Re: [Duplicity-talk] Newbie/General Questions

[edgar . soldin]

On 04.12.2011 22:37, SanskritFritz wrote:
> On Sun, Dec 4, 2011 at 2:01 PM, email builder<address@hidden>  wrote:
SNIP  
> > 2) When run with simple default, umm, to what GPG recipient does
> > the data get encrypted??  I am confused by this missing info.
>
> I dont understand this question.

if no --encrypt-key is give duplicity will assume you want to encrypt 
symmetrically. to disable encryption use --no-encryption .

> > a) I saw something about "symmetric encryption" and just learned for
> > the first time that GPG can do symmetric encryption.  In this case,
> > are you prompted for the passphrase interactively?  Can that be
> > automated (so it can be run from cron)?
>
> Yes, it is interactive, and well, with some (ugly) hacking it is
> possible to run from cron, but this is what asymmetric encryption is
> for.

not ugly at all . simply deliver the env var PASSPHRASE see man page chapter 
env vars.
 
> > b) Is using --encrypt-key the way I can make duplicity use Asymmetric
> > encryption?  In this case, does it use the public key from the current
> > user's keyring?
>
> I'll let others answer this, I use a wrapper for duplicity which hides
> such details from me.

yes as described above.
use --gpg-options to pass options to gpg (see gpg manpage), like a different 
keyring. duplicity internally call command line gpg, hence all gpg defaults 
apply to duplicity.

> > 3) I'm a little confused by the concept of "sets" and the need to
> > remove sets of a certain age, etc.  My goal is to find a way to back
> > up some user data in its current state, no need to keep track of the
> > historical state of that data.... well, as long as it takes extra storage,
> > which I assume it does, yes?
>
> There is no need to remove any sets. But after a while your chain of
> sets will be pretty long, which makes it slow to restore any data.
> Hence it is recommended to do full backups time to time, and delete
> old sets after. Having said that, I never do that, I always keep all
> my backups, and duplicity handles it just fine :)

that's standard backup methodology. backups should protect from accidential 
deletion or hidden data corruption as well, which you might notice as late as 
after several backups.
 
> > a) Is there a way to do what I thought traditional rsync does - just
> > keep a mirror of my current data and no historical information?  What
> > options do I need to do this?
>
> That is what rsync is for, right? Duplicity cannot mirror AFAIK, it
> packs your files into archive sets.

check rdiffdir which comes with duplicity. it is unfortunately not encrypted.

SNIP
> > 4) Tips on good backup locations... anyone used duplicity with
> > box.net or similar services?
>
> Yes, I used webdav, works great. You may also try mydrive.ch, it
> offers 2GB with unlimited traffic. I do regular backups on it via
> webdav. There were some problems with webdav in the past, seems all
> bugs affecting webdav are now ironed out. Keep in mind, webdav server
> implementations dont follow the standards exactly, hence expect
> hitches sometimes.

there are currently problems with box.net afaik .. all current backends can be 
considered stable, there is a new one in the pipeline for rapidshare.
generally you should set up your backup work flow and do regular verification 
and some restores in the starting period to check if everything checks out.

remember, a backup is successful only after a successful restore.

> > Should I split this email into one for each question topic?
> Yes, please. Oops, too late now :) Or is it?

nope, this would have been 8 messages.. you could have of course played around 
with duplicity and gpg first to find out about a(synchronous) encryption and 
passphrase prompts for yourself ;)

ede/duply.net