Cannot restore when passphrase has changed

Bug #1823858 reported by Yajo
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

My use case:

Done incremental backups for a long time:

export PASSPHRASE=one
duplicity full $args $src $dst
duplicity $args $src $dst
... etc

Now, I need to rotate the passphrase, so I create a new chain with the new passphrase and keep on doing incrementals with that new passphrase:

export PASSPHRASE=two
duplicity full $args $src $dst
duplicity $args $src $dst
... etc

Now, I need to restore the last backup in another machine. It fails to fetch the metadata:

export PASSPHRASE=two
duplicity restore $args --force $dst $src
Synchronizing remote metadata to local cache...
Copying to local cache.
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
===== End GnuPG log =====

According to the date of the archive it's restoring, it must have been encrypted using the old PASSPHRASE. However, this is expected. I don't really need to restore that file until I need to restore an older backup. Is there no other way to do this? Can't I just tell Duplicity to sync signatures and manifests only for the needed chains (the last one actually)?

Revision history for this message
Yajo (yajo) wrote :

I tried restoring with --ignore-errors, to let duplicity sync only metadata that is encrypted with the same passphrase, but it yields the same error. 😕

Revision history for this message
Yajo (yajo) wrote :

I proposed a fix in although I'm not sure it's a good way to do it. Yikes, I'm so used to git these days that bzr+lp is not so easy to grasp!

Please review.

Revision history for this message
Yajo (yajo) wrote :

This is fixed in Duplicity 0.7.19.

Changed in duplicity:
status: New → Fix Released
Changed in duplicity:
milestone: none → 0.8.00
milestone: 0.8.00 → none
Changed in duplicity:
milestone: none → 0.7.19
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.