+++ /dev/null
-#+date 2016-06-09 20:41:06 +0800
-#+title obnam multi client encrypted backups
-
-Trying to configure [[http://obnam.org][obnam]] to use one repository
-for 3 clients using encryption has been a bit of search.
-
-Initialising the first client was straightforward. I simply set it up to
-use a gpg key for encryption per the manual. Since that key is only used
-for encrypting backups from this client, making it not have a passphrase
-seemed to be a good option.
-
-For the next client, things got a bit trickier. Since the backup
-repository is now encrypted, that client couldn't access it. The
-solution I ended up with was to temporarily ensure client 2 has access
-to client 1's secret key too.
-
-On client 1: =gpg --export-secret-key -a LONG_KEY > client1.private.key=
-
-That file I had to copy to the other client, and import it using:
-
-On client 2: =gpg --import client1.private.key=
-
-Now I could configure this client with its own gpg key and perform an
-initial backup.
-
-After this, client 1's secret key can be removed again:
-=gpg --delete-secret-key LONG_KEY= followed by
-=gpg --delete-key LONG_KEY=.
-
-(Not removing it defeats the purpose of having a specific key per
-client - the workaround above doesn't seem entirely sensible from that
-perspective either, as the secret key needs to be shared temporarily.)
-
-The third client should have been easy, but gpg-agent made it a bit more
-tricky. Obnam failed to run because it couldn't find gpg-agent. Several
-workarounds have been documented in the past, but they all ended up not
-working anymore since version 2.1 of gpg-agent. I ended up [fn:1] having
-to modify =~/.bashrc= as follows:
-
-#+begin_example
-function gpg-update() {
- GPG_PID=$(pidof gpg-agent)
- GPG_AGENT_INFO=${HOME}/.gnupg/S.gpg-agent:$GPG_PID:1
- export GPG_AGENT_INFO
-}
-
-gpg-update
-#+end_example
-
-[fn:1] Courtesy of
- [[https://bugzilla.redhat.com/show_bug.cgi?id=1221234#c5][Brian
- Lane on RedHat's bugtracker]]