Bug#870004: backupninja: Duplicity integration with SSH options broken because of bad version check

Fri, 28 Jul 2017 11:51:58 -0700 

Package: backupninja
Version: 1.0.1-2
Severity: important

Dear Maintainer,

When upgrading backupninja with duplicity to stretch, the duplicity integration
stopped working.

The issue is that duplicity in stretch supports using SSH directly (paramiko), 
while
backupninja passes it option for the old SCP/SFTP method.

With the following SSH options in /etc/backup.d/50.dup:

    sshoptions = -oIdentityFile=/root/.ssh/id_backup_rsa

It gives this result:

    Info: >>>> starting action /etc/backup.d/50.dup (because of --now)
    Debug: yes                                                        
    Debug: executing handler in locked section controlled by 
/var/lock/backupninja/_etc_backup.d_50.dup
    Debug: Data will be encrypted using symmetric encryption.                   
                       
    Debug: Data won't be signed.
    Debug:  duplicity cleanup --force  --no-print-statistics --scp-command 'scp 
-oIdentityFile=/root/.ssh/id_backup_rsa' --sftp-command 'sftp 
-oIdentityFile=/root/.ssh/
id_backup_rsa' --full-if-older-than 30D --extra-clean --archive-dir 
/var/cache/backupninja/duplicity 
scp://u...@backup.domain.tld/backups//mymachine.domain.tld
    Debug: BackendException: ssh connection to u...@backup.domain.tld:22 
failed: ('Bad authentication type', [u'publickey']) 
(allowed_types=[u'publickey'])    
    Warning: Duplicity cleanup failed.
    Debug:  duplicity   --no-print-statistics --scp-command 'scp 
-oIdentityFile=/root/.ssh/id_backup_rsa' --sftp-command 'sftp 
-oIdentityFile=/root/.ssh/id_backup_rsa'
--full-if-older-than 30D --extra-clean --archive-dir 
/var/cache/backupninja/duplicity  --exclude '/home/*/.gnupg' --exclude 
'/home/*/.cache' --exclude '/root/.cache'
--exclude '/var/cache/backupninja/duplicity' --include 
'/var/spool/cron/crontabs' --include '/var/backups' --include '/etc' --include 
'/root' --include '/home'
--include '/usr/local/bin' --include '/usr/local/sbin' --include 
'/var/lib/dpkg/status' --include '/var/lib/dpkg/status-old' --exclude '**' /
scp://u...@backup.domain.tld/backups//mymachine.domain.tld
    Error: BackendException: ssh connection to u...@backup.domain.tld:22 
failed: ('Bad authentication type', [u'publickey']) 
(allowed_types=[u'publickey'])
    Fatal: Duplicity failed.
    Fatal: <<<< finished action /etc/backup.d/50.dup: FAILED

This is because of the following bad version check for duplicity in 
/usr/share/backupninja/dup:

    [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 6 -a "$duplicity_sub" 
-ge 17 ]

duplicity is 0.7.11, which fails the check (11 is smaller than 17).  The 
correct check would be:

    [ "$duplicity_major" -gt 0 ] || [ "$duplicity_major" -eq 0 -a 
"$duplicity_minor" -gt 6 ] || [ "$duplicity_major" -eq 0 -a "$duplicity_minor" 
-eq 6 -a "$duplicity_su
b" -ge 17 ]

There is another similar check further down, for duplicity>=0.6.10, which 
should be fixed
similarly.

With this fix, duplicity gets passed the correct option "--ssh-options":

    Debug:  duplicity   --no-print-statistics --ssh-options 
'-oIdentityFile=/root/.ssh/id_backup_rsa' --full-if-older-than 30D 
--extra-clean --archive-dir /var/cache/ba
ckupninja/duplicity  --exclude '/home/*/.gnupg' --exclude '/home/*/.cache' 
--exclude '/root/.cache' --exclude '/var/cache/backupninja/duplicity' --include
'/var/spool/cron/crontabs' --include '/var/backups' --include '/etc' --include 
'/root' --include '/home' --include '/usr/local/bin' --include '/usr/local/sbin'
--include '/var/lib/dpkg/status' --include '/var/lib/dpkg/status-old' --exclude 
'**' / scp://u...@backup.machine.tld/backups//mymachine.domain.tld


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages backupninja depends on:
ii  bash               4.4-5
ii  bsd-mailx [mailx]  8.1.2-0.20160123cvs-4
ii  dialog             1.3-20160828-2
ii  mawk               1.3.3-17+b3

backupninja recommends no packages.

Versions of packages backupninja suggests:
pn  bzip2          <none>
pn  debconf-utils  <none>
ii  duplicity      0.7.11-1
pn  genisoimage    <none>
pn  hwinfo         <none>
pn  mdadm          <none>
pn  rdiff-backup   <none>
pn  rsync          <none>
pn  subversion     <none>
pn  trickle        <none>
pn  wodim          <none>

-- no debconf information

Reply via email to