aboutsummaryrefslogtreecommitdiff
path: root/duply
diff options
context:
space:
mode:
authorSébastien Dailly <sebastien@chimrod.com>2020-09-05 15:14:15 +0200
committerSébastien Dailly <sebastien@chimrod.com>2020-09-05 15:14:15 +0200
commitfb179a46d07acb29fbe61c0a46753a7e70d5ea72 (patch)
tree4523b105c813d100794b676f3649c836fe160a85 /duply
parente2bed5b540cab47414488debdfb10ebd8421a21b (diff)
Update duply script
Diffstat (limited to 'duply')
-rw-r--r--duply/.duply/jdr/conf3
-rw-r--r--duply/.duply/music/conf2
-rw-r--r--duply/.duply/test/conf170
-rw-r--r--duply/.duply/test/exclude9
-rw-r--r--duply/scripts/duplicity/duply_common.sh7
5 files changed, 187 insertions, 4 deletions
diff --git a/duply/.duply/jdr/conf b/duply/.duply/jdr/conf
index 8874863..5353984 100644
--- a/duply/.duply/jdr/conf
+++ b/duply/.duply/jdr/conf
@@ -7,7 +7,7 @@ export PCA_OS_REGION_NAME=GRA
export HOT_OS_REGION_NAME=GRA
GPG_KEYS_ENC='2421BCBD56473645,933FFFBA5E8867338DF2FF645E23E7695299F9AB'
-USER_GPG_KEY_SIGN='F6859BC3CC712DF8'
+GPG_KEY_SIGN='F6859BC3CC712DF8'
# set if signing key passphrase differs from encryption (key) passphrase
# NOTE: available since duplicity 0.6.14, translates to SIGN_PASSPHRASE
#GPG_PW_SIGN='<signpass>'
@@ -26,4 +26,3 @@ USER_GPG_KEY_SIGN='F6859BC3CC712DF8'
#GPG_OPTS=''
. ~/scripts/duplicity/duply_common.sh
-
diff --git a/duply/.duply/music/conf b/duply/.duply/music/conf
index f3ca563..d1d726b 100644
--- a/duply/.duply/music/conf
+++ b/duply/.duply/music/conf
@@ -7,7 +7,7 @@ export PCA_OS_REGION_NAME=GRA
export HOT_OS_REGION_NAME=GRA
GPG_KEYS_ENC='2421BCBD56473645,933FFFBA5E8867338DF2FF645E23E7695299F9AB'
-USER_GPG_KEY_SIGN='F6859BC3CC712DF8'
+GPG_KEY_SIGN='F6859BC3CC712DF8'
# set if signing key passphrase differs from encryption (key) passphrase
# NOTE: available since duplicity 0.6.14, translates to SIGN_PASSPHRASE
#GPG_PW_SIGN='<signpass>'
diff --git a/duply/.duply/test/conf b/duply/.duply/test/conf
new file mode 100644
index 0000000..61fd85a
--- /dev/null
+++ b/duply/.duply/test/conf
@@ -0,0 +1,170 @@
+# gpg encryption settings, simple settings:
+# GPG_KEY='disabled' - disables encryption alltogether
+# GPG_KEY='<key1>[,<key2>]'; GPG_PW='pass' - encrypt with keys,
+# sign if secret key of key1 is available use GPG_PW for sign & decrypt
+# Note: you can specify keys via all methods described in gpg manpage,
+# section "How to specify a user ID", escape commas (,) via backslash (\)
+# e.g. 'Mueller, Horst', 'Bernd' -> 'Mueller\, Horst, Bernd'
+# as they are used to separate the entries
+# GPG_PW='passphrase' - symmetric encryption using passphrase only
+GPG_KEY='_KEY_ID_'
+GPG_PW='_GPG_PASSWORD_'
+# gpg encryption settings in detail (extended settings)
+# the above settings translate to the following more specific settings
+# GPG_KEYS_ENC='<keyid1>[,<keyid2>,...]' - list of pubkeys to encrypt to
+# GPG_KEY_SIGN='<keyid1>|disabled' - a secret key for signing
+# GPG_PW='<passphrase>' - needed for signing, decryption and symmetric
+# encryption. If you want to deliver different passphrases for e.g.
+# several keys or symmetric encryption plus key signing you can use
+# gpg-agent. Simply make sure that GPG_AGENT_INFO is set in environment.
+# also see "A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING" in duplicity manpage
+# notes on en/decryption
+# private key and passphrase will only be needed for decryption or signing.
+# decryption happens on restore and incrementals (compare archdir contents).
+# for security reasons it makes sense to separate the signing key from the
+# encryption keys. https://answers.launchpad.net/duplicity/+question/107216
+#GPG_KEYS_ENC='<pubkey1>,<pubkey2>,...'
+#GPG_KEY_SIGN='<prvkey>'
+# set if signing key passphrase differs from encryption (key) passphrase
+# NOTE: available since duplicity 0.6.14, translates to SIGN_PASSPHRASE
+#GPG_PW_SIGN='<signpass>'
+
+# uncomment and set a file path or name force duply to use this gpg executable
+# available in duplicity 0.7.04 and above (currently unreleased 06/2015)
+#GPG='/usr/local/gpg-2.1/bin/gpg'
+
+# gpg options passed from duplicity to gpg process (default='')
+# e.g. "--trust-model pgp|classic|direct|always"
+# or "--compress-algo=bzip2 --bzip2-compress-level=9"
+# or "--personal-cipher-preferences AES256,AES192,AES..."
+# or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
+# or "--pinentry-mode loopback" - needed for GPG 2.1+ _and_
+# also enable allow-loopback-pinentry in your .gnupg/gpg-agent.conf
+#GPG_OPTS=''
+
+# disable preliminary tests with the following setting
+#GPG_TEST='disabled'
+
+# backend, credentials & location of the backup target (URL-Format)
+# generic syntax is
+# scheme://[user[:password]@]host[:port]/[/]path
+# eg.
+# sftp://bob:secret@backupserver.com//home/bob/dupbkp
+# for details and available backends see duplicity manpage, section URL Format
+# http://duplicity.nongnu.org/duplicity.1.html#sect7
+# BE AWARE:
+# some backends (cloudfiles, S3 etc.) need additional env vars to be set to
+# work properly, read after the TARGET definition for more details.
+# ATTENTION:
+# characters other than A-Za-z0-9.-_.~ in the URL have to be
+# replaced by their url encoded pendants, see
+# http://en.wikipedia.org/wiki/Url_encoding
+# if you define the credentials as TARGET_USER, TARGET_PASS below duply
+# will try to url_encode them for you if the need arises.
+TARGET='scheme://user[:password]@host[:port]/[/]path'
+# optionally the username/password can be defined as extra variables
+# setting them here _and_ in TARGET results in an error
+# ATTENTION:
+# there are backends that do not support the user/pass auth scheme.
+# prominent examples are S3, Azure, Cloudfiles. when in doubt consult the
+# duplicity manpage. usually there is a NOTE section explaining if and which
+# env vars should be set.
+#TARGET_USER='_backend_username_'
+#TARGET_PASS='_backend_password_'
+# eg. for cloud files backend it might look like this (uncomment for use!)
+#export CLOUDFILES_USERNAME='someuser'
+#export CLOUDFILES_APIKEY='somekey'
+#export CLOUDFILES_AUTHURL ='someurl'
+# the following is an incomplete list (<backend>: comma separated env vars list)
+# Azure: AZURE_ACCOUNT_NAME, AZURE_ACCOUNT_KEY
+# Cloudfiles: CLOUDFILES_USERNAME, CLOUDFILES_APIKEY, CLOUDFILES_AUTHURL
+# Google Cloud Storage: GS_ACCESS_KEY_ID, GS_SECRET_ACCESS_KEY
+# Pydrive: GOOGLE_DRIVE_ACCOUNT_KEY, GOOGLE_DRIVE_SETTINGS
+# S3: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
+# Swift: SWIFT_USERNAME, SWIFT_PASSWORD, SWIFT_AUTHURL,
+# SWIFT_TENANTNAME OR SWIFT_PREAUTHURL, SWIFT_PREAUTHTOKEN
+
+# base directory to backup
+SOURCE='/path/of/source'
+
+# a command that runs duplicity e.g.
+# shape bandwidth use via trickle
+# "trickle -s -u 640 -d 5120" # 5Mb up, 40Mb down"
+#DUPL_PRECMD=""
+
+# override the used python interpreter, defaults to
+# - parsed result of duplicity's shebang or 'python2'
+# e.g. "python2" or "/usr/bin/python2.7"
+#PYTHON="python"
+
+# exclude folders containing exclusion file (since duplicity 0.5.14)
+# Uncomment the following two lines to enable this setting.
+#FILENAME='.duplicity-ignore'
+#DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'"
+
+# Time frame for old backups to keep, Used for the "purge" command.
+# see duplicity man page, chapter TIME_FORMATS)
+#MAX_AGE=1M
+
+# Number of full backups to keep. Used for the "purgeFull" command.
+# See duplicity man page, action "remove-all-but-n-full".
+#MAX_FULL_BACKUPS=1
+
+# Number of full backups for which incrementals will be kept for.
+# Used for the "purgeIncr" command.
+# See duplicity man page, action "remove-all-inc-of-but-n-full".
+#MAX_FULLS_WITH_INCRS=1
+
+# activates duplicity --full-if-older-than option (since duplicity v0.4.4.RC3)
+# forces a full backup if last full backup reaches a specified age, for the
+# format of MAX_FULLBKP_AGE see duplicity man page, chapter TIME_FORMATS
+# Uncomment the following two lines to enable this setting.
+#MAX_FULLBKP_AGE=1M
+#DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
+
+# sets duplicity --volsize option (available since v0.4.3.RC7)
+# set the size of backup chunks to VOLSIZE MB instead of the default 25MB.
+# VOLSIZE must be number of MB's to set the volume size to.
+# Uncomment the following two lines to enable this setting.
+#VOLSIZE=50
+#DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
+
+# verbosity of output (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
+# default is 4, if not set
+#VERBOSITY=5
+
+# temporary file space. at least the size of the biggest file in backup
+# for a successful restoration process. (default is '/tmp', if not set)
+#TEMP_DIR=/tmp
+
+# Modifies archive-dir option (since 0.6.0) Defines a folder that holds
+# unencrypted meta data of the backup, enabling new incrementals without the
+# need to decrypt backend metadata first. If empty or deleted somehow, the
+# private key and it's password are needed.
+# NOTE: This is confidential data. Put it somewhere safe. It can grow quite
+# big over time so you might want to put it not in the home dir.
+# default '~/.cache/duplicity/duply_<profile>/'
+# if set '${ARCH_DIR}/<profile>'
+#ARCH_DIR=/some/space/safe/.duply-cache
+
+# DEPRECATED setting
+# sets duplicity --time-separator option (since v0.4.4.RC2) to allow users
+# to change the time separator from ':' to another character that will work
+# on their system. HINT: For Windows SMB shares, use --time-separator='_'.
+# NOTE: '-' is not valid as it conflicts with date separator.
+# ATTENTION: only use this with duplicity < 0.5.10, since then default file
+# naming is compatible and this option is pending depreciation
+#DUPL_PARAMS="$DUPL_PARAMS --time-separator _ "
+
+# DEPRECATED setting
+# activates duplicity --short-filenames option, when uploading to a file
+# system that can't have filenames longer than 30 characters (e.g. Mac OS 8)
+# or have problems with ':' as part of the filename (e.g. Microsoft Windows)
+# ATTENTION: only use this with duplicity < 0.5.10, later versions default file
+# naming is compatible and this option is pending depreciation
+#DUPL_PARAMS="$DUPL_PARAMS --short-filenames "
+
+# more duplicity command line options can be added in the following way
+# don't forget to leave a separating space char at the end
+#DUPL_PARAMS="$DUPL_PARAMS --put_your_options_here "
+
diff --git a/duply/.duply/test/exclude b/duply/.duply/test/exclude
new file mode 100644
index 0000000..9558c66
--- /dev/null
+++ b/duply/.duply/test/exclude
@@ -0,0 +1,9 @@
+# although called exclude, this file is actually a globbing file list
+# duplicity accepts some globbing patterns, even including ones here
+# here is an example, this incl. only 'dir/bar' except it's subfolder 'foo'
+# - dir/bar/foo
+# + dir/bar
+# - **
+# for more details see duplicity manpage, section File Selection
+# http://duplicity.nongnu.org/duplicity.1.html#sect9
+
diff --git a/duply/scripts/duplicity/duply_common.sh b/duply/scripts/duplicity/duply_common.sh
index c2c330c..fed8481 100644
--- a/duply/scripts/duplicity/duply_common.sh
+++ b/duply/scripts/duplicity/duply_common.sh
@@ -8,6 +8,11 @@ function gpg_export_if_needed {
echo "Prevent GPG keys for beeing exported"
}
+# Always mark the secret key as available (do not try to import it)
+function gpg_sec_avail {
+ true
+}
+
# Override the read command with zenity
read() {
if command -v zenity &> /dev/null
@@ -24,4 +29,4 @@ read() {
TARGET="multi:${JSON_CONF}?mode=mirror&onfail=continue"
-DUPL_PARAMS="$DUPL_PARAMS --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_' --sign-key ${USER_GPG_KEY_SIGN} "
+DUPL_PARAMS="$DUPL_PARAMS --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_' "