| View previous topic :: View next topic |
| Author |
Message |
vcmota
Guru
Joined: 19 Jun 2017
Posts: 367
|
 Posted: Tue Mar 27, 2018 11:59 am Post subject: [SOLVED] duplicity won't sign backup |
 |
|
I am having an issue trying to sign my backup using duplicity. When I just encrypt with a public key I get no errors:
| Code: |
vinicius@reds ~ $ duplicity --encrypt-key XXXXXXXXXXXXXXXXX /home/vinicius/lost onedrive://lost/
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1522140051.61 (Tue Mar 27 08:40:51 2018)
EndTime 1522140051.65 (Tue Mar 27 08:40:51 2018)
ElapsedTime 0.04 (0.04 seconds)
SourceFiles 47
SourceFileSize 509644 (498 KB)
NewFiles 47
NewFileSize 509644 (498 KB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 47
RawDeltaSize 497356 (486 KB)
TotalDestinationSizeChange 482132 (471 KB)
Errors 0
-------------------------------------------------
vinicius@reds ~ $
|
and everything works as it should: in onedrive I can see all the duplicity files and I also managed to restore without any errors. But when I add the --sign-key option nothing works:
| Code: |
vinicius@reds ~ $ duplicity --encrypt-key XXXXXXXXXXXXXXXXX --sign-key XXXXXXXXXXXXXXXXX /home/vinicius/lost onedrive://lost/
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
GnuPG passphrase:
GnuPG passphrase for signing key:
No signatures found, switching to full backup.
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: using "XXXXXXXXXXXXXXXXX" as default secret key for signing
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: sign+encrypt failed: Inappropriate ioctl for device
===== End GnuPG log =====
vinicius@reds ~ $
|
One weird thing I noticed is that in the latter case I am asked two times for a passphrase, one for GPG and another for GPG signing. That looks weird, since although it is necessary to insert the passphrase for signing it shouldn't be necessary to do it for encrypting using a public key, since I should be able to encrypt messages for someone else public key, which passphrase I obviously should not have. Also, the same error occurs even if I use the convenience flag "--encrypt-sign-key":
| Code: |
vinicius@reds ~ $ duplicity --encrypt-sign-key XXXXXXXXXXXXXXXXX /home/vinicius/lost onedrive://lost/
Synchronizing remote metadata to local cache...
Deleting local /home/vinicius/.cache/duplicity/0f6818ae38730113b207c72df068d06f/duplicity-full-signatures.20180327T084050Z.sigtar.gz (not authoritative at backend).
Deleting local /home/vinicius/.cache/duplicity/0f6818ae38730113b207c72df068d06f/duplicity-full.20180327T084050Z.manifest (not authoritative at backend).
Last full backup date: none
GnuPG passphrase:
GnuPG passphrase for signing key:
No signatures found, switching to full backup.
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: using "XXXXXXXXXXXXXXXXX" as default secret key for signing
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: sign+encrypt failed: Inappropriate ioctl for device
===== End GnuPG log =====
vinicius@reds ~ $
|
Thank you all.
Last edited by vcmota on Fri Mar 30, 2018 4:11 am; edited 1 time in total |
|
| Back to top |
|
 |
hdcg
Tux's lil' helper
Joined: 07 Apr 2013
Posts: 120
|
| Posted: Fri Mar 30, 2018 3:09 am Post subject: |
|
|
Hi vcmota,
setting the GPG_TTY variable might solve this issue:
| Code: | | export GPG_TTY=$(tty) |
Best Regards,
Holger |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 367
|
| Posted: Fri Mar 30, 2018 4:08 am Post subject: |
|
|
Thank you hdcg for your reply. I was just about to make a post, because I just found the answer in the ArchWiki documentation here in the section troubleshooting. All I had to do was follow the steps here and now I can back up and restore with either asymmetrical encryption and signature:
| Code: |
vinicius@reds ~ $ duplicity --gpg-options="--pinentry-mode=loopback" --encrypt-key=XXXXXXXX --sign-key=XXXXXXXX /home/vinicius/lost onedrive://lost/
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Wed Mar 28 16:38:38 2018
GnuPG passphrase:
GnuPG passphrase for signing key:
--------------[ Backup Statistics ]--------------
StartTime 1522360202.79 (Thu Mar 29 21:50:02 2018)
EndTime 1522360202.81 (Thu Mar 29 21:50:02 2018)
ElapsedTime 0.01 (0.01 seconds)
SourceFiles 47
SourceFileSize 509644 (498 KB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 0
RawDeltaSize 0 (0 bytes)
TotalDestinationSizeChange 1259 (1.23 KB)
Errors 0
-------------------------------------------------
vinicius@reds ~ $ duplicity onedrive://lost /home/vinicius/temp/
Synchronizing remote metadata to local cache...
GnuPG passphrase:
Copying duplicity-full-signatures.20180328T163838Z.sigtar.gpg to local cache.
Copying duplicity-full.20180328T163838Z.manifest.gpg to local cache.
Copying duplicity-inc.20180328T163838Z.to.20180329T002223Z.manifest.gpg to local cache.
Copying duplicity-inc.20180329T002223Z.to.20180329T214911Z.manifest.gpg to local cache.
Copying duplicity-new-signatures.20180328T163838Z.to.20180329T002223Z.sigtar.gpg to local cache.
Copying duplicity-new-signatures.20180329T002223Z.to.20180329T214911Z.sigtar.gpg to local cache.
Last full backup date: Wed Mar 28 16:38:38 2018
vinicius@reds ~ $
|
If I correctly understood what happened the issue had to do with how other apps manage the gpg keys: gpg agent and pinentry must be properly configured for that. And although there are instructions of how to do that in the respective gentoo documentation here , since it is never mentioned the gpg ioctl error I wasn't able to relate both issues. That is how I did it: first I created the .gnupg/gpg-agent.conf file with the following content:
| Code: |
vinicius@reds ~ $ cat .gnupg/gpg-agent.conf
allow-loopback-pinentry
|
and then, when running duplicity, I added --gpg-options="--pinentry-mode=loopback" in the command line following the suggestion in the archwiki page. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
