Dear Lars,
I've prepared a package to fix this bug for internal use and also uploaded it to DELAYED/5. So if you manage to find some time to upload your Debian packages over the week-end you can superseed this upload. Otherwise my upload will fix this RC bug for squeeze. Regards. Gaudenz -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
only in patch2: unchanged: --- obnam-1.1.orig/tests/encryption-replaces-key.script +++ obnam-1.1/tests/encryption-replaces-key.script @@ -0,0 +1,41 @@ +#!/bin/sh +# Copyright 2011 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu + +gpgkey='3B1802F81B321347' +fingerprint='4E2AF28A3D824CF2B3F1FE733B1802F81B321347' +gpgkey2='DF3D13AA11E69900' + +# Make a backup with the default key ($gpgkey). +$SRCDIR/tests/backup --encrypt-with="$gpgkey" + +# Add new key. "rainyday" is the name of the client. +$SRCDIR/tests/obnam --encrypt-with="$gpgkey" add-key --keyid="$gpgkey2" \ + rainyday + +# Remove the old key. +$SRCDIR/tests/obnam --encrypt-with="$gpgkey2" remove-key --keyid="$gpgkey" \ + rainyday + +# Remove the old key from the gpg keyring. +export GNUPGHOME="$DATADIR/gpg" +gpg --batch --delete-secret-key "$fingerprint" + +# Verify that the backup is still readable, now with the new key. +$SRCDIR/tests/restore --encrypt-with="$gpgkey2" +$SRCDIR/tests/verify + only in patch2: unchanged: --- obnam-1.1.orig/obnamlib/plugins/encryption_plugin.py +++ obnam-1.1/obnamlib/plugins/encryption_plugin.py @@ -161,6 +161,12 @@ logging.debug('unable to remove key %s from %s (not there)' % (keyid, toplevel)) + def rewrite_symmetric_key(self, repo, toplevel): + symmetric_key = self.get_symmetric_key(repo, toplevel) + userkeys = self.read_keyring(repo, toplevel) + encrypted = obnamlib.encrypt_with_keyring(symmetric_key, userkeys) + self._overwrite_file(repo, os.path.join(toplevel, 'key'), encrypted) + def add_client(self, clientlist, client_name): clientlist.set_client_keyid(client_name, self.keyid) @@ -233,6 +239,7 @@ clients = self._find_clientdirs(repo, args) for toplevel in self._shared + clients: self.add_to_userkeys(repo, toplevel, key) + self.rewrite_symmetric_key(repo, toplevel) def remove_key(self, args): '''Remove a key from the repository.''' @@ -244,6 +251,7 @@ clients = self._find_clientdirs(repo, args) for toplevel in self._shared + clients: self.remove_from_userkeys(repo, toplevel, keyid) + self.rewrite_symmetric_key(repo, toplevel) def remove_client(self, args): '''Remove client and its key from repository.''' only in patch2: unchanged: --- obnam-1.1.orig/debian/changelog +++ obnam-1.1/debian/changelog @@ -1,3 +1,10 @@ +obnam (1.1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix encription key handling (Closes: #680670) + + -- Gaudenz Steinlin <gaud...@debian.org> Thu, 20 Sep 2012 16:22:16 +0200 + obnam (1.1-1) unstable; urgency=low * New upstream version. only in patch2: unchanged: --- obnam-1.1.orig/debian/rules +++ obnam-1.1/debian/rules @@ -3,6 +3,8 @@ dh $@ --with=python2 --with-buildsystem=python_distutils override_dh_auto_test: + # fix test permission due to diff not representing permissions + chmod 755 tests/encryption-replaces-key.script python setup.py build_ext -i rm -rf build cp -a test-gpghome temp.gpghome
signature.asc
Description: Digital signature
