* [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error. @ 2018-07-29 15:41 Christopher Baines 2018-08-04 7:49 ` bug#32303: " Christopher Baines 2018-08-07 16:56 ` [bug#32303] " Leo Famulari 0 siblings, 2 replies; 6+ messages in thread From: Christopher Baines @ 2018-07-29 15:41 UTC (permalink / raw) To: 32303 Modify the package to patch gnu.py with an unreleased upstream change to fix duplicity working with recent releases of GnuPG. This change make the package build again. * gnu/packages/backup.scm (duplicity)[arguments]: Patch gnu.py within the patch-source phase. --- gnu/packages/backup.scm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 9884f58fc..0733d9c34 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -105,6 +105,15 @@ (substitute* "duplicity/gpginterface.py" (("self.call = 'gpg'") (string-append "self.call = '" (assoc-ref inputs "gnupg") "/bin/gpg'"))) + + ;; This matches up with an unreleased upstream fix, it should be + ;; removed when the package is updated + ;; https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/revision/1308 + (substitute* "duplicity/gpg.py" + (("--no-secmem-warning'\\)") + "--no-secmem-warning') + gnupg.options.extra_args.append('--ignore-mdc-error')")) + (substitute* '("testing/functional/__init__.py" "testing/overrides/bin/lftp") (("/bin/sh") (which "sh"))) -- 2.18.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#32303: [PATCH] gnu: Patch duplicity with --ignore-mdc-error. 2018-07-29 15:41 [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error Christopher Baines @ 2018-08-04 7:49 ` Christopher Baines 2018-08-07 16:56 ` [bug#32303] " Leo Famulari 1 sibling, 0 replies; 6+ messages in thread From: Christopher Baines @ 2018-08-04 7:49 UTC (permalink / raw) To: 32303-done [-- Attachment #1: Type: text/plain, Size: 419 bytes --] Christopher Baines <mail@cbaines.net> writes: > Modify the package to patch gnu.py with an unreleased upstream change to fix > duplicity working with recent releases of GnuPG. This change make the package > build again. > > * gnu/packages/backup.scm (duplicity)[arguments]: Patch gnu.py within the > patch-source phase. > --- > gnu/packages/backup.scm | 9 +++++++++ > 1 file changed, 9 insertions(+) Pushed now :) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 962 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error. 2018-07-29 15:41 [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error Christopher Baines 2018-08-04 7:49 ` bug#32303: " Christopher Baines @ 2018-08-07 16:56 ` Leo Famulari 2018-08-19 19:46 ` Christopher Baines 1 sibling, 1 reply; 6+ messages in thread From: Leo Famulari @ 2018-08-07 16:56 UTC (permalink / raw) To: Christopher Baines; +Cc: 32303 [-- Attachment #1: Type: text/plain, Size: 1280 bytes --] On Sun, Jul 29, 2018 at 04:41:52PM +0100, Christopher Baines wrote: > Modify the package to patch gnu.py with an unreleased upstream change to fix > duplicity working with recent releases of GnuPG. This change make the package > build again. > > + gnupg.options.extra_args.append('--ignore-mdc-error')")) Thanks for taking care of this package. I'm concerned about the impact of this change, and Duplicity in general. By ignoring the result of the MDC (modification detection code) check, I *think* Duplicity loses the ability to authenticate its archives. If so, the Duplicity package description should be changed to reflect this. I would at least remove the text about safety against modification. Also and FYI, Duplicity uses the MD4 message digest truncated to 64 bits (via librsync) to identify chunks for deduplication. [0] MD4 collisions are trivial to generate. It's not totally reasonable to remove packages like backup programs since, in the future, people will want to read the archives they have created. But perhaps we should steer users away from Duplicity in the package description. [0] See: <https://bugs.launchpad.net/duplicity/+bug/1342721> ... also briefly discussed in our bug tracker: <https://bugs.gnu.org/30448> [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error. 2018-08-07 16:56 ` [bug#32303] " Leo Famulari @ 2018-08-19 19:46 ` Christopher Baines 2018-08-22 21:05 ` Leo Famulari 0 siblings, 1 reply; 6+ messages in thread From: Christopher Baines @ 2018-08-19 19:46 UTC (permalink / raw) To: Leo Famulari; +Cc: 32303 [-- Attachment #1: Type: text/plain, Size: 1859 bytes --] Leo Famulari <leo@famulari.name> writes: > On Sun, Jul 29, 2018 at 04:41:52PM +0100, Christopher Baines wrote: >> Modify the package to patch gnu.py with an unreleased upstream change to fix >> duplicity working with recent releases of GnuPG. This change make the package >> build again. >> >> + gnupg.options.extra_args.append('--ignore-mdc-error')")) > > Thanks for taking care of this package. > > I'm concerned about the impact of this change, and Duplicity in general. > > By ignoring the result of the MDC (modification detection code) check, I > *think* Duplicity loses the ability to authenticate its archives. If so, > the Duplicity package description should be changed to reflect this. I > would at least remove the text about safety against modification. > > Also and FYI, Duplicity uses the MD4 message digest truncated to 64 bits > (via librsync) to identify chunks for deduplication. [0] MD4 collisions > are trivial to generate. Hmm, this does look like more of an issue that I anticipated. I was thinking that this was maybe to do with the tests alone, but checking the upstream change again, it looks like it effects general operation. > It's not totally reasonable to remove packages like backup programs > since, in the future, people will want to read the archives they have > created. But perhaps we should steer users away from Duplicity in the > package description. Yeah, removing the statement about "modification" in the description sounds like a good step. I don't know enough to add something more informative to the description though. One extra thing to note is that I use duplicity (well, not much) through Deja Dup, so if there is issues with duplicity to describe in the package description, it might be good to add something similar to the few packages that use duplicity. Thanks for looking in to this Leo :) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 962 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error. 2018-08-19 19:46 ` Christopher Baines @ 2018-08-22 21:05 ` Leo Famulari 2018-09-06 17:26 ` Leo Famulari 0 siblings, 1 reply; 6+ messages in thread From: Leo Famulari @ 2018-08-22 21:05 UTC (permalink / raw) To: Christopher Baines; +Cc: 32303 [-- Attachment #1: Type: text/plain, Size: 309 bytes --] On Sun, Aug 19, 2018 at 08:46:43PM +0100, Christopher Baines wrote: > Thanks for looking in to this Leo :) A few days ago, I sent an email to <duplicity-talk@nongnu.org> requesting clarification on how this affects Duplicity. I think my message is still waiting for moderation but hopefully it goes through. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error. 2018-08-22 21:05 ` Leo Famulari @ 2018-09-06 17:26 ` Leo Famulari 0 siblings, 0 replies; 6+ messages in thread From: Leo Famulari @ 2018-09-06 17:26 UTC (permalink / raw) To: Christopher Baines; +Cc: 32303 [-- Attachment #1: Type: text/plain, Size: 701 bytes --] On Wed, Aug 22, 2018 at 05:05:23PM -0400, Leo Famulari wrote: > A few days ago, I sent an email to <duplicity-talk@nongnu.org> > requesting clarification on how this affects Duplicity. I think my > message is still waiting for moderation but hopefully it goes through. The Duplicity project clarified the effect of this change on the integrity of the backup archives: "Duplicity does a hash of the entire file so the MDC is duplication of effort. [...] You are still protected by the hash stored in the manifest." [0] Based on that, I think the disabling of GnuPG's integrity check is not that important in this case. [0] https://lists.nongnu.org/archive/html/duplicity-talk/2018-09/msg00005.html [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-09-06 17:27 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-07-29 15:41 [bug#32303] [PATCH] gnu: Patch duplicity with --ignore-mdc-error Christopher Baines 2018-08-04 7:49 ` bug#32303: " Christopher Baines 2018-08-07 16:56 ` [bug#32303] " Leo Famulari 2018-08-19 19:46 ` Christopher Baines 2018-08-22 21:05 ` Leo Famulari 2018-09-06 17:26 ` Leo Famulari
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.