#3546 PR merged: make duplicity work well again + sanity checks added¶
Labels: enhancement, minor bug, ready-to-merge?
gdha opened issue at 2025-12-11 15:10:¶
-
Type: Bug Fix
-
Impact: Low
-
Reference to related issue (URL): #3541
-
How was this pull request tested? With VMs
-
Description of the changes in this pull request: Duplicity workflow was broken on OSes using python version 3. This was fixed. Furthermore, the non-default gpg options are not passed via duplicity anymore, but should be added to the ~/.gnupg/gpg.conf file instead.
And, a restore-in-time option was added to the configuration which can only be used in 'recovery' time (default is always the latest full).
jsmeix commented at 2025-12-17 14:29:¶
I won't use Duplicity so all I can do is plain looking at the code.
My remarks so far:
(1)
I do not understand how BACKUP_DUPLICITY_GPG_OPTIONS
is now meant to be used or forbidden to be used?
On the one hand it is still evaluated
(but now a bit different - why now different?)
in backup/DUPLICITY/default/500_make_duplicity_backup.sh
and in restore/DUPLICITY/default/400_restore_duplicity.sh
On the other hand we error out now when it is set in
prep/DUPLICITY/default/055_error_on_duplicity_gpg_options.sh
(2)
In general regarding variables like
BACKUP_DUPLICITY_GPG_ENC_KEY="
and
BACKUP_DUPLICITY_GPG_ENC_PASSPHRASE="passphrase"
and
BACKUP_DUPLICITY_GPG_SIGN_KEY=""
see
in default.conf the initial comment section about
"variables ... for secret values"
https://github.com/rear/rear/blob/master/usr/share/rear/conf/default.conf#L13
and see the LogSecret function
https://github.com/rear/rear/blob/master/usr/share/rear/lib/_framework-setup-and-functions.sh#L474
and see
https://relax-and-recover.org/documentation/security-architecture
therein in particular the section about
"Onwership for Security"
[Export of Github issue for rear/rear.]