Added support for using separate signature and encryption keys
This commit is contained in:
puredoze
parent
f66427f209
commit
640e497121
2 changed files with 16 additions and 7 deletions
|
|
@ -45,17 +45,25 @@ AWS_SECRET_ACCESS_KEY="foobar_aws_access_key"
|
|||
|
||||
# ENCRYPTION INFORMATION
|
||||
# Do you want your backup to be encrypted? yes/no
|
||||
# If yes, please make sure you specify either PASSPHRASE or GPG_KEY
|
||||
# If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY
|
||||
ENCRYPTION='yes'
|
||||
|
||||
# If you are NOT running this from a cron, comment this line out
|
||||
# and duplicity should prompt you for your password.
|
||||
# Otherwise this password is either used for symetric encryption
|
||||
# (your backups will be encrypted with this password) or is used
|
||||
# for the "GPG_SIGN_KEY" (see below).
|
||||
# Comment out if you aren't using encryption
|
||||
PASSPHRASE="foobar_gpg_passphrase"
|
||||
|
||||
# Specify which GPG key you would like to use (even if you have only one).
|
||||
# Comment out if you're using only PASSPHRASE or not using encryption
|
||||
GPG_KEY="foobar_gpg_key"
|
||||
# Specify which GPG keys you would like to use (even if you have only one).
|
||||
# It is highly recommended to create separate signature and encryption keys.
|
||||
# When run, duplicity should prompt you for the GPG_SIGN_KEY password
|
||||
# (or specify the PASSPHRASE above if you run this script from a cron).
|
||||
# Comment out if you're using only PASSPHRASE (symetric encryption) or not using
|
||||
# encryption at all.
|
||||
GPG_ENC_KEY="foobar_gpg_key"
|
||||
GPG_SIGN_KEY="foobar_gpg_key"
|
||||
|
||||
# BACKUP SOURCE INFORMATION
|
||||
# The ROOT of your backup (where you want the backup to start);
|
||||
|
|
|
|||
|
|
@ -158,8 +158,8 @@ S3CMD="$(which s3cmd)"
|
|||
LOCKFILE=${LOGDIR}backup.lock
|
||||
|
||||
if [ "$ENCRYPTION" = "yes" ]; then
|
||||
if [ ! -z "$GPG_KEY" ]; then
|
||||
ENCRYPT="--encrypt-key=${GPG_KEY} --sign-key=${GPG_KEY}"
|
||||
if [ ! -z "$GPG_ENC_KEY" ] && [ ! -z "$GPG_SIGN_KEY" ]; then
|
||||
ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
|
||||
elif [ ! -z "$PASSPHRASE" ]; then
|
||||
ENCRYPT=""
|
||||
fi
|
||||
|
|
@ -196,7 +196,8 @@ fi
|
|||
check_variables ()
|
||||
{
|
||||
if [[ ${ROOT} = "" || ${DEST} = "" || ${INCLIST} = "" || \
|
||||
${GPG_KEY} = "foobar_gpg_key" || \
|
||||
${GPG_ENC_KEY} = "foobar_gpg_key" || \
|
||||
${GPG_SIGN_KEY} = "foobar_gpg_key" || \
|
||||
${PASSPHRASE} = "foobar_gpg_passphrase" || \
|
||||
${LOGDIR} = "/home/foobar_user_name/logs/test2/" || \
|
||||
( ${DEST_IS_S3} = true && ${AWS_ACCESS_KEY_ID} = "foobar_aws_key_id" ) || \
|
||||
|
|
|
|||
Loading…
Reference in a new issue