1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from bagpuss.pepperfish.net (bagpuss.pepperfish.net [148.251.8.16])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pieni.net (Postfix) with ESMTPS id 8ECF12E37C
for <distix@pieni.net>; Sat, 12 Sep 2015 21:03:01 +0200 (CEST)
Received: from platypus.pepperfish.net (unknown [10.112.100.20])
by bagpuss.pepperfish.net (Postfix) with ESMTP id 01E5EA27;
Sat, 12 Sep 2015 20:03:01 +0100 (BST)
Received: from ip6-localhost ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1Zaq4i-0000sk-T7; Sat, 12 Sep 2015 20:03:00 +0100
Received: from inmail0 ([10.112.100.10] helo=mx0.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1Zaq4h-0000sV-B3
for <obnam-dev@obnam.org>; Sat, 12 Sep 2015 20:02:59 +0100
Received: from pieni.net ([95.142.166.37] ident=postfix)
by mx0.pepperfish.net with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.80) (envelope-from <liw@liw.fi>) id 1Zaq4e-0003PY-Ig
for obnam-dev@obnam.org; Sat, 12 Sep 2015 20:02:59 +0100
Received: from exolobe1.liw.fi (82-181-8-107.bb.dnainternet.fi [82.181.8.107])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pieni.net (Postfix) with ESMTPSA id CCBE92E1C4;
Sat, 12 Sep 2015 21:02:48 +0200 (CEST)
Received: from exolobe1.liw.fi (localhost [127.0.0.1])
by exolobe1.liw.fi (Postfix) with ESMTPS id 2A1EB402C2;
Sat, 12 Sep 2015 22:02:48 +0300 (EEST)
Date: Sat, 12 Sep 2015 22:02:47 +0300
From: Lars Wirzenius <liw@liw.fi>
To: Ben Boeckel <mathstuf@gmail.com>
Message-ID: <20150912190247.GA11279@exolobe1.liw.fi>
References: <1441948936-12526-1-git-send-email-mathstuf@gmail.com>
<1441948936-12526-2-git-send-email-mathstuf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1441948936-12526-2-git-send-email-mathstuf@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Score: -3.4
X-Spam-Score-int: -33
X-Spam-Bar: ---
X-Scanned-By: pepperfish.net, Sat, 12 Sep 2015 20:02:59 +0100
X-Spam-Report: Content analysis details: (-3.4 points)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 PPF_USER_AGENT_MUTT User-Agent: contains Mutt (Mutt isn't a spam
tool) -0.5 PPF_USER_AGENT User-Agent: exists
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-ACL-Warn: message may be spam
X-Scan-Signature: 805eda458b26030fb35277d5bf2b304c
Cc: obnam-dev@obnam.org
Subject: Re: [PATCH 1/3] encryption_plugin: add a gpg-homedir configuration
option
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
I've applied the other two patches, thank you. I am not sure about
this patch, to add --gpg-homedir. Is it not enough to just set
GNUPGHOME in the environment? I guess it might be easier to set it in
a config file and not have to set the environment variable on each
obnam invocation.
If the setting is added, I'd rather it was called --gnupghome, to
mirror the environment variable. It'd also be nice to have a test that
it works correctly. Could you update the patch to rename the setting?
On Fri, Sep 11, 2015 at 01:22:14AM -0400, Ben Boeckel wrote:
> Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
> ---
> obnam.1.in | 5 +++++
> obnamlib/plugins/encryption_plugin.py | 15 ++++++++++++---
> 2 files changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/obnam.1.in b/obnam.1.in
> index bb9bd0e..71772d5 100644
> --- a/obnam.1.in
> +++ b/obnam.1.in
> @@ -426,6 +426,11 @@ and then tell
> about it using the
> .B \-\-encrypt\-with
> option.
> +You may optionally use a separate home directory using the
> +.B \-\-gpg-homedir
> +option. By default, the default directory for
> +.BR gpg(1)
> +will be used.
> .SS "Configuration files"
> .B obnam
> will look for configuration files in a number of locations.
> diff --git a/obnamlib/plugins/encryption_plugin.py b/obnamlib/plugins/encryption_plugin.py
> index ec3bcca..6e7c2b1 100644
> --- a/obnamlib/plugins/encryption_plugin.py
> +++ b/obnamlib/plugins/encryption_plugin.py
> @@ -49,6 +49,11 @@ class EncryptionPlugin(obnamlib.ObnamPlugin):
> 'size of symmetric key, in bits',
> metavar='BITS',
> group=encryption_group)
> + self.app.settings.string(
> + ['gpg-homedir'],
> + 'home directory for GPG',
> + metavar='HOMEDIR',
> + group=encryption_group)
>
> self.tag = "encrypt1"
>
> @@ -87,7 +92,7 @@ class EncryptionPlugin(obnamlib.ObnamPlugin):
> @property
> def pubkey(self):
> if self._pubkey is None:
> - self._pubkey = obnamlib.get_public_key(self.keyid)
> + self._pubkey = obnamlib.get_public_key(self.keyid, gpghome=self.gpg_homedir)
> return self._pubkey
>
> @property
> @@ -98,6 +103,10 @@ class EncryptionPlugin(obnamlib.ObnamPlugin):
> return '/dev/random'
>
> @property
> + def gpg_homedir(self):
> + return self.app.settings.get('gpg-homedir')
> +
> + @property
> def symmetric_key_bits(self):
> return int(self.app.settings['symmetric-key-bits'] or '256')
>
> @@ -139,7 +148,7 @@ class EncryptionPlugin(obnamlib.ObnamPlugin):
> key = self._symkeys.get(repo, toplevel)
> if key is None:
> encoded = repo.get_fs().cat(os.path.join(toplevel, 'key'))
> - key = obnamlib.decrypt_with_secret_keys(encoded)
> + key = obnamlib.decrypt_with_secret_keys(encoded, gpghome=self.gpg_homedir)
> self._symkeys.put(repo, toplevel, key)
> return key
>
> @@ -222,7 +231,7 @@ class EncryptionPlugin(obnamlib.ObnamPlugin):
> def _get_key_string(self, keyid):
> verbose = self.app.settings['key-details']
> if verbose:
> - user_ids = obnamlib.get_public_key_user_ids(keyid)
> + user_ids = obnamlib.get_public_key_user_ids(keyid, gpghome=self.gpg_homedir)
> if user_ids:
> return "%s (%s)" % (keyid, ", ".join(user_ids))
> return str(keyid)
> --
> 2.5.1
>
>
> _______________________________________________
> obnam-dev mailing list
> obnam-dev@obnam.org
> http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
>
--
Schrödinger's backup hypothesis: the condition of any backup is
undefined until a restore is attempted. -- andrewsh
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
|
