severity 842552 minor thanks On Sun, 30 Oct 2016 16:54:12 +0500, Andrey Rahmatullin writes: >Only gnupg version 2.1.15-8.
this is a known issue in gpg2: gpg2 no longer properly honors --passphrase-fd, well, or at least it's not honoring it the way the documentation indicates. duplicity needs that to feed gpg the passphrase for signing and/or decryption. (fine print: according to the manual, gpg2 honors --passphrase-fd X only if --batch is given; looks like duplicity does that already. what the gpg2 docs don't say is that --passphrase-fd works ONLY if pinentry-mode loopback is also requested. i think this omission from the docs is a bug - see https://bugs.g10code.com/gnupg/issue1772 and also https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase ) workaround: a) for any passphrase priming (that doesn't involve a pinentry program) to be possible at all, gpg-agent must be configured to allow "loopback pinentry", which the manual for gpg-agent says is the default. b) until duplicity knows about the quirks of gpg2, you need to add the option --gpg-options="--pinentry-mode=loopback" to your duplicity invocation. i've just tested this here and it worked fine for a backup with sign key and passphrase on that key. i'll update the duplicity package with some more info about this, and will check with upstream - they have a few apparently related bugs open. regards az -- Alexander Zangerl + GPG Key 0xB963BD5F + http://snafu.priv.at/ Although the Buddhists will tell you that desire is the root of suffering, my personal experience leads me to point the finger at system administration. -- Philip Greenspun
signature.asc
Description: Digital Signature
