[Duplicity-talk] Problems with multiple --encrypt-key options

[Axel Beckert]

Hi,

some friend told me about duplicity and it seems to be the perfect
tool for backing up root servers to the untrusted backup space the
hosting provider offers. So I tried to use it on a Hetzner root server
shared between a few friends and tried to encrypt the backupped data
with the keys of all friends, so that any of them have access to the
backup.

I started playing around with backupping /etc and wrote the following
script (changed the key ids and credentials for this mail of course
:-):

---snip---
#!/bin/sh

PASSPHRASE='$passphrase' FTP_PASSWORD='$password' duplicity \
    --sign-key    BAC4BAC4 \
    --encrypt-key AAAAAAAA \
    --encrypt-key BBBBBBBB \
    --encrypt-key CCCCCCCC \
    --encrypt-key DDDDDDDD \
    --encrypt-key EEEEEEEE \
    --encrypt-key FFFFFFFF \
    /etc/ ftp://address@hidden/test/
---snap---

The 0.4.1 problem with empty directories on the backup medium was
workarounded quite fast. :-)

But even after fixing that problem by issuing "mkdir tmp" on the
backup medium, this script fails with the following backtrace:

---snip---
Traceback (most recent call last):
  File "/usr/bin/duplicity", line 358, in ?
    if __name__ == "__main__": main()
  File "/usr/bin/duplicity", line 352, in main
    else: incremental_backup(sig_chain)
  File "/usr/bin/duplicity", line 162, in incremental_backup
    bytes_written = write_multivol("inc", tarblock_iter, globals.backend)
  File "/usr/bin/duplicity", line 75, in write_multivol
    globals.gpg_profile)
  File "/usr/lib/python2.3/site-packages/duplicity/gpg.py", line 217, in 
GPGWriteFile
    to_gpg_fp.write(block_iter.get_footer())
IOError: [Errno 32] Broken pipe
---snap---

Exit code was 1.

If I remove all but one (or all) of the --encrypt-key options, it
works fine, but as soon as I use more than one of them, it fails. In
the man page, there is written:

---snip---
       --encrypt-key key
              When backing up, encrypt to the given  public  key, instead  of
              using symmetric (traditional) encryption.  Can be specified mul-
              tiple times.
---snap---

Have I misunderstood the part with "Can be specified multiple times"
or has the interface just changed so that the docs are out of date and
this case is handle differently?

Have looked through the archive back to January 2006 but haven't found
any similar problem report.

Haven't found any debug or verbosity switches in the man page. So I
can only guess that something with the GnuPG interface goes wrong.

The system is running Debian 3.1 (Sarge) amd64 with GnuPG
1.4.1-1.sarge6 and Duplicity 0.4.1-8. I also tried upgrading to a
backported version of Duplicity 0.4.2-10.1 of Debian 4.0 (Etch,
currently Testing), but that didn't help anything in this regard.

Any ideas what could have gone wrong or how I could debug the issue
more detailed?

                Kind regards, Axel
-- 
/~\                                    | Axel Beckert
\ /  Plain Text Ribbon Campaign        | address@hidden
 X   Say No to HTML in E-Mail and News | address@hidden
/ \                                    | http://abe.home.pages.de/