Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

'command' options for gpg + --no-use-agent

  • Loading branch information...
commit 02d5e6ac644b832741143a0722a5f8c9a3ff78ac 1 parent 9297a54
@vitaly vitaly authored
View
3  .gitignore
@@ -4,4 +4,5 @@ coverage
rdoc
pkg
tmp
-*~
+*~
+tags
View
4 CHANGELOG
@@ -1,3 +1,7 @@
+0.2.7
+
+* default options for gpg now include '--no-use-agent'
+* support for 'command' option for gpg
* quote values in mysql password file
* add 'lib' to $:
* [EXPERIMENTAL] Rackspace Cloud Files support
View
11 README.markdown
@@ -66,6 +66,15 @@ If you want to encrypt your backups you have 2 options:
* use simple password encryption
* use GPG public key encryption
+> IMPORTANT: some gpg installations automatically set 'use-agent' option in the default
+> configuration file that is created when you run gpg for the first time. This will cause
+> gpg to fail on the 2nd run if you don't have the agent running. The result is that
+> 'astrails-safe' will work ONCE when you manually test it and then fail on any subsequent run.
+> The solution is to remove the 'use-agent' from the config file (usually /root/.gnupg/gpg.conf)
+> To mitigate this problem for the gpg 1.x series '--no-use-agent' option is added by defaults
+> to the autogenerated config file, but for gpg2 is doesn't work. as the manpage says it:
+> "This is dummy option. gpg2 always requires the agent." :(
+
For simple password, just add password entry in gpg section.
For public key encryption you will need to create a public/secret keypair.
@@ -153,6 +162,8 @@ Example configuration
end
gpg do
+ command "/usr/local/bin/gpg"
+ options "--no-use-agent"
# symmetric encryption key
# password "qwe"
View
28 examples/unit/gpg_example.rb
@@ -102,28 +102,38 @@ def gpg(config = {}, backup = def_backup)
describe :pipe do
describe "with key" do
- before(:each) do
- @gpg = gpg(:gpg => {:key => "foo", :options => "GPG-OPT"}, :options => "OPT")
+ def kgpg(extra={})
+ gpg({:gpg => {:key => "foo", :options => "GPG-OPT"}.merge(extra), :options => "OPT"})
end
it "should not call gpg_password_file" do
- dont_allow(@gpg).gpg_password_file(anything)
- @gpg.send(:pipe)
+ g = kgpg
+ dont_allow(g).gpg_password_file(anything)
+ g.send(:pipe)
end
it "should use '-r' and :options" do
- @gpg.send(:pipe).should == "|gpg GPG-OPT -e -r foo"
+ kgpg.send(:pipe).should == "|gpg GPG-OPT -e -r foo"
+ end
+
+ it "should use the 'command' options" do
+ kgpg(:command => 'other-gpg').send(:pipe).should == "|other-gpg GPG-OPT -e -r foo"
end
end
describe "with password" do
- before(:each) do
- @gpg = gpg(:gpg => {:password => "bar", :options => "GPG-OPT"}, :options => "OPT")
- stub(@gpg).gpg_password_file(anything) {"pass-file"}
+ def pgpg(extra = {})
+ returning(gpg({:gpg => {:password => "bar", :options => "GPG-OPT"}.merge(extra), :options => "OPT"})) do |g|
+ stub(g).gpg_password_file(anything) {"pass-file"}
+ end
end
it "should use '--passphrase-file' and :options" do
- @gpg.send(:pipe).should == "|gpg GPG-OPT -c --passphrase-file pass-file"
+ pgpg.send(:pipe).should == "|gpg GPG-OPT -c --passphrase-file pass-file"
+ end
+
+ it "should use the 'command' options" do
+ pgpg(:command => 'other-gpg').send(:pipe).should == "|other-gpg GPG-OPT -c --passphrase-file pass-file"
end
end
end
View
2  lib/astrails/safe/config/builder.rb
@@ -3,7 +3,7 @@ module Safe
module Config
class Builder
COLLECTIONS = %w/database archive repo/
- ITEMS = %w/s3 cloudfiles key secret bucket api_key container service_net path gpg password keep local mysqldump pgdump options
+ ITEMS = %w/s3 cloudfiles key secret bucket api_key container service_net path gpg password keep local mysqldump pgdump command options
user host port socket skip_tables tar files exclude filename svndump repo_path sftp/
NAMES = COLLECTIONS + ITEMS
def initialize(node)
View
5 lib/astrails/safe/gpg.rb
@@ -9,10 +9,11 @@ def post_process
end
def pipe
+ command = @config[:gpg, :command] || 'gpg'
if key
- "|gpg #{@config[:gpg, :options]} -e -r #{key}"
+ "|#{command} #{@config[:gpg, :options]} -e -r #{key}"
elsif password
- "|gpg #{@config[:gpg,:options]} -c --passphrase-file #{gpg_password_file(password)}"
+ "|#{command} #{@config[:gpg, :options]} -c --passphrase-file #{gpg_password_file(password)}"
end
end
View
6 templates/script.rb
@@ -49,6 +49,12 @@
## uncomment to enable GPG encryption.
## Note: you can use public 'key' or symmetric password but not both!
# gpg do
+ # # you can specify your own gpg executable with the 'command' options
+ # # this can be useful for example to choose b/w gpg and gpg2 if both are installed
+ # # some gpg installations will automatically set 'use-agent' option in the
+ # # config file on the 1st run. see README for more details
+ # options "--no-use-agent"
+ # # command "/usr/local/bin/gpg"
# # key "backup@astrails.com"
# password "astrails"
# end
Please sign in to comment.
Something went wrong with that request. Please try again.