1 жил өмнө · 3f1a02fa74
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@@ -1636,7 +1636,7 @@ class Archiver:
 
				                           DASHES, logger=logging.getLogger('borg.output.stats'))
			
 
				         return self.exit_code
			
 
				 
			
 
				-    @with_repository(fake=('tam', 'disable_tam', 'archives_tam', 'check_archives_tam'), invert_fake=True, manifest=False, exclusive=True)
			
 
				+    @with_repository(fake=('tam', 'check_tam', 'disable_tam', 'archives_tam', 'check_archives_tam'), invert_fake=True, manifest=False, exclusive=True)
			
 
				     def do_upgrade(self, args, repository, manifest=None, key=None):
			
 
				         """upgrade a repository from a previous version"""
			
 
				         if args.archives_tam or args.check_archives_tam:
			
@@ -1682,25 +1682,42 @@ class Archiver:
 
				                             self.print_warning(f"Found {archive_tam_issues} archives with TAM issues!")
			
 
				                         else:
			
 
				                             print("All archives are TAM authenticated.")
			
 
				-        elif args.tam:
			
 
				-            manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
			
 
				-            if not manifest.tam_verified or not manifest.config.get(b'tam_required', False):
			
 
				-                print('Manifest contents:')
			
 
				-                for archive_info in manifest.archives.list(sort_by=['ts']):
			
 
				-                    print(format_archive(archive_info))
			
 
				-                manifest.config[b'tam_required'] = True
			
 
				-                manifest.write()
			
 
				-                repository.commit(compact=False)
			
 
				-            if not key.tam_required and hasattr(key, 'change_passphrase'):
			
 
				-                key.tam_required = True
			
 
				-                key.change_passphrase(key._passphrase)
			
 
				-                print('Key updated')
			
 
				-                if hasattr(key, 'find_key'):
			
 
				-                    print('Key location:', key.find_key())
			
 
				-            if not tam_required(repository):
			
 
				-                tam_file = tam_required_file(repository)
			
 
				-                open(tam_file, 'w').close()
			
 
				-                print('Updated security database')
			
 
				+        elif args.tam or args.check_tam:
			
 
				+            with ignore_invalid_archive_tam():
			
 
				+                manifest_tam_issues = 0
			
 
				+                read_only = args.check_tam
			
 
				+                manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
			
 
				+                if not manifest.tam_verified or not manifest.config.get(b'tam_required', False):
			
 
				+                    if not read_only:
			
 
				+                        print('Manifest contents:')
			
 
				+                        for archive_info in manifest.archives.list(sort_by=['ts']):
			
 
				+                            print(format_archive(archive_info))
			
 
				+                        manifest.config[b'tam_required'] = True
			
 
				+                        manifest.write()
			
 
				+                        repository.commit(compact=False)
			
 
				+                    else:
			
 
				+                        manifest_tam_issues += 1
			
 
				+                        self.print_warning("Repository Manifest is not TAM verified or a TAM is not required!")
			
 
				+                if not key.tam_required and hasattr(key, 'change_passphrase'):
			
 
				+                    if not read_only:
			
 
				+                        key.tam_required = True
			
 
				+                        key.change_passphrase(key._passphrase)
			
 
				+                        print('Key updated')
			
 
				+                        if hasattr(key, 'find_key'):
			
 
				+                            print('Key location:', key.find_key())
			
 
				+                    else:
			
 
				+                        manifest_tam_issues += 1
			
 
				+                        self.print_warning("Key does not require TAM authentication!")
			
 
				+                if not tam_required(repository):
			
 
				+                    if not read_only:
			
 
				+                        tam_file = tam_required_file(repository)
			
 
				+                        open(tam_file, 'w').close()
			
 
				+                        print('Updated security database')
			
 
				+                    else:
			
 
				+                        manifest_tam_issues += 1
			
 
				+                        self.print_warning("Client-side security database does not require a TAM!")
			
 
				+                if read_only and manifest_tam_issues == 0:
			
 
				+                    print("Manifest authentication setup OK for this client and this repository.")
			
 
				         elif args.disable_tam:
			
 
				             manifest, key = Manifest.load(repository, Manifest.NO_OPERATION_CHECK, force_tam_not_required=True)
			
 
				             if tam_required(repository):
			
@@ -5016,6 +5033,8 @@ class Archiver:
 
				                                help='Force upgrade')
			
 
				         subparser.add_argument('--tam', dest='tam', action='store_true',
			
 
				                                help='Enable manifest authentication (in key and cache) (Borg 1.0.9 and later).')
			
 
				+        subparser.add_argument('--check-tam', dest='check_tam', action='store_true',
			
 
				+                               help='check manifest authentication (in key and cache).')
			
 
				         subparser.add_argument('--disable-tam', dest='disable_tam', action='store_true',
			
 
				                                help='Disable manifest authentication (in key and cache).')
			
 
				         subparser.add_argument('--check-archives-tam', dest='check_archives_tam', action='store_true',