--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package obnam
The NMU uploaded to unstable fixes an RC bug. The patch is taken from
the upstream bazaar repository. There are no other changes beside this
bugfix and upstream test case verifying the bugfix passes.
Thanks Gaudenz
unblock obnam/1.1-1.1
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (800, 'testing'), (700, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
only in patch2:
unchanged:
--- obnam-1.1.orig/tests/encryption-replaces-key.script
+++ obnam-1.1/tests/encryption-replaces-key.script
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Copyright 2011 Lars Wirzenius
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -eu
+
+gpgkey='3B1802F81B321347'
+fingerprint='4E2AF28A3D824CF2B3F1FE733B1802F81B321347'
+gpgkey2='DF3D13AA11E69900'
+
+# Make a backup with the default key ($gpgkey).
+$SRCDIR/tests/backup --encrypt-with="$gpgkey"
+
+# Add new key. "rainyday" is the name of the client.
+$SRCDIR/tests/obnam --encrypt-with="$gpgkey" add-key --keyid="$gpgkey2" \
+ rainyday
+
+# Remove the old key.
+$SRCDIR/tests/obnam --encrypt-with="$gpgkey2" remove-key --keyid="$gpgkey" \
+ rainyday
+
+# Remove the old key from the gpg keyring.
+export GNUPGHOME="$DATADIR/gpg"
+gpg --batch --delete-secret-key "$fingerprint"
+
+# Verify that the backup is still readable, now with the new key.
+$SRCDIR/tests/restore --encrypt-with="$gpgkey2"
+$SRCDIR/tests/verify
+
only in patch2:
unchanged:
--- obnam-1.1.orig/obnamlib/plugins/encryption_plugin.py
+++ obnam-1.1/obnamlib/plugins/encryption_plugin.py
@@ -161,6 +161,12 @@
logging.debug('unable to remove key %s from %s (not there)' %
(keyid, toplevel))
+ def rewrite_symmetric_key(self, repo, toplevel):
+ symmetric_key = self.get_symmetric_key(repo, toplevel)
+ userkeys = self.read_keyring(repo, toplevel)
+ encrypted = obnamlib.encrypt_with_keyring(symmetric_key, userkeys)
+ self._overwrite_file(repo, os.path.join(toplevel, 'key'), encrypted)
+
def add_client(self, clientlist, client_name):
clientlist.set_client_keyid(client_name, self.keyid)
@@ -233,6 +239,7 @@
clients = self._find_clientdirs(repo, args)
for toplevel in self._shared + clients:
self.add_to_userkeys(repo, toplevel, key)
+ self.rewrite_symmetric_key(repo, toplevel)
def remove_key(self, args):
'''Remove a key from the repository.'''
@@ -244,6 +251,7 @@
clients = self._find_clientdirs(repo, args)
for toplevel in self._shared + clients:
self.remove_from_userkeys(repo, toplevel, keyid)
+ self.rewrite_symmetric_key(repo, toplevel)
def remove_client(self, args):
'''Remove client and its key from repository.'''
only in patch2:
unchanged:
--- obnam-1.1.orig/debian/changelog
+++ obnam-1.1/debian/changelog
@@ -1,3 +1,10 @@
+obnam (1.1-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix encription key handling (Closes: #680670)
+
+ -- Gaudenz Steinlin <gaudenz@debian.org> Thu, 20 Sep 2012 16:22:16 +0200
+
obnam (1.1-1) unstable; urgency=low
* New upstream version.
only in patch2:
unchanged:
--- obnam-1.1.orig/debian/rules
+++ obnam-1.1/debian/rules
@@ -3,6 +3,8 @@
dh $@ --with=python2 --with-buildsystem=python_distutils
override_dh_auto_test:
+ # fix test permission due to diff not representing permissions
+ chmod 755 tests/encryption-replaces-key.script
python setup.py build_ext -i
rm -rf build
cp -a test-gpghome temp.gpghome
--- End Message ---