1
I'm using duplicity to backup my Linux server (Ubuntu Server 16.04). Encryption is done with a GnuPG key. This has worked just fine, until the libgcrypt package was updated on 4 July. Since then I get the following error messages, whatever I try:
/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141: FutureWarning: CTR mode needs counter parameter, not IV
self._cipher = factory.new(key, *args, **kwargs)
And since the second time also this:
Datenträger wurde von Schlüssel D911EC2F, anstatt von 7210E89B unterschrieben
In English this should be: "Volume was signed by key D911EC2F, not 7210E89B"
gpg --list-keys tells me this:
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/7210E89B 2014-12-27
uid Server Backup
sub 4096R/D911EC2F 2014-12-27
duplicity is configured to use the key "7210E89B".
Now I'm confused. What happened? I haven't touched the system in any way. Did the upgrade of the lib-GnuPG package introduce a breaking change? Is it now confusing the two IDs of the same key (whatever that actually is, I'm not a GnuPG expert, just need it for the backup). And what does that have to do with the other error message about something with CTR?
duplicity version is 0.7.06, gpg is 1.4.20
libgcrypt20 was updated from 1.6.5-2ubuntu0.2 to 1.6.5-2ubuntu0.3
As I've found out I cannot undo that package update. Once a security update has been installed, it cannot be reverted ever. The old version is no longer available for installation ("E: Version '1.6.5-2ubuntu0.2' for 'libgcrypt20' was not found"), so I can't even try with the old version anymore. (Windows could actually do that, but that's not an option here.)
ygoe
Posted 2017-07-05T17:22:39.283
Reputation: 1 597
Update: I've deleted my existing backup files and started a new full backup. That worked without a problem. Not sure what had caused that issue but it's gone in a clean backup environment. – ygoe – 2017-07-08T20:04:18.747