5

这是我在 stackoverflow 上的第一个问题,所以我希望它会遵守社区准则:

我已经基于已经存在的映像构建了一个 docker映像,该映像的唯一目的是在容器中运行 duplicity 以将文件和文件夹备份到欧洲的 Amazon S3 存储桶。

Duplicity 在图像生成的容器内手动运行时工作了几天。现在我继续通过带有CoreOS的主机上的单元文件运行容器并且事情不再起作用-但是该命令也不起作用它我在重复容器中手动运行它..

运行命令:

 docker run --rm  --env-file=<my backup env file>.env --name=<container image> -v <cache container>:/home/duplicity/.cache/duplicity -v <docker volume with gpg keys>:/home/duplicity/.gnupg --volumes-from <docker container of interest> gymnae/duplicity

env 文件包含以下内容:

PASSPHRASE=<my super secret passphrase>
AWS_ACCESS_KEY_ID=<my aws access key id>
AWS_SECRET_ACCESS_KEY=<my aws access key>
SOURCE_PATH=<where does the data come from>
REMOTE_URL=s3://s3.eu-central-1.amazonaws.com/<my bucket>
PARAMS_CLEAN="--remove-older-than 3M --force --extra-clean"
ENCRYPT_KEY=<derived from the gpg key>

init.sh调用的docker run看起来像这样:

#!/bin/sh
duplicity \
         --verbosity 8 \
         --s3-use-ia \
         --s3-use-new-style  \
         --s3-use-server-side-encryption \
         --s3-european-buckets \
         --allow-source-mismatch \
         --ssl-no-check-certificate \
         --s3-unencrypted-connection \
         --volsize 150 \
         --gpg-options "--no-tty" \
         --encrypt-key $ENCRYPT_KEY \
         --sign-key $ENCRYPT_KEY \
        $SOURCE_PATH \
        $REMOTE_URL

我尝试使用-i,-it-tjust -d- 但结果始终相同:

===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====

GPG error detail: Traceback (most recent call last):
  File "/usr/bin/duplicity", line 1532, in <module>
    with_tempdir(main)
  File "/usr/bin/duplicity", line 1526, in with_tempdir
    fn()
  File "/usr/bin/duplicity", line 1380, in main
    do_backup(action)
  File "/usr/bin/duplicity", line 1508, in do_backup
    incremental_backup(sig_chain)
  File "/usr/bin/duplicity", line 662, in incremental_backup
    globals.backend)
  File "/usr/bin/duplicity", line 425, in write_multivol
    at_end = gpg.GPGWriteFile(tarblock_iter, tdp.name, globals.gpg_profile, globals.volsize)
  File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 356, in GPGWriteFile
    file.close()
  File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 241, in close
    self.gpg_failed()
  File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 226, in gpg_failed
    raise GPGError(msg)
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====

Not a ttygpg 尝试签名时出现的这个错误很奇怪。

以前这似乎不是问题,或者我在深夜班上疯狂打字,它曾经工作过,但现在它不想再工作了。

4

1 回答 1

8

对于任何因同样问题而苦苦挣扎的人,感谢duply https://sourceforge.net/p/ftplicity/bugs/76/#74c5的开发者,我找到了答案

简而言之,您需要GPG_OPTS='--pinentry-mode loopback'从 gpg 2.1 开始添加并添加allow-loopback-pinentry.gnupg/gpg-agent.conf

这让我更接近工作设置。

于 2016-04-04T18:32:44.123 回答