duplicity: No signature chains found

Question

Trying to use duplicity to list files in a backup that is in google drive. I get the error as in the title.

• I can see the folder and contents if I go to drive.google.com in the browser.
• I created a service account and downloaded the json file as defined here
• The url I use is gdrive://${GOOGLE_SERVICE_ACCOUNT_URL}/${FOLDER_NAME}?myDriveFolderID=root
• GOOGLE_SERVICE_ACCOUNT_URL is the same as client_email in the json fle
• FOLDER_NAME is the textual name I see in the web browser
• The drive is for a company account and usually I access it by logging in normally, but with my work email

Answer 1

• Need to share the drive with the service account
• Neet to not user FOLDER_NAME and instead use its ID in myDriveFolderID

Answer 2

try the steps as outlined in the duplicity man page section "A NOTE ON GDRIVE BACKEND" . they may not be outlined perfectly but reportedly work.

Note Google has 2 drive methods, Shared(previously Team) Drives and My Drive, both can be shared but require different addressing

For a Google Shared Drives folder

Share Drive ID specified as a query parameter, driveID, in the backend URL. Example: gdrive://developer.gserviceaccount.com/target-folder/?driveID=

For a Google My Drive based shared folder

MyDrive folder ID specified as a query parameter, myDriveFolderID, in the backend URL Example export [email protected] gdrive://${GOOGLE_SERVICE_ACCOUNT_URL}/?myDriveFolderID=root

There are also two ways to authenticate to use GDrive: with a regular account or with a "service account". With a service account, a separate account is created, that is only accessible with Google APIs and not a web login. With a regular account, you can store backups in your normal Google Drive.

To use a service account, go to the Google developers console at https://console.developers.google.com. Create a project, and make sure Drive API is enabled for the project. In the "Credentials" section, click "Create credentials", then select Service Account with JSON key.

The GOOGLE_SERVICE_JSON_FILE environment variable needs to contain the path to the JSON file on duplicity invocation.

export GOOGLE_SERVICE_JSON_FILE=<path-to-serviceaccount-credentials.json>

The alternative is to use a regular account. To do this, start as above, but when creating a new Client ID, select "Create OAuth client ID", with application type of "Desktop app". Download the client_secret.json file for the new client, and set the GOOGLE_CLIENT_SECRET_JSON_FILE environment variable to the path to this file, and GOOGLE_CREDENTIALS_FILE to a path to a file where duplicity will keep the authentication token - this location must be writable.

NOTE: As a sanity check, GDrive checks the host and username from the URL against the JSON key, and refuses to proceed if the addresses do not match. Either the email (for the service accounts) or Client ID (for regular OAuth accounts) must be present in the URL. See URL FORMAT above.