PASSPHRASE as PASSPHRASE")) + return globals.gpg_profile.signing_passphrase # Next, verify we need to ask the user @@ -128,7 +139,7 @@ # Finally, ask the user for the passphrase else: - log.Info("PASSPHRASE variable not set, asking user.") + log.Info(_("PASSPHRASE variable not set, asking user.")) use_cache = True while 1: # ask the user to enter a new passphrase to avoid an infinite loop @@ -143,27 +154,27 @@ if use_cache and globals.gpg_profile.signing_passphrase: pass1 = globals.gpg_profile.signing_passphrase else: - pass1 = getpass.getpass("GnuPG passphrase for signing key: ") + pass1 = getpass.getpass(_("GnuPG passphrase for signing key:")+" ") else: if use_cache and globals.gpg_profile.passphrase: pass1 = globals.gpg_profile.passphrase else: - pass1 = getpass.getpass("GnuPG passphrase: ") + pass1 = getpass.getpass(_("GnuPG passphrase:")+" ") if n == 1: pass2 = pass1 elif for_signing: - pass2 = getpass.getpass("Retype passphrase for signing key to confirm: ") + pass2 = getpass.getpass(_("Retype passphrase for signing key to confirm: ")) else: - pass2 = getpass.getpass("Retype passphrase to confirm: ") + pass2 = getpass.getpass(_("Retype passphrase to confirm: ")) if not pass1 == pass2: - print "First and second passphrases do not match! Please try again." + print _("First and second passphrases do not match! Please try again.") use_cache = False continue if not pass1 and not globals.gpg_profile.recipients and not for_signing: - print "Cannot use empty passphrase with symmetric encryption! Please try again." + print _("Cannot use empty passphrase with symmetric encryption! Please try again.") use_cache = False continue === modified file 'duplicity.1' --- duplicity.1 2011-06-17 13:41:54 +0000 +++ duplicity.1 2011-07-16 19:14:23 +0000 @@ -304,6 +304,14 @@ default secret keyring is used which is usually located at .gnupg/secring.gpg .TP +.BI "--encrypt-sign-key " key +Convenience parameter. Same as +.BR --encrypt-key +.IR key +.BR --sign-key +.IR "key" . + +.TP .BI "--exclude " shell_pattern Exclude the file or files matched by .IR shell_pattern . @@ -603,13 +611,16 @@ .TP .BI "--sign-key " key -This option can be used when backing up or restoring. When backing -up, all backup files will be signed with keyid +This option can be used when backing up, restoring or verifying. +When backing up, all backup files will be signed with keyid .IR key . When restoring, duplicity will signal an error if any remote file is not signed with the given keyid. .I key -should be an 8 character hex string, like AA0E73D2. +should be an 8 character hex string, like AA0E73D2. +Should be specified only once because currently only +.B one +signing key is supported. Last entry overrides all other entries. .TP .B --ssh-askpass === modified file 'duplicity/commandline.py' --- duplicity/commandline.py 2011-06-17 13:41:54 +0000 +++ duplicity/commandline.py 2011-07-16 19:14:23 +0000 @@ -248,6 +248,10 @@ # secret keyring in which the private encrypt key can be found parser.add_option("--encrypt-secret-keyring", type="string", metavar=_("path")) + + parser.add_option("--encrypt-sign-key", type="string", metavar=_("gpg-key-id"), + dest="", action="callback", + callback=lambda o, s, v, p: ( globals.gpg_profile.recipients.append(v), set_sign_key(v)) ) # TRANSL: Used in usage help to represent a "glob" style pattern for # matching one or more files, as described in the documentation. === modified file 'duplicity/gpg.py' --- duplicity/gpg.py 2011-06-17 13:41:54 +0000 +++ duplicity/gpg.py 2011-07-16 19:14:23 +0000 @@ -62,8 +62,6 @@ 'AA0E73D2'. """ assert passphrase is None or type(passphrase) is types.StringType - if sign_key: - assert recipients # can only sign with asym encryption self.passphrase = passphrase self.signing_passphrase = passphrase
_______________________________________________ Mailing list: https://launchpad.net/~duplicity-team Post to : [email protected] Unsubscribe : https://launchpad.net/~duplicity-team More help : https://help.launchpad.net/ListHelp
