Fedora

No way to use gpg passphrase-file

Reported by Artur Bodera on 2010-01-05
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Duplicity
Undecided
Unassigned
duplicity (Fedora)
New
Undecided
Unassigned

Bug Description

duplicity 0.6.05, Python 2.5.2, linux 2.6.27.38

There is no way to use passphrase file with duplicity, normally available with gpg.

For example this works well:
    cat file | gpg --batch -c --passphrase-file /mysecretkey - | ncftp dst

It is broken in duplicity:
    duplicity --verbosity 9 --gpg-options "passphrase-file=/mysecretkey" /src /dst

Because the key is read from filem, duplicity should not ask for it.
Furthermore, using export PASSPHRASE="" doesn't help.
Duplicity then crashes with:

GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
usage: gpg [options] [filename]
===== End GnuPG log =====

Dirty workaround:
     export PASSPHRASE="`cat /mysecretkey`"

Possible solution 1 - new param for duplicity:
     --passphrase-file file Read passphrase from file

Possible solution 2 - detect passphrase-file param in gpg-options.

edso (ed.so) wrote :

use the --gpg-options parameter e.g. --gpg-options '--passphrase-file /mysecretkey'

.. ede

Artur Bodera (abodera) wrote :

As described above, doesn't work.

Artur Bodera (abodera) wrote :

I see it now. It's confusion around long,short gnu/non-gnu params and what duplicity expects inside --gpg-options
I've related to it in:
https://bugs.launchpad.net/duplicity/+bug/503309

Artur Bodera (abodera) wrote :

Tested the following and none works:
--gpg-options "passphrase-file=file"
--gpg-options "passphrase-file file"
--gpg-options "--passphrase-file=file"
--gpg-options "--passphrase-file file"

It will always result in: PASSPHRASE variable not set, asking user.

Aaron Whitehouse (luna-tick) wrote :

I have the same problem trying to set the passphrase directly in the shell script (I know, it isn't great, but none of these options are).

Neither
--gpg-options "--passphrase='[passphrase]'" nor
--gpg-options "--passphrase [passphrase]"
worked.

Aaron Whitehouse (luna-tick) wrote :

(Note that
export PASSPHRASE="[passphrase]"
did work.)

Orair (gustavo-orair) wrote :

In fact, '--passphrase-file [file]' works in any way. Try to specify this option with a non-existing file and duplicity will refuse to work. Then, in any way the file is being read.
But, seems that duplicity may not know about a passphrase being informed by file and demands an input from the user if this not find this in the environment.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers