|
|
@@ -1024,7 +1024,7 @@ Duration: {0.duration}
|
|
|
setattr(metadata, key, value)
|
|
|
if "items" in metadata:
|
|
|
del metadata.items
|
|
|
- data = msgpack.packb(metadata.as_dict())
|
|
|
+ data = self.key.pack_and_authenticate_metadata(metadata.as_dict(), context=b"archive")
|
|
|
new_id = self.key.id_hash(data)
|
|
|
self.cache.add_chunk(new_id, {}, data, stats=self.stats)
|
|
|
self.manifest.archives[self.name] = (new_id, metadata.time)
|
|
|
@@ -2261,7 +2261,17 @@ class ArchiveChecker:
|
|
|
self.error_found = True
|
|
|
del self.manifest.archives[info.name]
|
|
|
continue
|
|
|
- archive = ArchiveItem(internal_dict=msgpack.unpackb(data))
|
|
|
+ try:
|
|
|
+ archive, verified = self.key.unpack_and_verify_archive(data, force_tam_not_required=False)
|
|
|
+ except IntegrityError as integrity_error:
|
|
|
+ # looks like there is a TAM issue with this archive, this might be an attack!
|
|
|
+ # when upgrading to borg 1.2.5, users are expected to TAM-authenticate all archives they
|
|
|
+ # trust, so there shouldn't be any without TAM.
|
|
|
+ logger.error("Archive TAM authentication issue for archive %s: %s", info.name, integrity_error)
|
|
|
+ self.error_found = True
|
|
|
+ del self.manifest.archives[info.name]
|
|
|
+ continue
|
|
|
+ archive = ArchiveItem(internal_dict=archive)
|
|
|
if archive.version != 2:
|
|
|
raise Exception("Unknown archive metadata version")
|
|
|
items_buffer = ChunkBuffer(self.key)
|
|
|
@@ -2280,7 +2290,7 @@ class ArchiveChecker:
|
|
|
archive.item_ptrs = archive_put_items(
|
|
|
items_buffer.chunks, repo_objs=self.repo_objs, add_reference=add_reference
|
|
|
)
|
|
|
- data = msgpack.packb(archive.as_dict())
|
|
|
+ data = self.key.pack_and_authenticate_metadata(archive.as_dict(), context=b"archive")
|
|
|
new_archive_id = self.key.id_hash(data)
|
|
|
cdata = self.repo_objs.format(new_archive_id, {}, data)
|
|
|
add_reference(new_archive_id, len(data), cdata)
|
Thomas Waldmann