search

digint / btrbk

Tool for creating snapshots and remote backups of btrfs subvolumes
https://digint.ch/btrbk/
GNU General Public License v3.0
1.64k stars 120 forks source link

support multiple gpg recipients #475

Closed sbrudenell closed 2 years ago

sbrudenell commented 2 years ago

Closes #471

I'm not sure if there's a test suite somewhere. I tested this manually, with my own keys:

gpg_recipient 0xFE592029B2CB9D04, 0x056283685218FA8B
gpg_recipient 0xFE592029B2CB9D04
# no gpg_recipient

All produce expected results.

sbrudenell commented 2 years ago

I deliberately used split without allow_multiple. I do want the recipient list to be overwritten with each encounter of gpg_recipients.

digint commented 2 years ago

Rebased your pull request to master (where I just cleaned up "split" in the config definitions).

Also added --no-default-recipient, which seems to be a good thing (see commit message). Did not test this at all besides looking at the commands emitted, but looks good to me:

### (dryrun) btrfs-send '/tmp/source/svol.20220529T1713' | gpg --batch --no-tty --no-random-seed-file --trust-model always --no-default-recipient --recipient axel@example.com --recipient btrbk@example.com --encrypt | dd status=none bs=128K of='/tmp/target/svol.20220529T1713.btrfs.gpg'

Please tell me if it works for you, I will gladly merge this for the next release (soonish). Thanks for contributing!

sbrudenell commented 2 years ago

Looks good to me!

gpg supports so many different workflows, it seems likely that someone somewhere does not want --no-default-recipient. But I agree it's probably safer to use it.

digint commented 2 years ago

Yes, gpg is a bitch in that regard, let's hope we are not breaking any workflow with this. Sadly I have almost no test suite for btrbk (started some work on tests long time ago, but the fact that it's messing around with my filesystem with root permissions is a very scary thing, and starting virtual machines for this is tedious). I'm not using gpg any more, using symmetric keys these days, works nicely.

Merged to master in b824d62449e8e4fbd72e25e9811c086c15fac2d7 a70248376f3b01cb0219a20a02b256e8f195d2a0 a062f4234481e7397a7e469ee139dfb485c77e75

sbrudenell commented 2 years ago

Sadly I have almost no test suite for btrbk (started some work on tests long time ago, but the fact that it's messing around with my filesystem with root permissions is a very scary thing, and starting virtual machines for this is tedious).

We should definitely have tests :) it's scary to run backup software without them.

Have you considered using docker container to run tests? It could create a btrfs volume using a loopback device on tmpfs, or something similar. All the methods I can think of would require special options (in this example, SYS_ADMIN is need to mount the volume), but I think you could get such tests to run on GitHub actions.