From 5b62cb070a8de8281b5b5d43ecb5d5d9812b4203 Mon Sep 17 00:00:00 2001 From: David Piggott Date: Mon, 30 Mar 2015 09:39:28 +0100 Subject: [PATCH] Pass passphrase through to all duplicity calls Empirical evidence (a failed cron job) shows that cleanup requires the passphrase (so it presumably needs to decrypt metadata), and though remove-older-than has been working fine without it, it won't do any harm to set it in case that changes or there are any special cases. --- management/backup.py | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/management/backup.py b/management/backup.py index c2145436..2285ee21 100755 --- a/management/backup.py +++ b/management/backup.py @@ -195,6 +195,9 @@ def perform_backup(full_backup): shell('check_call', ["/usr/sbin/service", "dovecot", "stop"]) shell('check_call', ["/usr/sbin/service", "postfix", "stop"]) + env_with_passphrase = { "PASSPHRASE" : + open(os.path.join(backup_dir, 'secret_key.txt')).read() + } # Update the backup mirror directory which mirrors the current # STORAGE_ROOT (but excluding the backups themselves!). try: @@ -206,10 +209,7 @@ def perform_backup(full_backup): env["STORAGE_ROOT"], "file://" + backup_encrypted_dir ], - env={ "PASSPHRASE" : open( - os.path.join(backup_dir, 'secret_key.txt') - ).read() } - ) + env_with_passphrase) finally: # Start services again. shell('check_call', ["/usr/sbin/service", "dovecot", "start"]) @@ -226,13 +226,21 @@ def perform_backup(full_backup): "%dD" % keep_backups_for_days, "--force", "file://" + backup_encrypted_dir - ]) + ], + env_with_passphrase) + + # From duplicity's manual: + # "This should only be necessary after a duplicity session fails or is + # aborted prematurely." + # That may be unlikely here but we may as well ensure we tidy up if + # that does happen - it might just have been a poorly timed reboot. shell('check_call', [ "/usr/bin/duplicity", "cleanup", "--force", "file://" + backup_encrypted_dir - ]) + ], + env_with_passphrase) # Execute a post-backup script that does the copying to a remote server. # Run as the STORAGE_USER user, not as root. Pass our settings in