#1140518 duplicity: no longer performs (incremental?) backups with OpenPGP encryption

Package:
duplicity
Source:
duplicity
Description:
encrypted bandwidth-efficient backup
Submitter:
Francesco Poli (wintermute)
Date:
2026-06-24 01:01:01 UTC
Severity:
normal
#1140518#5
Date:
2026-06-21 21:05:51 UTC
From:
To:
Hello there!

Since upgrading:

    [UPGRADE] duplicity:amd64 3.0.6.3-2 -> 3.0.8~dev5-1

I performed one full backup, but I could no longer perform incremental
backups with OpenPGP encryption:

    $ duplicity --encrypt-key 3E1C27E11F69BFFE --full-if-older-than 30D --include-filelist .duplicity.include . file://backup
    No valid action found. Will imply 'backup' because a path source was given and target is a url location.
    Reading globbing filelist .duplicity.include
    Local and Remote metadata are synchronized, no sync needed.
    Last full backup date: Fri Jun  5 18:45:22 2026
    Error processing remote file (duplicity-full.20260605T164522Z.manifest.gpg):
    Traceback (innermost last):
      File "/usr/lib/python3/dist-packages/duplicity/dup_collections.py", line 326, in get_remote_file
        remote_file_buffer = self.backend.get_data(remote_file)
      File "/usr/lib/python3/dist-packages/duplicity/backend.py", line 782, in get_data
        assert not fin.close(), "fin failed to close"
                   ~~~~~~~~~^^
      File "/usr/lib/python3/dist-packages/duplicity/dup_temp.py", line 248, in close
        assert not self.fileobj.close(), "self.fileobj failed to close"
                   ~~~~~~~~~~~~~~~~~~^^
      File "/usr/lib/python3/dist-packages/duplicity/gpg.py", line 324, in close
        self.gpg_failed()
        ~~~~~~~~~~~~~~~^^
      File "/usr/lib/python3/dist-packages/duplicity/gpg.py", line 291, in gpg_failed
        raise GPGError(msg)
     duplicity.gpg.GPGError: GPG Failed, see log below:
    ===== Begin GnuPG log =====
    gpg: encrypted with rsa4096 key, ID 0x12DFF4B093A5EC02, created 2010-12-08
    "Francesco Poli (wintermute) <invernomuto@paranoici.org>"
    gpg: using "0xCA0111479CD2EFDFFB8239253E1C27E11F69BFFE" as default secret key for signing
    gpg: public key decryption failed: No passphrase given
    gpg: decryption failed: No passphrase given
    ===== End GnuPG log =====


Please note that the previous version asked for the passphrase (which is
annoying, and I am not sure I understand why it needed to, as old versions
almost never had this need...). Now version 3.0.8~dev5-1 does not ask
for any passphrase, but complains that no passphrase was given and crashes!

Please fix this bug and/or forward this bug report upstream, as appropriate.

Thanks for your time and dedication!

#1140518#10
Date:
2026-06-21 21:24:11 UTC
From:
To:
[...]

Downgrading to duplicity/3.0.6.3-2 fixes the bug, hence it definitely
looks like a regression in package 'duplicity' (probably an upstream
one).

I hope it can be fixed soon.

#1140518#15
Date:
2026-06-22 01:27:20 UTC
From:
To:
On Sun, 21 Jun 2026 23:05:51 +0200, "Francesco Poli (wintermute)" writes:

since 3.0.6 you need to add --no-check-remote to your backup invocation
if you want asymmetric encryption (as evident from your command line).
that's documented in NEWS.Debian as a backwards-incompatible change that
upstream made.

it didn't ever actually need to, and it should never have tried to;
3.0.6 had some ugly hacks and special case code that attempted to guess
whether it should ask or not.

in 3.0.8 all the broken code was removed, but upstream has not given
up on the notion that decrypting all remote manifests on every backup
is a good idea, which is why --no-check-remote is required and will remain.

#1140518#20
Date:
2026-06-23 07:59:33 UTC
From:
To:
Hi Alexander,
thanks a lot for pointing this change out to me!

Shame on me, I didn't think to take a look at the NEWS.Debian file! I
should have checked there, before filing a bug report...

I can confirm that adding option '--no-check-remote' to the command
seems to make the incremental backups work again.

I mean: without option '--no-check-remote', duplicity wants to decrypt
remote manifests, before backing anything up.
OK, let's assume that the user agrees.
In order to let this happen, the user has to provide the secret key,
thus needing to enter the passphrase to unlock the secret key.
But duplicity does not manage to make GnuPG ask for a passphrase to
unlock the secret key, even in cases where the secret key is available
locally...

Should this bug report be reopened with severity lowered to 'normal'
and title set to something like 'duplicity: no longer makes GnuPG ask
for a passphrase, when needed' ?
What do you think?

Please let me know, thanks for your time and patience!

#1140518#25
Date:
2026-06-24 00:51:52 UTC
From:
To:
On Tue, 23 Jun 2026 09:59:33 +0200, Francesco Poli writes:

i don't think so, as the --no-check-remote option exists.

as far as i understand the relevant logic, the primary
assumption behind (force-)checking the remote manifests is
that you either use symmetric encryption, or encrypt and sign and
with gpg-agent fully primed and ready or with passphrase(s) preset via
the environment.
my interpretation is that upstream considers this case, where the
backup machine can be (and is) trusted, but maybe not the repository, is
the more critical they want to cover.

the asymmetric encrypt-only scenario (which i personally also definitely
require) reverses the trust assumptions, and needs no remote manifest
checking.

i'd say there is no bug as long as both scenarios remain supported
(or until one is cleanly retired).

(see also the section 'A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING' in
the duplicity manpage.)

regarding actual passphrase interaction i'm not certain what is and
isn't supported with what exact version of gpg2, with respect to
operation without gpg-agent. personally i don't use gpg2.