Package: backupninja Version: 1.0.1-2 Severity: important Dear Maintainer,
When upgrading backupninja with duplicity to stretch, the duplicity integration stopped working. The issue is that duplicity in stretch supports using SSH directly (paramiko), while backupninja passes it option for the old SCP/SFTP method. With the following SSH options in /etc/backup.d/50.dup: sshoptions = -oIdentityFile=/root/.ssh/id_backup_rsa It gives this result: Info: >>>> starting action /etc/backup.d/50.dup (because of --now) Debug: yes Debug: executing handler in locked section controlled by /var/lock/backupninja/_etc_backup.d_50.dup Debug: Data will be encrypted using symmetric encryption. Debug: Data won't be signed. Debug: duplicity cleanup --force --no-print-statistics --scp-command 'scp -oIdentityFile=/root/.ssh/id_backup_rsa' --sftp-command 'sftp -oIdentityFile=/root/.ssh/ id_backup_rsa' --full-if-older-than 30D --extra-clean --archive-dir /var/cache/backupninja/duplicity scp://u...@backup.domain.tld/backups//mymachine.domain.tld Debug: BackendException: ssh connection to u...@backup.domain.tld:22 failed: ('Bad authentication type', [u'publickey']) (allowed_types=[u'publickey']) Warning: Duplicity cleanup failed. Debug: duplicity --no-print-statistics --scp-command 'scp -oIdentityFile=/root/.ssh/id_backup_rsa' --sftp-command 'sftp -oIdentityFile=/root/.ssh/id_backup_rsa' --full-if-older-than 30D --extra-clean --archive-dir /var/cache/backupninja/duplicity --exclude '/home/*/.gnupg' --exclude '/home/*/.cache' --exclude '/root/.cache' --exclude '/var/cache/backupninja/duplicity' --include '/var/spool/cron/crontabs' --include '/var/backups' --include '/etc' --include '/root' --include '/home' --include '/usr/local/bin' --include '/usr/local/sbin' --include '/var/lib/dpkg/status' --include '/var/lib/dpkg/status-old' --exclude '**' / scp://u...@backup.domain.tld/backups//mymachine.domain.tld Error: BackendException: ssh connection to u...@backup.domain.tld:22 failed: ('Bad authentication type', [u'publickey']) (allowed_types=[u'publickey']) Fatal: Duplicity failed. Fatal: <<<< finished action /etc/backup.d/50.dup: FAILED This is because of the following bad version check for duplicity in /usr/share/backupninja/dup: [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 6 -a "$duplicity_sub" -ge 17 ] duplicity is 0.7.11, which fails the check (11 is smaller than 17). The correct check would be: [ "$duplicity_major" -gt 0 ] || [ "$duplicity_major" -eq 0 -a "$duplicity_minor" -gt 6 ] || [ "$duplicity_major" -eq 0 -a "$duplicity_minor" -eq 6 -a "$duplicity_su b" -ge 17 ] There is another similar check further down, for duplicity>=0.6.10, which should be fixed similarly. With this fix, duplicity gets passed the correct option "--ssh-options": Debug: duplicity --no-print-statistics --ssh-options '-oIdentityFile=/root/.ssh/id_backup_rsa' --full-if-older-than 30D --extra-clean --archive-dir /var/cache/ba ckupninja/duplicity --exclude '/home/*/.gnupg' --exclude '/home/*/.cache' --exclude '/root/.cache' --exclude '/var/cache/backupninja/duplicity' --include '/var/spool/cron/crontabs' --include '/var/backups' --include '/etc' --include '/root' --include '/home' --include '/usr/local/bin' --include '/usr/local/sbin' --include '/var/lib/dpkg/status' --include '/var/lib/dpkg/status-old' --exclude '**' / scp://u...@backup.machine.tld/backups//mymachine.domain.tld -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages backupninja depends on: ii bash 4.4-5 ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4 ii dialog 1.3-20160828-2 ii mawk 1.3.3-17+b3 backupninja recommends no packages. Versions of packages backupninja suggests: pn bzip2 <none> pn debconf-utils <none> ii duplicity 0.7.11-1 pn genisoimage <none> pn hwinfo <none> pn mdadm <none> pn rdiff-backup <none> pn rsync <none> pn subversion <none> pn trickle <none> pn wodim <none> -- no debconf information