Bug#686298: RFS: obnam/1.1-1.1 [NMU] [RC]
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for an NMU fxing an RC bug
in the package "obnam". The RC bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680670
I reported myself is open and has a patch for two weeks now.
Although I tested the resulting package pretty
thoroughly (and obnam itself has a rather extensive test suite),
I would be glad if someone could review the patch. As this RC
bug fix naturally aims for wheezy, I changed only the absolute
minimum. Therefore, no new lintian tags are introduced, but also
no old ones are fixed.
As outlined in the bug report, users who added new encryption keys
to their backup repository need to re-add these keys in order for
them to be properly added. As this can't be automized (or at least
I can't figure out a save way to do it), I added a NEWS entry
including a proposal for a shell command to re-add all keys.
I hope the NEWS entry is comprehensible and properly worded.
* Package name : obnam
Version : 1.1-1.1
Maintainer : Lars Wirzenius <liw@liw.fi>
* URL : http://packages.debian.org/wheezy/obnam
Section : python
It builds those binary packages:
obnam - online and disk-based backup application
To access further information about this package, please visit the following URL:
http://mentors.debian.net/package/obnam
Alternatively, one can download the package with dget using this command:
dget -x http://mentors.debian.net/debian/pool/main/o/obnam/obnam_1.1-1.1.dsc
Changes in this version:
obnam (1.1-1.1) unstable; urgency=low
* Non-maintainer upload for RC bug.
* obnamlib/plugins/encryption_plugin.py: Reencrypt symmetric key with
added GPG keys when using add-key command line option (Closes: #680670)
Also adds a NEWS entry for this.
-- Mika Pflüger <debian@mikapflueger.de> Wed, 29 Aug 2012 22:11:16 +0200
The full debdiff is:
$ debdiff obnam_1.1-1.dsc obnam_1.1-1.1.dsc
only in patch2:
unchanged:
--- obnam-1.1.orig/debian/changelog
+++ obnam-1.1/debian/changelog
@@ -1,3 +1,12 @@
+obnam (1.1-1.1) unstable; urgency=low
+
+ * Non-maintainer upload for RC bug.
+ * obnamlib/plugins/encryption_plugin.py: Reencrypt symmetric key with
+ added GPG keys when using add-key command line option (Closes: #680670)
+ Also adds a NEWS entry for this.
+
+ -- Mika Pflüger <debian@mikapflueger.de> Wed, 29 Aug 2012 22:11:16 +0200
+
obnam (1.1-1) unstable; urgency=low
* New upstream version.
only in patch2:
unchanged:
--- obnam-1.1.orig/debian/NEWS
+++ obnam-1.1/debian/NEWS
@@ -0,0 +1,19 @@
+obnam (1.1-1.1) unstable; urgency=low
+
+ This release fixes a bug in the behaviour of the add-key subcommand.
+ In previous versions, "obnam add-key --keyid KEYID" did not
+ reencrypt the internal symmetric key with the new key. Therefore,
+ backups could only be restored with the first key, not with any
+ keys added via "obnam add-key".
+ This version fixes this, but all keys added with "obnam add-key"
+ have to be re-added in order to be able to restore from backup
+ using them.
+ To re-add all keys that were previously added to a given CLIENT,
+ use a shell loop like this:
+ $ for key in $(obnam list-keys|grep key|awk '{ print $2 }')
+ > do obnam add-key --keyid=${key} CLIENT
+ > done
+ It is always a good idea to afterwards test restoring from a machine
+ or user with access to the new keys only.
+
+ -- Mika Pflüger <debian@mikapflueger.de> Wed, 29 Aug 2012 22:11:16 +0200
only in patch2:
unchanged:
--- obnam-1.1.orig/obnamlib/plugins/encryption_plugin.py
+++ obnam-1.1/obnamlib/plugins/encryption_plugin.py
@@ -145,6 +145,10 @@
encrypted = self.filter_write(encoded, repo, toplevel)
pathname = os.path.join(toplevel, 'userkeys')
self._overwrite_file(repo, pathname, encrypted)
+ symmetric_key = self.get_symmetric_key(repo, toplevel)
+ encrypted_symmetric_key = obnamlib.encrypt_with_keyring(symmetric_key, keyring)
+ pathname = os.path.join(toplevel, 'key')
+ self._overwrite_file(repo, pathname, encrypted_symmetric_key)
def add_to_userkeys(self, repo, toplevel, public_key):
userkeys = self.read_keyring(repo, toplevel)
Cheers,
Mika Pflüger
Reply to: