Re: [Duplicity-talk] Why does duplicity need to access my secret key ring?

[ry4an-duplicity]

On Sat, Jan 11, 2003 at 01:06:36AM -0800, Ben Escoto wrote:
> >>>>> "RB" == ry4an-duplicity  <address@hidden>
> >>>>> wrote the following on Fri, 10 Jan 2003 16:19:44 -0600
> 
>   RB> I'm backing up using duplicity, but I'm providing a password not
>   RB> associated with my public/private key pair.  Thus, so far as I
>   RB> understand it, there should be no reason for gpg, and thus
>   RB> duplicity, to access my secring.gpg.  I know I don't provide the
>   RB> password necessary to unlock the secring.gpg, so it can't be
>   RB> doing much with it.
> 
> This is probably a dumb suggestion, but is it possible you are just
> backing up your .gnupg directory?

You know, I wasn't thinking to exclude that which explains the stat and
readlink, but the requirement is still there even with it excluded.

>   RB> I ran a backup through strace to see if I could find the line
>   RB> where gpg is exec()ed in hopes of seeing how gpg was invoked,
>   RB> but since duplicity uses a python module that's dynamically
>   RB> linked to gpg there's no exec().
> 
> The duplicity's gpg.py module uses the GnuPGInterface.py module
> (written by Frank Tobin) which just exec's the gnupg binary.  There is
> no dynamic linking.

You're right.  I ran strace again with '-f' to track forks and now I can
see the gpg invocation.  It looks like gpg is throwing a warning on the
non-readable secring.gpg that gpg.py is taking to be fatal.  Perhaps I
can wrap gpg in a script that filters out the warning and associated
non-zero exit value.

I suppose I should talk to the gnupg folks about getting rid of the
secring.gpg check when symmetric encryption is used.

Thanks for your help,

-- 
Ry4an Brase - http://ry4an.org                                    /~\
'If you're not a rebel when you're 20 you've got no heart; if     \ /
 you're not establishment when you're 30 you've got no brain.'     X
             Join the ASCII ribbon campaign against HTML email    / \