2Shirt/duplicity-backup.sh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added HIDE_KEY_ID and SECRET_KEYRING options

Browse source
This commit is contained in:
Dan Staples 2014-01-03 15:26:26 -05:00
parent afd29ba2d4
commit 1864e3ae98
2 changed files with 23 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
duplicity-backup.conf.example
View file

@ -81,6 +81,17 @@ PASSPHRASE="foobar_gpg_passphrase"
GPG_ENC_KEY="foobar_gpg_key"
GPG_SIGN_KEY="foobar_gpg_key"
# Do you want to hide the key id of the encrypted files? yes/no
# It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup.
# On restore, gpg will automatically try all available secret keys in order to
# decrypt the backup. See gpg(1) for more details.
# HIDE_KEY_ID='yes'
# You can optionally specify the secret keyring file to use for the encryption and
# signing keys. If not specified, the default secret keyring is used which is
# usually located at ~/.gnupg/secring.gpg
# SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg
# BACKUP SOURCE INFORMATION
# The ROOT of your backup (where you want the backup to start);
# This can be / or somwhere else -- I use /home/ because all the

16
duplicity-backup.sh
View file

@ -186,7 +186,15 @@ LOCKFILE=${LOGDIR}backup.lock
if [ "$ENCRYPTION" = "yes" ]; then
if [ ! -z "$GPG_ENC_KEY" ] && [ ! -z "$GPG_SIGN_KEY" ]; then
ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
if [ "$HIDE_KEY_ID" = "yes" ]; then
ENCRYPT="--hidden-encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
else
ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
fi
if [ ! -z "$SECRET_KEYRING" ]; then
KEYRING="--secret-keyring ${SECRET_KEYRING}"
ENCRYPT="${ENCRYPT} --encrypt-secret-keyring=${SECRET_KEYRING}"
fi
elif [ ! -z "$PASSPHRASE" ]; then
ENCRYPT=""
fi
@ -506,10 +514,10 @@ backup_this_script()
if [ ! -z "$GPG_ENC_KEY" -a ! -z "$GPG_SIGN_KEY" ]; then
export GPG_TTY=`tty`
if [ "$GPG_ENC_KEY" = "$GPG_SIGN_KEY" ]; then
gpg -a --export-secret-keys ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-and-sign-secret.key.txt
gpg -a --export-secret-keys ${KEYRING} ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-and-sign-secret.key.txt
else
gpg -a --export-secret-keys ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-secret.key.txt
gpg -a --export-secret-keys ${GPG_SIGN_KEY} > ${TMPDIR}/duplicity-backup-sign-secret.key.txt
gpg -a --export-secret-keys ${KEYRING} ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-secret.key.txt
gpg -a --export-secret-keys ${KEYRING} ${GPG_SIGN_KEY} > ${TMPDIR}/duplicity-backup-sign-secret.key.txt
fi
fi