صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
mirrors
/
borg
mirrorاز https://github.com/borgbackup/borg
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
فهرست منبع

list: support {tam} placeholder. check archive TAM.

list: shows either "verified" or "none", depending on
whether a TAM auth tag could be verified or was
missing (old archives from borg < 1.0.9).

when loading an archive, we now try to verify the archive
TAM, but we do not require it. people might still have
old archives in their repos and we want to be able to
list such repos without fatal exceptions.
Thomas Waldmann 2 سال پیش
والد
155d8ee23b
کامیت
75518d945c
3فایلهای تغییر یافته به همراه13 افزوده شده و 3 حذف شده
نمای یکپارچه نمایش آمار تفاوت ها
  1. 4 1
      src/borg/archive.py
  2. 3 1
      src/borg/crypto/key.py
  3. 6 1
      src/borg/helpers/parseformat.py

+ 4 - 1
src/borg/archive.py
مشاهده فایل 

@@ -450,6 +450,7 @@ class Archive:
 
         self.name = name  # overwritten later with name from archive metadata
 
         self.name = name  # overwritten later with name from archive metadata
 
         self.name_in_manifest = name  # can differ from .name later (if borg check fixed duplicate archive names)
 
         self.name_in_manifest = name  # can differ from .name later (if borg check fixed duplicate archive names)
 
         self.comment = None
 
         self.comment = None
 
+        self.tam_verified = False
 
         self.checkpoint_interval = checkpoint_interval
 
         self.checkpoint_interval = checkpoint_interval
 
         self.numeric_ids = numeric_ids
 
         self.numeric_ids = numeric_ids
 
         self.noatime = noatime
 
         self.noatime = noatime
 
@@ -488,7 +489,9 @@ class Archive:
 
 
 
     def _load_meta(self, id):
 
     def _load_meta(self, id):
 
         data = self.key.decrypt(id, self.repository.get(id))
 
         data = self.key.decrypt(id, self.repository.get(id))
 
-        metadata = ArchiveItem(internal_dict=msgpack.unpackb(data))
 
+        # we do not require TAM for archives, otherwise we can not even borg list a repo with old archives.
 
+        archive, self.tam_verified = self.key.unpack_and_verify_archive(data, force_tam_not_required=True)
 
+        metadata = ArchiveItem(internal_dict=archive)
 
         if metadata.version != 1:
 
         if metadata.version != 1:
 
             raise Exception('Unknown archive metadata version')
 
             raise Exception('Unknown archive metadata version')
 
         return metadata
 
         return metadata

+ 3 - 1
src/borg/crypto/key.py
مشاهده فایل 

@@ -286,7 +286,9 @@ class KeyBase:
 
         """Unpack msgpacked *data* and return (object, did_verify)."""
 
         """Unpack msgpacked *data* and return (object, did_verify)."""
 
         tam_required = self.tam_required
 
         tam_required = self.tam_required
 
         if force_tam_not_required and tam_required:
 
         if force_tam_not_required and tam_required:
 
-            logger.warning('Archive authentication DISABLED.')
 
+            # for a long time, borg only checked manifest for "tam_required" and
 
+            # people might have archives without TAM, so don't be too annoyingly loud here:
 
+            logger.debug('Archive authentication DISABLED.')
 
             tam_required = False
 
             tam_required = False
 
         data = bytearray(data)
 
         data = bytearray(data)
 
         unpacker = get_limited_unpacker('archive')
 
         unpacker = get_limited_unpacker('archive')

+ 6 - 1
src/borg/helpers/parseformat.py
مشاهده فایل 

@@ -592,9 +592,10 @@ class ArchiveFormatter(BaseFormatter):
 
         'id': 'internal ID of the archive',
 
         'id': 'internal ID of the archive',
 
         'hostname': 'hostname of host on which this archive was created',
 
         'hostname': 'hostname of host on which this archive was created',
 
         'username': 'username of user who created this archive',
 
         'username': 'username of user who created this archive',
 
+        'tam': 'TAM authentication state of this archive',
 
     }
 
     }
 
     KEY_GROUPS = (
 
     KEY_GROUPS = (
 
-        ('archive', 'name', 'barchive', 'comment', 'bcomment', 'id'),
 
+        ('archive', 'name', 'barchive', 'comment', 'bcomment', 'id', 'tam'),
 
         ('start', 'time', 'end', 'command_line'),
 
         ('start', 'time', 'end', 'command_line'),
 
         ('hostname', 'username'),
 
         ('hostname', 'username'),
 
     )
 
     )
 
@@ -647,6 +648,7 @@ class ArchiveFormatter(BaseFormatter):
 
             'bcomment': partial(self.get_meta, 'comment', rs=False),
 
             'bcomment': partial(self.get_meta, 'comment', rs=False),
 
             'end': self.get_ts_end,
 
             'end': self.get_ts_end,
 
             'command_line': self.get_cmdline,
 
             'command_line': self.get_cmdline,
 
+            'tam': self.get_tam,
 
         }
 
         }
 
         self.used_call_keys = set(self.call_keys) & self.format_keys
 
         self.used_call_keys = set(self.call_keys) & self.format_keys
 
         if self.json:
 
         if self.json:
 
@@ -697,6 +699,9 @@ class ArchiveFormatter(BaseFormatter):
 
     def get_ts_end(self):
 
     def get_ts_end(self):
 
         return self.format_time(self.archive.ts_end)
 
         return self.format_time(self.archive.ts_end)
 
 
 
+    def get_tam(self):
 
+        return 'verified' if self.archive.tam_verified else 'none'
 
+
 
     def format_time(self, ts):
 
     def format_time(self, ts):
 
         return OutputTimestamp(ts)
 
         return OutputTimestamp(ts)