On Tue, 31 Oct 2017 21:58:52 +1000 Alexander Zangerl wrote: [...] > On Sun, 29 Oct 2017 16:38:10 +0100, "Francesco Poli (wintermute)" writes: > >When doing so, duplicity (or maybe gpg) complains that it could not > >perform any decryption, since no passphrase was given: > > hmm.
Hello Alexander,
thanks for your prompt reply: it's really appreciated!
> i suspect the interaction of gpg v2.2, the gnupg-agent and
> some leftover/broken data in the local cache
> that duplicity thinks it needs to to decrypt before doing its backup job.
That is plausible, yes.
[...]
> 1. what does collection-status report?
$ duplicity collection-status file://backup
Last full backup date: Sun Oct 8 01:06:24 2017
Collection Status
-----------------
Connecting with backend: BackendWrapper
Archive dir: /home/XXXXX/.cache/duplicity/4ae0b7093d93097164a8831bfad7f9c8
Found 0 secondary backup chains.
Found primary backup chain with matching signature chain:
-------------------------
Chain start time: Sun Oct 8 01:06:24 2017
Chain end time: Sat Oct 28 23:49:27 2017
Number of contained backup sets: 4
Total number of contained volumes: 45
Type of backup set: Time: Num volumes:
Full Sun Oct 8 01:06:24 2017 42
Incremental Sun Oct 15 00:48:48 2017 1
Incremental Sat Oct 21 23:55:46 2017 1
Incremental Sat Oct 28 23:49:27 2017 1
-------------------------
No orphaned or incomplete backup sets found.
> does that also attempt to decrypt something and fail?
No decryption seems to be attempted or failed.
> does a cleanup improve matters?
$ duplicity cleanup file://backup
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sun Oct 8 01:06:24 2017
GnuPG passphrase for decryption:
No extraneous files found, nothing deleted in cleanup.
Please note that the cleanup successfully asked me to enter the
passphrase, I typed it in and no error was reported...
>
> 3. does a totally new backup to a different location, with an
> empty/new .cache/duplicity directory work?
> (alternative to nuking cache: --archive-dir <somewhere> in the
> invocation)
$ ls foo_*
foo_archive:
foo_backup:
foo_dir:
bar.txt
$ duplicity --archive-dir foo_archive --encrypt-key XXXXXXXXXXXXXXXX \
--full-if-older-than 30D foo_dir/ file://foo_backup
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
Last full backup is too old, forcing full backup
--------------[ Backup Statistics ]--------------
StartTime 1509556845.43 (Wed Nov 1 18:20:45 2017)
EndTime 1509556845.43 (Wed Nov 1 18:20:45 2017)
ElapsedTime 0.00 (0.00 seconds)
SourceFiles 2
SourceFileSize 4112 (4.02 KB)
NewFiles 2
NewFileSize 4112 (4.02 KB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 2
RawDeltaSize 16 (16 bytes)
TotalDestinationSizeChange 758 (758 bytes)
Errors 0
-------------------------------------------------
$ ls foo_*
foo_archive:
9b7a246ea177532c8cbb47369219fbfd
foo_backup:
duplicity-full.20171101T172045Z.manifest.gpg
duplicity-full.20171101T172045Z.vol1.difftar.gpg
duplicity-full-signatures.20171101T172045Z.sigtar.gpg
foo_dir:
bar.txt
$ duplicity --archive-dir foo_archive --encrypt-key XXXXXXXXXXXXXXXX \
--full-if-older-than 30D foo_dir/ file://foo_backup
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Wed Nov 1 18:20:45 2017
Error processing remote manifest
(duplicity-full.20171101T172045Z.manifest.gpg): GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: encrypted with 4096-bit RSA key, ID 0xXXXXXXXXXXXXXXXX, created
XXXX-XX-XX
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
gpg: public key decryption failed: No passphrase given
gpg: decryption failed: No secret key
===== End GnuPG log =====
--------------[ Backup Statistics ]--------------
StartTime 1509557143.63 (Wed Nov 1 18:25:43 2017)
EndTime 1509557143.63 (Wed Nov 1 18:25:43 2017)
ElapsedTime 0.00 (0.00 seconds)
SourceFiles 2
SourceFileSize 4121 (4.02 KB)
NewFiles 1
NewFileSize 4096 (4.00 KB)
DeletedFiles 0
ChangedFiles 1
ChangedFileSize 25 (25 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 2
RawDeltaSize 32 (32 bytes)
TotalDestinationSizeChange 777 (777 bytes)
Errors 0
-------------------------------------------------
As you can see, I get the same error while performing the first
incremental backup.
>
> 2. could you run another backup invocation with -v9 and attach the output?
> feel free to blank your keyid and other sensitives; the
> remaining fine print of what is being attempted when/why would be
> helpful.
Attached as duplicity.out
I cannot spot the error there, though... :-|
>
> 4. does your gnupg config contain anything special that might
> interfere with --pinentry-mode=loopback?
> most specifically, does your agent config contain
> anything like no-allow-loopback-pinentry?
$ grep -ir loopback ~/.gnupg/
returns no output.
>
> 5. does duplicity work correctly if you run it with --use-agent?
> see --use-agent in man duplicity; this directly affects who might
> ask for a passphrase, duplicity or gpg-agent.
$ duplicity --use-agent --archive-dir foo_archive \
--encrypt-key XXXXXXXXXXXXXXXX \
--full-if-older-than 30D foo_dir/ file://foo_backup
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Wed Nov 1 18:20:45 2017
Error processing remote manifest
(duplicity-inc.20171101T173204Z.to.20171101T173311Z.manifest.gpg): GPG Failed,
see log below:
===== Begin GnuPG log =====
gpg: encrypted with 4096-bit RSA key, ID 0xXXXXXXXXXXXXXXXX, created
XXXX-XX-XX
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
gpg: public key decryption failed: Inappropriate ioctl for device
gpg: decryption failed: No secret key
===== End GnuPG log =====
--------------[ Backup Statistics ]--------------
StartTime 1509558234.72 (Wed Nov 1 18:43:54 2017)
EndTime 1509558234.73 (Wed Nov 1 18:43:54 2017)
ElapsedTime 0.00 (0.00 seconds)
SourceFiles 2
SourceFileSize 4145 (4.05 KB)
NewFiles 1
NewFileSize 4096 (4.00 KB)
DeletedFiles 0
ChangedFiles 1
ChangedFileSize 49 (49 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 2
RawDeltaSize 56 (56 bytes)
TotalDestinationSizeChange 797 (797 bytes)
Errors 0
-------------------------------------------------
I again got an error, but a different one.
>
> 6. does the duplicity backup work if you run it from X?
Yes, it works, without even asking for a passphrase, which
is awkward:
$ duplicity --archive-dir foo_archive --encrypt-key XXXXXXXXXXXXXXXX \
--full-if-older-than 30D foo_dir/ file://foo_backup
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Wed Nov 1 18:20:45 2017
--------------[ Backup Statistics ]--------------
StartTime 1509558719.31 (Wed Nov 1 18:51:59 2017)
EndTime 1509558719.31 (Wed Nov 1 18:51:59 2017)
ElapsedTime 0.00 (0.00 seconds)
SourceFiles 3
SourceFileSize 4797 (4.68 KB)
NewFiles 2
NewFileSize 4748 (4.64 KB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 2
RawDeltaSize 652 (652 bytes)
TotalDestinationSizeChange 1439 (1.41 KB)
Errors 0
-------------------------------------------------
>
> 7. does gnupg sign work if you run it from a non-X console,
> like where your failing duplicity was run?
No, it doesn't!
$ gpg --sign bar.txt
gpg: using "XXXXXXXXXXXXXXXX" as default secret key for signing
gpg: signing failed: Permission denied
gpg: signing failed: Permission denied
It instead works flawlessly under X...
Please let me know, in case you need any more information.
Otherwise, please drop the "moreinfo" tag.
Thanks a lot for any help you may provide.
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
duplicity.out
Description: Binary data
pgpmo6CjAgaQH.pgp
Description: PGP signature
