Merge remote-tracking branch 'dismantl/option-updates' into dev
Conflicts: duplicity-backup.sh
This commit is contained in:
zertrin
commit
5e939fd632
2 changed files with 33 additions and 11 deletions
|
|
@ -81,6 +81,17 @@ PASSPHRASE="foobar_gpg_passphrase"
|
|||
GPG_ENC_KEY="foobar_gpg_key"
|
||||
GPG_SIGN_KEY="foobar_gpg_key"
|
||||
|
||||
# Do you want to hide the key id of the encrypted files? yes/no
|
||||
# It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup.
|
||||
# On restore, gpg will automatically try all available secret keys in order to
|
||||
# decrypt the backup. See gpg(1) for more details.
|
||||
# HIDE_KEY_ID='yes'
|
||||
|
||||
# You can optionally specify the secret keyring file to use for the encryption and
|
||||
# signing keys. If not specified, the default secret keyring is used which is
|
||||
# usually located at ~/.gnupg/secring.gpg
|
||||
# SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg
|
||||
|
||||
# BACKUP SOURCE INFORMATION
|
||||
# The ROOT of your backup (where you want the backup to start);
|
||||
# This can be / or somwhere else -- I use /home/ because all the
|
||||
|
|
|
|||
|
|
@ -186,7 +186,18 @@ LOCKFILE=${LOGDIR}backup.lock
|
|||
|
||||
if [ "$ENCRYPTION" = "yes" ]; then
|
||||
if [ ! -z "$GPG_ENC_KEY" ] && [ ! -z "$GPG_SIGN_KEY" ]; then
|
||||
ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
|
||||
if [ "$HIDE_KEY_ID" = "yes" ]; then
|
||||
ENCRYPT="--hidden-encrypt-key=${GPG_ENC_KEY}"
|
||||
if [ "$COMMAND" != "restore" -a "$COMMAND" != "restore-file" -a "$COMMAND" != "restore-dir" ]; then
|
||||
ENCRYPT="$ENCRYPT --sign-key=${GPG_SIGN_KEY}"
|
||||
fi
|
||||
else
|
||||
ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
|
||||
fi
|
||||
if [ ! -z "$SECRET_KEYRING" ]; then
|
||||
KEYRING="--secret-keyring ${SECRET_KEYRING}"
|
||||
ENCRYPT="${ENCRYPT} --encrypt-secret-keyring=${SECRET_KEYRING}"
|
||||
fi
|
||||
elif [ ! -z "$PASSPHRASE" ]; then
|
||||
ENCRYPT=""
|
||||
fi
|
||||
|
|
@ -425,13 +436,13 @@ include_exclude()
|
|||
|
||||
duplicity_cleanup()
|
||||
{
|
||||
echo "-----------[ Duplicity Cleanup ]-----------" >> ${LOGFILE}
|
||||
if [[ "${CLEAN_UP_TYPE}" != "none" ]]; then
|
||||
eval ${ECHO} ${DUPLICITY} ${CLEAN_UP_TYPE} ${CLEAN_UP_VARIABLE} ${STATIC_OPTIONS} --force \
|
||||
${ENCRYPT} \
|
||||
${DEST} >> ${LOGFILE}
|
||||
echo >> ${LOGFILE}
|
||||
fi
|
||||
echo "-----------[ Duplicity Cleanup ]-----------" >> ${LOGFILE}
|
||||
if [[ "${CLEAN_UP_TYPE}" != "none" && ! -z ${CLEAN_UP_TYPE} && ! -z ${CLEAN_UP_VARIABLE} ]]; then
|
||||
eval ${ECHO} ${DUPLICITY} ${CLEAN_UP_TYPE} ${CLEAN_UP_VARIABLE} ${STATIC_OPTIONS} --force \
|
||||
${ENCRYPT} \
|
||||
${DEST} >> ${LOGFILE}
|
||||
echo >> ${LOGFILE}
|
||||
fi
|
||||
if [ ! -z ${REMOVE_INCREMENTALS_OLDER_THAN} ] && [[ ${REMOVE_INCREMENTALS_OLDER_THAN} =~ ^[0-9]+$ ]]; then
|
||||
eval ${ECHO} ${DUPLICITY} remove-all-inc-of-but-n-full ${REMOVE_INCREMENTALS_OLDER_THAN} \
|
||||
${STATIC_OPTIONS} --force \
|
||||
|
|
@ -522,10 +533,10 @@ backup_this_script()
|
|||
if [ ! -z "$GPG_ENC_KEY" -a ! -z "$GPG_SIGN_KEY" ]; then
|
||||
export GPG_TTY=`tty`
|
||||
if [ "$GPG_ENC_KEY" = "$GPG_SIGN_KEY" ]; then
|
||||
gpg -a --export-secret-keys ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-and-sign-secret.key.txt
|
||||
gpg -a --export-secret-keys ${KEYRING} ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-and-sign-secret.key.txt
|
||||
else
|
||||
gpg -a --export-secret-keys ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-secret.key.txt
|
||||
gpg -a --export-secret-keys ${GPG_SIGN_KEY} > ${TMPDIR}/duplicity-backup-sign-secret.key.txt
|
||||
gpg -a --export-secret-keys ${KEYRING} ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-secret.key.txt
|
||||
gpg -a --export-secret-keys ${KEYRING} ${GPG_SIGN_KEY} > ${TMPDIR}/duplicity-backup-sign-secret.key.txt
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue