From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Jul 24 17:30:12 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C4280106564A for ; Tue, 24 Jul 2012 17:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 93EF08FC0A for ; Tue, 24 Jul 2012 17:30:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q6OHUCZc051101 for ; Tue, 24 Jul 2012 17:30:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q6OHUCca051100; Tue, 24 Jul 2012 17:30:12 GMT (envelope-from gnats) Resent-Date: Tue, 24 Jul 2012 17:30:12 GMT Resent-Message-Id: <201207241730.q6OHUCca051100@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, William Orr Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B3901065703 for ; Tue, 24 Jul 2012 17:25:36 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 5D1C48FC0A for ; Tue, 24 Jul 2012 17:25:36 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q6OHPaBk006157 for ; Tue, 24 Jul 2012 17:25:36 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q6OHPZHY006156; Tue, 24 Jul 2012 17:25:35 GMT (envelope-from nobody) Message-Id: <201207241725.q6OHPZHY006156@red.freebsd.org> Date: Tue, 24 Jul 2012 17:25:35 GMT From: William Orr To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/170114: sysutils/duplicity cannot resume encrypted backups X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2012 17:30:13 -0000 >Number: 170114 >Category: ports >Synopsis: sysutils/duplicity cannot resume encrypted backups >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 24 17:30:12 UTC 2012 >Closed-Date: >Last-Modified: >Originator: William Orr >Release: 9.0-RELEASE >Organization: >Environment: FreeBSD puppies.worrbase.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Users of duplicity are unable to resume encrypted backups. GPG always returns an error that an invalid passphrase was used. This is a known bug, and the attached patches revert the change that caused the problem. https://answers.launchpad.net/duplicity/+question/183711 >How-To-Repeat: Try and resume an encrypted backup with duplicity >Fix: Apply attached patches Patch attached with submission follows: --- bin/duplicity.orig 2012-05-22 10:58:53.000000000 -0400 +++ bin/duplicity 2012-07-24 12:12:35.670846734 -0400 @@ -299,32 +299,6 @@ tdp.delete() return putsize - def validate_encryption_settings(backup_set, manifest): - """ - When restarting a backup, we have no way to verify that the current - passphrase is the same as the one used for the beginning of the backup. - This is because the local copy of the manifest is unencrypted and we - don't need to decrypt the existing volumes on the backend. To ensure - that we are using the same passphrase, we manually download volume 1 - and decrypt it with the current passphrase. We also want to confirm - that we're using the same encryption settings (i.e. we don't switch - from encrypted to non in the middle of a backup chain), so we check - that the vol1 filename on the server matches the settings of this run. - """ - vol1_filename = file_naming.get(backup_type, 1, - encrypted=globals.encryption, - gzipped=globals.compression) - if vol1_filename != backup_set.volume_name_dict[1]: - log.FatalError(_("Restarting backup, but current encryption " - "settings do not match original settings"), - log.ErrorCode.enryption_mismatch) - - # Settings are same, let's check passphrase itself if we are encrypted - if globals.encryption: - fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename, - manifest.volume_info_dict[1]) - fileobj.close() - if not globals.restart: # normal backup start vol_num = 0 @@ -335,7 +309,6 @@ mf = globals.restart.last_backup.get_local_manifest() globals.restart.checkManifest(mf) globals.restart.setLastSaved(mf) - validate_encryption_settings(globals.restart.last_backup, mf) mf.fh = man_outfp last_block = globals.restart.last_block log.Notice("Restarting after volume %s, file %s, block %s" % >Release-Note: >Audit-Trail: >Unformatted: