ports/170114: sysutils/duplicity cannot resume encrypted backups
William Orr
will at worrbase.com
Tue Jul 24 17:30:13 UTC 2012
>Number: 170114
>Category: ports
>Synopsis: sysutils/duplicity cannot resume encrypted backups
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 24 17:30:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: William Orr
>Release: 9.0-RELEASE
>Organization:
>Environment:
FreeBSD puppies.worrbase.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Users of duplicity are unable to resume encrypted backups. GPG always returns an error that an invalid passphrase was used. This is a known bug, and the attached patches revert the change that caused the problem.
https://answers.launchpad.net/duplicity/+question/183711
>How-To-Repeat:
Try and resume an encrypted backup with duplicity
>Fix:
Apply attached patches
Patch attached with submission follows:
--- bin/duplicity.orig 2012-05-22 10:58:53.000000000 -0400
+++ bin/duplicity 2012-07-24 12:12:35.670846734 -0400
@@ -299,32 +299,6 @@
tdp.delete()
return putsize
- def validate_encryption_settings(backup_set, manifest):
- """
- When restarting a backup, we have no way to verify that the current
- passphrase is the same as the one used for the beginning of the backup.
- This is because the local copy of the manifest is unencrypted and we
- don't need to decrypt the existing volumes on the backend. To ensure
- that we are using the same passphrase, we manually download volume 1
- and decrypt it with the current passphrase. We also want to confirm
- that we're using the same encryption settings (i.e. we don't switch
- from encrypted to non in the middle of a backup chain), so we check
- that the vol1 filename on the server matches the settings of this run.
- """
- vol1_filename = file_naming.get(backup_type, 1,
- encrypted=globals.encryption,
- gzipped=globals.compression)
- if vol1_filename != backup_set.volume_name_dict[1]:
- log.FatalError(_("Restarting backup, but current encryption "
- "settings do not match original settings"),
- log.ErrorCode.enryption_mismatch)
-
- # Settings are same, let's check passphrase itself if we are encrypted
- if globals.encryption:
- fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename,
- manifest.volume_info_dict[1])
- fileobj.close()
-
if not globals.restart:
# normal backup start
vol_num = 0
@@ -335,7 +309,6 @@
mf = globals.restart.last_backup.get_local_manifest()
globals.restart.checkManifest(mf)
globals.restart.setLastSaved(mf)
- validate_encryption_settings(globals.restart.last_backup, mf)
mf.fh = man_outfp
last_block = globals.restart.last_block
log.Notice("Restarting after volume %s, file %s, block %s" %
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list