From nobody@FreeBSD.org  Tue Jul 24 17:25:36 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8B3901065703
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 Jul 2012 17:25:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 5D1C48FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 Jul 2012 17:25:36 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q6OHPaBk006157
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 Jul 2012 17:25:36 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q6OHPZHY006156;
	Tue, 24 Jul 2012 17:25:35 GMT
	(envelope-from nobody)
Message-Id: <201207241725.q6OHPZHY006156@red.freebsd.org>
Date: Tue, 24 Jul 2012 17:25:35 GMT
From: William Orr <will@worrbase.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sysutils/duplicity cannot resume encrypted backups
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         170114
>Category:       ports
>Synopsis:       sysutils/duplicity cannot resume encrypted backups
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jase
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 24 17:30:12 UTC 2012
>Closed-Date:    Wed Aug 15 17:48:07 BST 2012
>Last-Modified:  Wed Aug 15 16:50:09 UTC 2012
>Originator:     William Orr
>Release:        9.0-RELEASE
>Organization:
>Environment:
FreeBSD puppies.worrbase.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Users of duplicity are unable to resume encrypted backups. GPG always returns an error that an invalid passphrase was used. This is a known bug, and the attached patches revert the change that caused the problem.

https://answers.launchpad.net/duplicity/+question/183711
>How-To-Repeat:
Try and resume an encrypted backup with duplicity
>Fix:
Apply attached patches

Patch attached with submission follows:

--- bin/duplicity.orig	2012-05-22 10:58:53.000000000 -0400
+++ bin/duplicity	2012-07-24 12:12:35.670846734 -0400
@@ -299,32 +299,6 @@
             tdp.delete()
         return putsize
 
-    def validate_encryption_settings(backup_set, manifest):
-        """
-        When restarting a backup, we have no way to verify that the current
-        passphrase is the same as the one used for the beginning of the backup.
-        This is because the local copy of the manifest is unencrypted and we
-        don't need to decrypt the existing volumes on the backend.  To ensure
-        that we are using the same passphrase, we manually download volume 1
-        and decrypt it with the current passphrase.  We also want to confirm
-        that we're using the same encryption settings (i.e. we don't switch
-        from encrypted to non in the middle of a backup chain), so we check
-        that the vol1 filename on the server matches the settings of this run.
-        """
-        vol1_filename = file_naming.get(backup_type, 1,
-                                        encrypted=globals.encryption,
-                                        gzipped=globals.compression)
-        if vol1_filename != backup_set.volume_name_dict[1]:
-            log.FatalError(_("Restarting backup, but current encryption "
-                             "settings do not match original settings"),
-                           log.ErrorCode.enryption_mismatch)
-
-        # Settings are same, let's check passphrase itself if we are encrypted
-        if globals.encryption:
-            fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename,
-                                              manifest.volume_info_dict[1])
-            fileobj.close()
-
     if not globals.restart:
         # normal backup start
         vol_num = 0
@@ -335,7 +309,6 @@
         mf = globals.restart.last_backup.get_local_manifest()
         globals.restart.checkManifest(mf)
         globals.restart.setLastSaved(mf)
-        validate_encryption_settings(globals.restart.last_backup, mf)
         mf.fh = man_outfp
         last_block = globals.restart.last_block
         log.Notice("Restarting after volume %s, file %s, block %s" %


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->jase 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Jul 24 17:30:23 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170114 

From: William Orr <will@worrbase.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: ports/170114: sysutils/duplicity cannot resume encrypted backups
Date: Tue, 24 Jul 2012 10:55:16 -0700

 --f46d042c6477d55ba704c5971138
 Content-Type: multipart/alternative; boundary=f46d042c6477d55ba304c5971136
 
 --f46d042c6477d55ba304c5971136
 Content-Type: text/plain; charset=ISO-8859-1
 
 Here is the other patch required to fix the issue.
 
 --f46d042c6477d55ba304c5971136
 Content-Type: text/html; charset=ISO-8859-1
 
 Here is the other patch required to fix the issue.
 
 --f46d042c6477d55ba304c5971136--
 --f46d042c6477d55ba704c5971138
 Content-Type: text/plain; charset=US-ASCII; name="patch-duplicity-log.py.txt"
 Content-Disposition: attachment; filename="patch-duplicity-log.py.txt"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_h51abmex0
 
 LS0tIGR1cGxpY2l0eS9sb2cucHkub3JpZwkyMDEyLTA1LTIyIDEwOjU4OjUyLjAwMDAwMDAwMCAt
 MDQwMAorKysgZHVwbGljaXR5L2xvZy5weQkyMDEyLTA3LTI0IDEyOjEwOjE0LjQ4MjkwMjgzNSAt
 MDQwMApAQCAtMTkyLDcgKzE5Miw2IEBACiAgICAgc291cmNlX2Rpcl9taXNtYXRjaCA9IDQyICMg
 NDEgaXMgcmVzZXJ2ZWQgZm9yIHBhcjIKICAgICBmdHBzX2xmdHBfbWlzc2luZyA9IDQzCiAgICAg
 dm9sdW1lX3dyb25nX3NpemUgPSA0NAotICAgIGVucnlwdGlvbl9taXNtYXRjaCA9IDQ1CiAgICAg
 cHl0aG9ub3B0aW1pemVfc2V0ID0gNDYKIAogICAgICMgNTAtPjY5IHJlc2VydmVkIGZvciBiYWNr
 ZW5kIGVycm9ycwo=
 --f46d042c6477d55ba704c5971138--

From: Jase Thew <jase@FreeBSD.org>
To: bug-followup@FreeBSD.org, will@worrbase.com
Cc:  
Subject: Re: ports/170114: sysutils/duplicity cannot resume encrypted backups
Date: Tue, 24 Jul 2012 20:20:35 +0100

 Hi William,
 
 Are you seeing this problem in relation to gpg-agent or with exporting
 PASSPHRASE into duplicity's environment? Also, are you seeing this issue
 when running duplicity manually, or via a crontab entry?
 
 Regards,
 
 Jase.
 
 -- 
 Jase Thew
 jase@FreeBSD.org
 FreeBSD Ports Committer
 

From: William Orr <will@worrbase.com>
To: Jase Thew <jase@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: ports/170114: sysutils/duplicity cannot resume encrypted backups
Date: Tue, 24 Jul 2012 13:23:26 -0700

 --f46d04088ee5c2fbee04c59923f1
 Content-Type: text/plain; charset=ISO-8859-1
 
 I've seen the issue with both, and I've only run it manually.
 
 The thread I linked to mention people having the problem with both as well,
 though using the env variable seems to work with some people some times. No
 idea what's different about my setup from theirs.
 
 On Tue, Jul 24, 2012 at 12:20 PM, Jase Thew <jase@freebsd.org> wrote:
 
 > Hi William,
 >
 > Are you seeing this problem in relation to gpg-agent or with exporting
 > PASSPHRASE into duplicity's environment? Also, are you seeing this issue
 > when running duplicity manually, or via a crontab entry?
 >
 > Regards,
 >
 > Jase.
 >
 > --
 > Jase Thew
 > jase@FreeBSD.org
 > FreeBSD Ports Committer
 >
 >
 
 
 -- 
 Will Orr
 
 --f46d04088ee5c2fbee04c59923f1
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 I&#39;ve seen the issue with both, and I&#39;ve only run it manually.<div><=
 br></div><div>The thread I linked to mention people having the problem with=
  both as well, though using the env variable seems to work with some people=
  some times. No idea what&#39;s different about my setup from theirs.</div>
 
 <div><div><br><div class=3D"gmail_quote">On Tue, Jul 24, 2012 at 12:20 PM, =
 Jase Thew <span dir=3D"ltr">&lt;<a href=3D"mailto:jase@freebsd.org" target=
 =3D"_blank">jase@freebsd.org</a>&gt;</span> wrote:<br><blockquote class=3D"=
 gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
 left:1ex">
 
 Hi William,<br>
 <br>
 Are you seeing this problem in relation to gpg-agent or with exporting<br>
 PASSPHRASE into duplicity&#39;s environment? Also, are you seeing this issu=
 e<br>
 when running duplicity manually, or via a crontab entry?<br>
 <br>
 Regards,<br>
 <br>
 Jase.<br>
 <span class=3D"HOEnZb"><font color=3D"#888888"><br>
 --<br>
 Jase Thew<br>
 jase@FreeBSD.org<br>
 FreeBSD Ports Committer<br>
 <br>
 </font></span></blockquote></div><br><br clear=3D"all"><div><br></div>-- <b=
 r>Will Orr<br>
 </div></div>
 
 --f46d04088ee5c2fbee04c59923f1--

From: Jase Thew <jase@FreeBSD.org>
To: bug-followup@FreeBSD.org, will@worrbase.com
Cc:  
Subject: Re: ports/170114: sysutils/duplicity cannot resume encrypted backups
Date: Sun, 12 Aug 2012 14:36:16 +0100

 Hi Will,
 
 Can you please try the patch listed in this comment [1] and ensure that
 it works for you? If it does, I'll commit it to the port - I'd prefer to
 take this route than to completely remove the functionality as suggested
 earlier in the PR/upstream bug report.
 
 Regards,
 
 Jase.
 
 [1] http://bit.ly/OiE140
 -- 
 Jase Thew
 jase@FreeBSD.org
 FreeBSD Ports Committer
 

From: William Orr <will@worrbase.com>
To: Jase Thew <jase@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: ports/170114: sysutils/duplicity cannot resume encrypted backups
Date: Sun, 12 Aug 2012 16:36:27 -0700

 --f46d042c6477fac12304c71a0cf7
 Content-Type: text/plain; charset=ISO-8859-1
 
 Hello,
 
 I tried the patch, and it almost worked. The first line added (the if
 statement) needs to have 4 more spaces prepended to it so that python
 doesn't throw an IndentationError, but other than that, it works great.
 
 On Sun, Aug 12, 2012 at 6:36 AM, Jase Thew <jase@freebsd.org> wrote:
 
 > Hi Will,
 >
 > Can you please try the patch listed in this comment [1] and ensure that
 > it works for you? If it does, I'll commit it to the port - I'd prefer to
 > take this route than to completely remove the functionality as suggested
 > earlier in the PR/upstream bug report.
 >
 > Regards,
 >
 > Jase.
 >
 > [1] http://bit.ly/OiE140
 > --
 > Jase Thew
 > jase@FreeBSD.org
 > FreeBSD Ports Committer
 >
 >
 
 
 -- 
 Will Orr
 
 --f46d042c6477fac12304c71a0cf7
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 Hello,<div><br></div><div>I tried the patch, and it almost worked. The firs=
 t line added (the if statement) needs to have 4 more spaces prepended to it=
  so that python doesn&#39;t throw an IndentationError, but other than that,=
  it works great.<br>
 
 <br><div class=3D"gmail_quote">On Sun, Aug 12, 2012 at 6:36 AM, Jase Thew <=
 span dir=3D"ltr">&lt;<a href=3D"mailto:jase@freebsd.org" target=3D"_blank">=
 jase@freebsd.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote"=
  style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
 
 Hi Will,<br>
 <br>
 Can you please try the patch listed in this comment [1] and ensure that<br>
 it works for you? If it does, I&#39;ll commit it to the port - I&#39;d pref=
 er to<br>
 take this route than to completely remove the functionality as suggested<br=
 >
 earlier in the PR/upstream bug report.<br>
 <br>
 Regards,<br>
 <br>
 Jase.<br>
 <br>
 [1] <a href=3D"http://bit.ly/OiE140" target=3D"_blank">http://bit.ly/OiE140=
 </a><br>
 <span class=3D"HOEnZb"><font color=3D"#888888">--<br>
 Jase Thew<br>
 jase@FreeBSD.org<br>
 FreeBSD Ports Committer<br>
 <br>
 </font></span></blockquote></div><br><br clear=3D"all"><div><br></div>-- <b=
 r>Will Orr<br>
 </div>
 
 --f46d042c6477fac12304c71a0cf7--
State-Changed-From-To: open->closed 
State-Changed-By: jase 
State-Changed-When: Wed 15 Aug 2012 17:48:05 BST 
State-Changed-Why:  
Committed, with minor changes. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170114 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/170114: commit references a PR
Date: Wed, 15 Aug 2012 16:47:50 +0000 (UTC)

 Author: jase
 Date: Wed Aug 15 16:47:35 2012
 New Revision: 302587
 URL: http://svn.freebsd.org/changeset/ports/302587
 
 Log:
   - Add temporary patch to fix resuming encrypted backups.
   
   PR:		ports/170114
   Submitted by:	William Orr <will@worrbase.com>
   Obtained from:	https://answers.launchpad.net/duplicity/+question/183711
   Approved by:	flo (mentor)
 
 Added:
   head/sysutils/duplicity/files/patch-bin-duplicity   (contents, props changed)
 Modified:
   head/sysutils/duplicity/Makefile   (contents, props changed)
 
 Modified: head/sysutils/duplicity/Makefile
 ==============================================================================
 --- head/sysutils/duplicity/Makefile	Wed Aug 15 16:40:13 2012	(r302586)
 +++ head/sysutils/duplicity/Makefile	Wed Aug 15 16:47:35 2012	(r302587)
 @@ -7,7 +7,7 @@
  
  PORTNAME=	duplicity
  PORTVERSION=	0.6.19
 -PORTREVISION=	1
 +PORTREVISION=	2	
  CATEGORIES=	sysutils
  MASTER_SITES=	http://launchpad.net/duplicity/0.6-series/${PORTVERSION}/+download/
  
 
 Added: head/sysutils/duplicity/files/patch-bin-duplicity
 ==============================================================================
 --- /dev/null	00:00:00 1970	(empty, because file is newly added)
 +++ head/sysutils/duplicity/files/patch-bin-duplicity	Wed Aug 15 16:47:35 2012	(r302587)
 @@ -0,0 +1,11 @@
 +--- bin/duplicity.orig	2012-05-22 15:58:53.000000000 +0100
 ++++ bin/duplicity	2012-08-12 14:32:01.920372871 +0100
 +@@ -321,6 +321,8 @@
 + 
 +         # Settings are same, let's check passphrase itself if we are encrypted
 +         if globals.encryption:
 ++            if not globals.gpg_profile.passphrase:
 ++                globals.gpg_profile.passphrase = get_passphrase(1, "verify")
 +             fileobj = restore_get_enc_fileobj(globals.backend, vol1_filename,
 +                                               manifest.volume_info_dict[1])
 +             fileobj.close()
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
