Date: Tue, 24 Jul 2012 17:25:35 GMT From: William Orr <will@worrbase.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/170114: sysutils/duplicity cannot resume encrypted backups Message-ID: <201207241725.q6OHPZHY006156@red.freebsd.org> Resent-Message-ID: <201207241730.q6OHUCca051100@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 170114 >Category: ports >Synopsis: sysutils/duplicity cannot resume encrypted backups >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 24 17:30:12 UTC 2012 >Closed-Date: >Last-Modified: >Originator: William Orr >Release: 9.0-RELEASE >Organization: >Environment: FreeBSD puppies.worrbase.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Users of duplicity are unable to resume encrypted backups. GPG always returns an error that an invalid passphrase was used. This is a known bug, and the attached patches revert the change that caused the problem. https://answers.launchpad.net/duplicity/+question/183711 >How-To-Repeat: Try and resume an encrypted backup with duplicity >Fix: Apply attached patches Patch attached with submission follows: --- bin/duplicity.orig 2012-05-22 10:58:53.000000000 -0400 +++ bin/duplicity 2012-07-24 12:12:35.670846734 -0400 @@ -299,32 +299,6 @@ tdp.delete() return putsize - def validate_encryption_settings(backup_set, manifest): - """ - When restarting a backup, we have no way to verify that the current - passphrase is the same as the one used for the beginning of the backup. - This is because the local copy of the manifest is unencrypted and we - don't need to decrypt the existing volumes on the backend. To ensure - that we are using the same passphrase, we manually download volume 1 - and decrypt it with the current passphrase. We also want to confirm - that we're using the same encryption settings (i.e. we don't switch - from encrypted to non in the middle of a backup chain), so we check - that the vol1 filename on the server matches the settings of this run. - """ - vol1_filename = file_naming.get(backup_type, 1, - encrypted=globals.encryption, - gzipped=globals.compression) - if vol1_filename != backup_set.volume_name_dict[1]: - log.FatalError(_("Restarting backup, but current encryption " - "settings do not match original settings"), - log.ErrorCode.enryption_mismatch) - - # Settings are same, let's check passphrase itself if we are encrypted - if globals.encryption: - fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename, - manifest.volume_info_dict[1]) - fileobj.close() - if not globals.restart: # normal backup start vol_num = 0 @@ -335,7 +309,6 @@ mf = globals.restart.last_backup.get_local_manifest() globals.restart.checkManifest(mf) globals.restart.setLastSaved(mf) - validate_encryption_settings(globals.restart.last_backup, mf) mf.fh = man_outfp last_block = globals.restart.last_block log.Notice("Restarting after volume %s, file %s, block %s" % >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207241725.q6OHPZHY006156>