Menu

#76 GPG 2.1 passphrase entry change

duply
closed-fixed
nobody
None
5
2015-06-21
2014-11-28
tengel
No

The method fo unattended passphrase entry has changed with GPG 2.1+, using a new option is required (as well as setting an option in ~/.gpg-agent.conf) to achieve the same functionality.

Please see the upstream issue: https://bugs.g10code.com/gnupg/issue1772

Suggested patch for now to raise awareness:

--- duply-1.9.1-orig    2014-11-28 08:33:07.843465503 -0600
+++ duply-1.9.1-gpg21   2014-11-28 08:36:02.579515130 -0600
@@ -677,6 +677,7 @@
 #   or "--compress-algo=bzip2 --bzip2-compress-level=9"
 #   or "--personal-cipher-preferences AES256,AES192,AES..."
 #   or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
+#   or "--pinentry-mode loopback" - for GPG 2.1+
 #GPG_OPTS=''

 # disable preliminary tests with the following setting

I'm personally still testing and working on this so don't have 100% confirmed what will/won't work with regards to duply/duplicity.

Related

Bugs: #76

Discussion

  • ede

    ede - 2014-11-28

    On 28.11.2014 15:41, troy engel wrote:

    ** [bugs:#76] GPG 2.1 passphrase entry change**

    Status: open
    Group: duply
    Created: Fri Nov 28, 2014 02:41 PM UTC by troy engel
    Last Updated: Fri Nov 28, 2014 02:41 PM UTC
    Owner: nobody

    The method fo unattended passphrase entry has changed with GPG 2.1+, using a new option is required (as well as setting an option in ~/.gpg-agent.conf) to achieve the same functionality.

    Please see the upstream issue: https://bugs.g10code.com/gnupg/issue1772

    Suggested patch for now to raise awareness:

    ~~~~
    --- duply-1.9.1-orig 2014-11-28 08:33:07.843465503 -0600
    +++ duply-1.9.1-gpg21 2014-11-28 08:36:02.579515130 -0600
    @@ -677,6 +677,7 @@
    # or "--compress-algo=bzip2 --bzip2-compress-level=9"
    # or "--personal-cipher-preferences AES256,AES192,AES..."
    # or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
    +# or "--pinentry-mode loopback" - for GPG 2.1+
    #GPG_OPTS=''

    # disable preliminary tests with the following setting
    ~~~~

    I'm personally still testing and working on this so don't have 100% confirmed what will/won't work with regards to duply/duplicity.

    how about waiting how this is going to play out? seems like they have some nifty backward incompatibility coming their way.

    ..ede

     

    Related

    Bugs: #76

  • tengel

    tengel - 2014-11-29

    It's as you see fit - Arch has already upgraded GPG so we're already in this situation, users are having to adjust to this new style so that unattended GPG usage works (duply, signing emails, etc.).

    -te

     

    • ede

      ede - 2014-11-29

      you early birds ;)

      please come back when you have a solution that works reliably. also wrt. duplicity alone so i can provide a patch set for it as well.

      regards.. ede/duply.net

      On 29.11.2014 14:03, troy engel wrote:

      It's as you see fit - Arch has already upgraded GPG so we're already in this situation, users are having to adjust to this new style so that unattended GPG usage works (duply, signing emails, etc.).

      -te

      ** [bugs:#76] GPG 2.1 passphrase entry change**

      Status: open
      Group: duply
      Created: Fri Nov 28, 2014 02:41 PM UTC by troy engel
      Last Updated: Fri Nov 28, 2014 02:41 PM UTC
      Owner: nobody

      The method fo unattended passphrase entry has changed with GPG 2.1+, using a new option is required (as well as setting an option in ~/.gpg-agent.conf) to achieve the same functionality.

      Please see the upstream issue: https://bugs.g10code.com/gnupg/issue1772

      Suggested patch for now to raise awareness:

      ~~~~
      --- duply-1.9.1-orig 2014-11-28 08:33:07.843465503 -0600
      +++ duply-1.9.1-gpg21 2014-11-28 08:36:02.579515130 -0600
      @@ -677,6 +677,7 @@
      # or "--compress-algo=bzip2 --bzip2-compress-level=9"
      # or "--personal-cipher-preferences AES256,AES192,AES..."
      # or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
      +# or "--pinentry-mode loopback" - for GPG 2.1+
      #GPG_OPTS=''

      # disable preliminary tests with the following setting
      ~~~~

      I'm personally still testing and working on this so don't have 100% confirmed what will/won't work with regards to duply/duplicity.

      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/ftplicity/bugs/76/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #76

  • tengel

    tengel - 2014-11-29

    It works, my duply backups have run for a day now OK just using the existing GPG_OPTS="" and a minor config change. Detailed here:

    https://wiki.archlinux.org/index.php/Gnupg#Unattended_passphrase

    -te

     

    • ede

      ede - 2014-11-29

      this only regards gpg-agent, right? did you try setting the password in duply conf or PASSPHRASE duplicity env var?

      ..ede

      On 29.11.2014 14:42, troy engel wrote:

      It works, my duply backups have run for a day now OK just using the existing GPG_OPTS="" and a minor config change. Detailed here:

      https://wiki.archlinux.org/index.php/Gnupg#Unattended_passphrase

      -te

      ** [bugs:#76] GPG 2.1 passphrase entry change**

      Status: open
      Group: duply
      Created: Fri Nov 28, 2014 02:41 PM UTC by troy engel
      Last Updated: Sat Nov 29, 2014 01:03 PM UTC
      Owner: nobody

      The method fo unattended passphrase entry has changed with GPG 2.1+, using a new option is required (as well as setting an option in ~/.gpg-agent.conf) to achieve the same functionality.

      Please see the upstream issue: https://bugs.g10code.com/gnupg/issue1772

      Suggested patch for now to raise awareness:

      ~~~~
      --- duply-1.9.1-orig 2014-11-28 08:33:07.843465503 -0600
      +++ duply-1.9.1-gpg21 2014-11-28 08:36:02.579515130 -0600
      @@ -677,6 +677,7 @@
      # or "--compress-algo=bzip2 --bzip2-compress-level=9"
      # or "--personal-cipher-preferences AES256,AES192,AES..."
      # or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
      +# or "--pinentry-mode loopback" - for GPG 2.1+
      #GPG_OPTS=''

      # disable preliminary tests with the following setting
      ~~~~

      I'm personally still testing and working on this so don't have 100% confirmed what will/won't work with regards to duply/duplicity.

      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/ftplicity/bugs/76/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #76

  • tengel

    tengel - 2014-11-29

    With 2.1 the agent is required now, there's no way to get a passphrase into gpg without gpg-agent/pinentry (that's the big change, agree with it or not). It's all just basic config in my duply instance conf file with the passphrase set:

    $ egrep -v "^(#|$)" .duply/XXXXX/conf
    GPG_KEY='XXXXXXXX'
    GPG_PW='XXXXXXXX'
    GPG_OPTS='--pinentry-mode loopback'
    TARGET='gs://YYYY'
    TARGET_USER='ZZZZZZZZ'
    TARGET_PASS='ZZZZZZZZ'
    SOURCE='/home/AAAA'
    FILENAME='.duplicity-ignore'
    DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'"
    MAX_AGE=2M
    MAX_FULL_BACKUPS=2

    That, with this:

    $ egrep -v "^(#|$)" .gnupg/gpg-agent.conf
    allow-loopback-pinentry

    ...is what works, From the duply end of things, the only change needed is the one I suggested in the patch for GPG_OPTS, that's it.

    -te

     

  • Philip

    Philip - 2014-12-11

    works for me as well (FreeBSD).

     

  • ede

    ede - 2015-06-21
    • status: open --> closed-fixed
     

  • ede

    ede - 2015-06-21

    the fixes will be released with duplicity 1.9.2 . thx for you patience.. ede

     

Log in to post a comment.

MongoDB Logo MongoDB