diff options
| -rwxr-xr-x | sh/upd | 32 |
1 files changed, 28 insertions, 4 deletions
@@ -86,17 +86,41 @@ backup () { # https://wiki.archlinux.org/title/Duplicity # Need // for absolute path, see manpage URL FORMAT section. If not use //, will store to /home/xyz/home/xyz/... # --files-from has a bug, this bug makes source url that is / not working while /home works, more see vq notes - # --use-agent not working when ssh to pp and insp, works on insp, not sure why # --use-agent maybe timeout on gpg key and failed when do full backup, maybe due to key stored in gpg agent timeout, so I'm not using --use-agent on insp now - sudo duplicity --ssh-askpass --encrypt-key 9790577D2BE328D46838117ED3F54FE03F3C68D6 --sign-key 05899270DF25BB1EEDF57BE824F769E5D08C9E9A --full-if-older-than 2Y --include /etc/.cfgs --include /root/archive --include /root/programs --include-filelist "/home/xyz/.config/myconf/upd_rsync_files" --exclude / / "sftp://xyz@ib.flylightning.xyz//home/xyz/backup/master" + # + # maybe due to upgrade duplicity from 3.0.5.1-1 to 3.0.6-1 at + # 2025-11-05T16:51:50+0800, without --use-agent will error gpg log "gpg: + # public key decryption failed: No passphrase given" and "gpg: + # decryption failed: No passphrase given", not sure why, maybe it is a + # bug. I decided to workaround it with --use-agent for now + sudo duplicity --ssh-askpass --use-agent --encrypt-key 9790577D2BE328D46838117ED3F54FE03F3C68D6 --sign-key 05899270DF25BB1EEDF57BE824F769E5D08C9E9A --full-if-older-than 2Y --include /etc/.cfgs --include /root/archive --include /root/programs --include-filelist "/home/xyz/.config/myconf/upd_rsync_files" --exclude / / "sftp://xyz@ib.flylightning.xyz//home/xyz/backup/master" # duplicity backup to ca - sudo duplicity --ssh-askpass --encrypt-key 9790577D2BE328D46838117ED3F54FE03F3C68D6 --sign-key 05899270DF25BB1EEDF57BE824F769E5D08C9E9A --full-if-older-than 2Y --include /etc/.cfgs --include /root/archive --include /root/programs --include-filelist "/home/xyz/.config/myconf/upd_rsync_files" --exclude / / "sftp://xyz@ca.flylightning.xyz//home/xyz/backup/master" + sudo duplicity --ssh-askpass --use-agent --encrypt-key 9790577D2BE328D46838117ED3F54FE03F3C68D6 --sign-key 05899270DF25BB1EEDF57BE824F769E5D08C9E9A --full-if-older-than 2Y --include /etc/.cfgs --include /root/archive --include /root/programs --include-filelist "/home/xyz/.config/myconf/upd_rsync_files" --exclude / / "sftp://xyz@ca.flylightning.xyz//home/xyz/backup/master" fi if [ "$hostname" = xyzpp ]; then # duplicity backup to ib - sudo duplicity --ssh-askpass --encrypt-key 9790577D2BE328D46838117ED3F54FE03F3C68D6 --sign-key 05899270DF25BB1EEDF57BE824F769E5D08C9E9A --full-if-older-than 2Y --include /etc/.cfgs --include-filelist "/home/xyz/.config/myconf/upd_rsync_files" --exclude / / "sftp://xyz@ib.flylightning.xyz//home/xyz/backup/pp" + # + # --use-agent not working when ssh to pp and insp, works on insp, not + # sure why. The gpg error logs are "gpg: public key decryption failed: + # Inappropriate ioctl for device" and "gpg: decryption failed: + # Inappropriate ioctl for device". It seems related to I did not put + # `export GPG_TTY=$(tty)` in pp xyz user's .profile, putting that in + # .profile is suggested in `man gpg-agent`. After putting that, test + # with `echo | gpg -s >/dev/null` works. but `echo | sudo gpg -s > + # /dev/null` does not work even if I put `export GPG_TTY=$(tty)` in + # root user's .profile file. `sudo -i` then `echo | gpg -s >/dev/null` + # works for root if put `export GPG_TTY=$(tty)` in root .profile. With + # sudo, it needs `sudo --preserve-env=GPG_TTY`, test with `echo | sudo + # --preserve-env=GPG_TTY gpg -s >/dev/null` works even if I do not put + # `export GPG_TTY=$(tty)` in root .profile. using `sudo + # --preserve-env=GPG_TTY` with `duplicity --use-agent` for pp also + # works. However, using `sudo --preserve-env=GPG_TTY` may be not secure + # because I noticed that root user's `tty` output is different, but my + # root user and xyz user's gpg keys are the same, so whatever for now. + # There maybe a better way instead. + sudo --preserve-env=GPG_TTY duplicity --ssh-askpass --use-agent --encrypt-key 9790577D2BE328D46838117ED3F54FE03F3C68D6 --sign-key 05899270DF25BB1EEDF57BE824F769E5D08C9E9A --full-if-older-than 2Y --include /etc/.cfgs --include-filelist "/home/xyz/.config/myconf/upd_rsync_files" --exclude / / "sftp://xyz@ib.flylightning.xyz//home/xyz/backup/pp" # pp no need duplicity backup to ca, because 321 backup rule is already # satisfied: pp files in ~/.config/myconf/upd_rsync_files are backed up # in pp, insp, and ib duplicity; pp /etc/.cfgs is backed up in pp, insp |