Bad passphrase can leave bogus sigtar in archive
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Duplicity |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
When syncing metadata to a local archive, duplicity will create an empty sigtar file in the archive before attempting to decrypt the remote sigtar.gpg file. If the passphrase provided by the user is incorrect, this can result in an empty sigtar remaining in the archive for later runs.
== To reproduce ==
* Create a sample encrypted backup:
mkdir /tmp/source
echo test > /tmp/source/test
PASSPHRASE=test duplicity /tmp/source file:///tmp/backup
* Prove that list-current-files works
PASSPHRASE=test duplicity list-current-files file:///tmp/backup
* Delete archive:
rm -r ~/.cache/duplicity
* Use a bogus passphrase:
PASSPHRASE= duplicity list-current-files file:///tmp/backup
* Now use the real passphrase, but note that we don't get any files back:
PASSPHRASE=test duplicity list-current-files file:///tmp/backup
== How to fix ==
I think the best fix (which would also cover the case of interrupted copy_to_local for other reasons) is to use dup_temp to write to a temporary file and then only copy into the archive when the copy is complete.
I'm looking into writing a patch.
Related branches
- duplicity-team: Pending requested
-
Diff: 22 lines (+5/-5)1 file modifiedduplicity-bin (+5/-5)
| Michael Terry (mterry) wrote | #1 |
| Changed in duplicity: | |
| importance: | Undecided → Medium |
| milestone: | none → 0.6.15 |
| status: | New → Fix Committed |
| Changed in duplicity: | |
| status: | Fix Committed → Fix Released |
Here's a quick script to reproduce that I used when testing my branch.