Shows error message "Volume was signed by key XXXXXXXXXXXXXXXX, not XXXXXXXX"

Bug #1714663 reported by Valentin Stoykov on 2017-09-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Duplicity
Medium
Unassigned

Bug Description

Example:

valentin@computer:~/tmp$ duplicity --encrypt-sign-key 0CED0054 data file:///tmp/backup
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
GnuPG passphrase:
GnuPG passphrase for signing key:
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1504351535.91 (Sat Sep 2 14:25:35 2017)
EndTime 1504351536.11 (Sat Sep 2 14:25:36 2017)
ElapsedTime 0.20 (0.20 seconds)
SourceFiles 5
SourceFileSize 2202713 (2.10 MB)
NewFiles 5
NewFileSize 2202713 (2.10 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 5
RawDeltaSize 2202707 (2.10 MB)
TotalDestinationSizeChange 2207511 (2.11 MB)
Errors 0
-------------------------------------------------

valentin@computer:~/tmp$ mv data data.2
valentin@computer:~/tmp$ mkdir data
valentin@computer:~/tmp$ duplicity --encrypt-sign-key 0CED0054 file:///tmp/backup data
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sat Sep 2 14:25:32 2017
GnuPG passphrase:
Volume was signed by key FC7C18370CED0054, not 0CED0054
valentin@computer:~/tmp$

Another example:

valentin@computer:~/tmp$ duplicity --encrypt-sign-key 0CED0054 verify file:///tmp/backup data --compare-data
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sat Sep 2 14:25:32 2017
GnuPG passphrase:
Difference found: File . has mtime Sat Sep 2 14:25:53 2017, expected Sat Sep 2 14:03:07 2017
Volume was signed by key FC7C18370CED0054, not 0CED0054
valentin@computer:~/tmp$

It is not clear that the duplicity is actually verifying signatures with the same key (FC7C18370CED0054 is just a long name of the same key - 0CED0054) or giving up on this.

The user is not informed properly what duplicity is doing when it encounter this error.

Also, this can be prevented by using the full fingerprint of the key (when user enter the short name the duplicity can find the long fingerprint and use it).

Software version:

valentin@computer:~$ duplicity --version
duplicity 0.7.14
valentin@computer:~$ cat /proc/version
Linux version 4.4.0-93-generic (buildd@lgw01-03) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #116-Ubuntu SMP Fri Aug 11 21:17:51 UTC 2017
valentin@computer:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
valentin@computer:~$ python --version
Python 2.7.12
valentin@computer:~$

description: updated
Changed in duplicity:
importance: Undecided → Medium
milestone: none → 0.7.15
status: New → Fix Committed
Changed in duplicity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers