Hi, I have created a patch and included it in the package to fix #726072, and discovered #726097 while doing so. I tested the patch on my production systems with success.
I have prepared a package version fixing both issues and uploaded it to mentors [1]. Attached is the debdiff between the current version in unstable and my new version. I would be happy about an upload or incorporating the changes in your own version! Cheers, Nik [1]: http://mentors.debian.net/debian/pool/main/b/backupninja/backupninja_1.0.1-1.1.dsc -- * concerning Mozilla code leaking assertion failures to tty without D-BUS * <mirabilos> That means, D-BUS is a tool that makes software look better than it actually is. PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296
diff -Nru backupninja-1.0.1/debian/changelog backupninja-1.0.1/debian/changelog --- backupninja-1.0.1/debian/changelog 2012-06-29 22:43:12.000000000 +0200 +++ backupninja-1.0.1/debian/changelog 2013-10-12 14:33:27.000000000 +0200 @@ -1,3 +1,12 @@ +backupninja (1.0.1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Bumped Standards-Version. + * Added SIGN_PASSPHRASE support for dup handler (closes: #726072). + * Fixes build error with broken chmod (closes: #726097). + + -- Dominik George <n...@naturalnet.de> Sat, 12 Oct 2013 14:33:16 +0200 + backupninja (1.0.1-1) unstable; urgency=low * Imported Upstream version 1.0.1 diff -Nru backupninja-1.0.1/debian/control backupninja-1.0.1/debian/control --- backupninja-1.0.1/debian/control 2012-06-29 22:43:12.000000000 +0200 +++ backupninja-1.0.1/debian/control 2013-10-12 14:33:11.000000000 +0200 @@ -7,7 +7,7 @@ debhelper (>= 7.0.50~), dh-autoreconf Build-Conflicts: autoconf2.13 -Standards-Version: 3.9.3 +Standards-Version: 3.9.4 Homepage: https://labs.riseup.net/code/projects/show/backupninja Vcs-Browser: https://labs.riseup.net/code/projects/backupninja/repository/show?rev=debian Vcs-Git: git://labs.riseup.net/backupninja.git diff -Nru backupninja-1.0.1/debian/patches/dup.sign_passphrase.patch backupninja-1.0.1/debian/patches/dup.sign_passphrase.patch --- backupninja-1.0.1/debian/patches/dup.sign_passphrase.patch 1970-01-01 01:00:00.000000000 +0100 +++ backupninja-1.0.1/debian/patches/dup.sign_passphrase.patch 2013-10-12 14:23:03.000000000 +0200 @@ -0,0 +1,160 @@ +Author: Dominik George <n...@naturalnet.de> +Description: Adds a seperate GPG passphrase for the signature key + Prevents duplicity from asking for another passphrase and thus re-enables + unattended backups when using different keys for signing and encrypting. +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726072 +Forwarded: no +--- a/examples/example.dup ++++ b/examples/example.dup +@@ -56,7 +56,7 @@ + + ## when set to yes, encryptkey variable must be set below; if you want to use + ## two different keys for encryption and signing, you must also set the signkey +-## variable below. ++## variable (and probably signpassword) below. + ## default is set to no, for backwards compatibility with backupninja <= 0.5. + ## + ## Default: +@@ -77,7 +77,7 @@ + ## Default: + # signkey = + +-## password ++## password used to unlock the encryption key + ## NB: neither quote this, nor should it contain any quotes, + ## an example setting would be: + ## password = a_very_complicated_passphrase +@@ -85,6 +85,15 @@ + ## Default: + # password = + ++## password used to unlock the signature key, used only if ++## it differs from the encryption key ++## NB: neither quote this, nor should it contain any quotes, ++## an example setting would be: ++## password = a_very_complicated_passphrase ++## ++## Default: ++# signpassword = ++ + ###################################################### + ## source section + ## (where the files to be backed up are coming from) +--- a/handlers/dup.in ++++ b/handlers/dup.in +@@ -12,6 +12,7 @@ getconf tmpdir + + setsection gpg + getconf password ++getconf signpassword + getconf sign no + getconf encryptkey + getconf signkey +@@ -46,6 +47,7 @@ destdir=${destdir%/} + [ -n "$desturl" -o -n "$destdir" ] || fatal "The destination directory (destdir) must be set when desturl is not used." + [ -n "$include" -o -n "$vsinclude" ] || fatal "No source includes specified" + [ -n "$password" ] || fatal "The password option must be set." ++[ -n "$signpassword" -a -n "$signkey" -a -n "$encryptkey" -a "$signkey" != "$encryptkey" ] || fatal "The signpassword option must be set because signkey differs." + if [ "`echo $desturl | @AWK@ -F ':' '{print $1}'`" == "s3+http" ]; then + [ -n "$awsaccesskeyid" -a -n "$awssecretaccesskey" ] || fatal "AWS access keys must be set for S3 backups." + fi +@@ -269,6 +271,7 @@ fi + debug "$execstr_precmd duplicity cleanup --force $execstr_options $execstr_serverpart" + if [ ! $test ]; then + export PASSPHRASE=$password ++ export SIGN_PASSPHRASE=$signpassword + export FTP_PASSWORD=$ftp_password + output=`nice -n $nicelevel \ + su -c \ +@@ -288,6 +291,7 @@ if [ "$keep" != "yes" ]; then + debug "$execstr_precmd duplicity remove-older-than $keep --force $execstr_options $execstr_serverpart" + if [ ! $test ]; then + export PASSPHRASE=$password ++ export SIGN_PASSPHRASE=$signpassword + export FTP_PASSWORD=$ftp_password + output=`nice -n $nicelevel \ + su -c \ +@@ -310,6 +314,7 @@ if [ "$keep" != "yes" ]; then + debug "$execstr_precmd duplicity remove-all-inc-of-but-n-full $keepincroffulls --force $execstr_options $execstr_serverpart" + if [ ! $test ]; then + export PASSPHRASE=$password ++ export SIGN_PASSPHRASE=$signpassword + export FTP_PASSWORD=$ftp_password + output=`nice -n $nicelevel \ + su -c \ +@@ -332,6 +337,7 @@ debug "$execstr_precmd duplicity $execst + if [ ! $test ]; then + outputfile=`maketemp backupout` + export PASSPHRASE=$password ++ export SIGN_PASSPHRASE=$signpassword + export FTP_PASSWORD=$ftp_password + output=`nice -n $nicelevel \ + su -c \ +--- a/handlers/dup.helper.in ++++ b/handlers/dup.helper.in +@@ -193,7 +193,7 @@ do_dup_gpg_signkey() { + } + + do_dup_gpg_passphrase() { +- local question="Enter the passphrase needed to unlock the GnuPG key:" ++ local question="Enter the passphrase needed to unlock the GnuPG encryption key:" + REPLY= + while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do + passwordBox "$dup_title - GnuPG" "$question" +@@ -202,6 +202,16 @@ do_dup_gpg_passphrase() { + done + } + ++do_dup_gpg_sign_passphrase() { ++ local question="Enter the passphrase needed to unlock the GnuPG signature key:" ++ REPLY= ++ while [ -z "$REPLY" -o -z "$dup_gpg_signpassword" ]; do ++ passwordBox "$dup_title - GnuPG" "$question" ++ [ $? = 0 ] || return 1 ++ dup_gpg_signpassword="$REPLY" ++ done ++} ++ + do_dup_gpg() { + + # symmetric or public key encryption ? +@@ -226,6 +236,9 @@ do_dup_gpg() { + # a passphrase is alway needed + do_dup_gpg_passphrase + ++ # If the signature key differs, we also need a passphrase for it ++ [ -n "$dup_gpg_signkey" -a -n "$dup_gpg_encryptkey" -a "$dup_gpg_signkey" != "$dup_gpg_encryptkey" ] && do_dup_gpg_sign_passphrase ++ + _gpg_done="(DONE)" + setDefault adv + # TODO: replace the above line by the following when do_dup_conn is written +@@ -329,10 +342,19 @@ encryptkey = $dup_gpg_encryptkey + # if not set, encryptkey will be used. + signkey = $dup_gpg_signkey + +-# password +-# NB: neither quote this, nor should it include any quotes ++## password used to unlock the encryption key ++## NB: neither quote this, nor should it contain any quotes, ++## an example setting would be: ++## password = a_very_complicated_passphrase + password = $dup_gpg_password + ++## password used to unlock the signature key, used only if ++## it differs from the encryption key ++## NB: neither quote this, nor should it contain any quotes, ++## an example setting would be: ++## password = a_very_complicated_passphrase ++signpassword = $dup_gpg_signpassword ++ + ###################################################### + ## source section + ## (where the files to be backed up are coming from) +@@ -582,6 +604,7 @@ dup_wizard() { + dup_gpg_onekeypair="yes" + dup_gpg_signkey="" + dup_gpg_password="" ++ dup_gpg_signpassword="" + dup_nicelevel=19 + dup_testconnect=yes + dup_options= diff -Nru backupninja-1.0.1/debian/patches/series backupninja-1.0.1/debian/patches/series --- backupninja-1.0.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ backupninja-1.0.1/debian/patches/series 2013-10-12 11:40:11.000000000 +0200 @@ -0,0 +1 @@ +dup.sign_passphrase.patch diff -Nru backupninja-1.0.1/debian/rules backupninja-1.0.1/debian/rules --- backupninja-1.0.1/debian/rules 2012-06-29 22:43:12.000000000 +0200 +++ backupninja-1.0.1/debian/rules 2013-10-12 13:56:15.000000000 +0200 @@ -9,8 +9,8 @@ override_dh_auto_install: dh_auto_install - chmod -x $(TMP)/usr/lib/backupninja/parseini - chmod -x $(TMP)/usr/lib/backupninja/vserver + chmod a-x $(TMP)/usr/lib/backupninja/parseini + chmod a-x $(TMP)/usr/lib/backupninja/vserver rm $(TMP)/usr/share/backupninja/example.* override_dh_compress:
signature.asc
Description: Digital signature
