Merge pull request #2375 from enkore/buhdf

BORG_HOSTNAME_IS_UNIQUE=yes by default.

docs/changes.rst

@@ -128,6 +128,13 @@ The best check that everything is ok is to run a dry-run extraction::
 Changelog
 =========
 
+Version 1.1.0b5 (not released)
+------------------------------
+
+Compatibility notes:
+
+- BORG_HOSTNAME_IS_UNIQUE is now on by default.
+
 Version 1.1.0b4 (2017-03-27)
 ----------------------------
 

docs/usage.rst

@@ -403,11 +403,17 @@ Examples
 borg serve has special support for ssh forced commands (see ``authorized_keys``
 example below): it will detect that you use such a forced command and extract
 the value of the ``--restrict-to-path`` option(s).
+
 It will then parse the original command that came from the client, makes sure
 that it is also ``borg serve`` and enforce path restriction(s) as given by the
 forced command. That way, other options given by the client (like ``--info`` or
 ``--umask``) are preserved (and are not fixed by the forced command).
 
+Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in the original
+command sent by the client are *not* interpreted, but ignored. If BORG_XXX environment
+variables should be set on the ``borg serve`` side, then these must be set in system-specific
+locations like ``/etc/environment`` or in the forced command itself (example below).
+
 ::
 
     # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
@@ -416,6 +422,9 @@ forced command. That way, other options given by the client (like ``--info`` or
     $ cat ~/.ssh/authorized_keys
     command="borg serve --restrict-to-path /path/to/repo",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa AAAAB3[...]
 
+    # Set a BORG_XXX environment variable on the "borg serve" side
+    $ cat ~/.ssh/authorized_keys
+    command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
 
 .. include:: usage/upgrade.rst.inc
 

docs/usage_general.rst.inc

@@ -140,9 +140,10 @@ General:
         Main usecase for this is to fully automate ``borg change-passphrase``.
     BORG_DISPLAY_PASSPHRASE
         When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
-    BORG_HOSTNAME_IS_UNIQUE=yes
-        Use this to assert that your hostname is unique.
-        Borg will then automatically remove locks that it could determine to be stale.
+    BORG_HOSTNAME_IS_UNIQUE=no
+        Borg assumes that it can derive a unique hostname / identity (see ``borg debug info``).
+        If this is not the case or you do not want Borg to automatically remove stale locks,
+        set this to *no*.
     BORG_LOGGING_CONF
         When set, use the given filename as INI_-style logging configuration.
     BORG_RSH

src/borg/cache.py

@@ -18,7 +18,7 @@ from .helpers import get_cache_dir, get_security_dir
 from .helpers import int_to_bigint, bigint_to_int, bin_to_hex
 from .helpers import format_file_size
 from .helpers import safe_ns
-from .helpers import yes
+from .helpers import yes, hostname_is_unique
 from .helpers import remove_surrogates
 from .helpers import ProgressIndicatorPercent, ProgressIndicatorMessage
 from .item import Item, ArchiveItem, ChunkListEntry
@@ -187,9 +187,6 @@ class Cache:
         self.progress = progress
         self.path = path or os.path.join(get_cache_dir(), repository.id_str)
         self.security_manager = SecurityManager(repository)
-        self.hostname_is_unique = yes(env_var_override='BORG_HOSTNAME_IS_UNIQUE', prompt=False, env_msg=None)
-        if self.hostname_is_unique:
-            logger.info('Enabled removal of stale cache locks')
         self.do_files = do_files
         # Warn user before sending data to a never seen before unencrypted repository
         if not os.path.exists(self.path):
@@ -295,7 +292,7 @@ Chunk index:    {0.total_unique_chunks:20d} {0.total_chunks:20d}"""
     def open(self, lock_wait=None):
         if not os.path.isdir(self.path):
             raise Exception('%s Does not look like a Borg cache' % self.path)
-        self.lock = Lock(os.path.join(self.path, 'lock'), exclusive=True, timeout=lock_wait, kill_stale_locks=self.hostname_is_unique).acquire()
+        self.lock = Lock(os.path.join(self.path, 'lock'), exclusive=True, timeout=lock_wait, kill_stale_locks=hostname_is_unique()).acquire()
         self.rollback()
 
     def close(self):

src/borg/helpers.py

@@ -1440,6 +1440,10 @@ def yes(msg=None, false_msg=None, true_msg=None, default_msg=None,
         env_var_override = None
 
 
+def hostname_is_unique():
+    return yes(env_var_override='BORG_HOSTNAME_IS_UNIQUE', prompt=False, env_msg=None, default=True)
+
+
 def ellipsis_truncate(msg, space):
     """
     shorten a long string by adding ellipsis between it and return it, example:

src/borg/remote.py

@@ -8,7 +8,6 @@ import select
 import shlex
 import sys
 import tempfile
-import time
 import traceback
 import textwrap
 import time
@@ -22,7 +21,7 @@ from .helpers import get_home_dir
 from .helpers import sysinfo
 from .helpers import bin_to_hex
 from .helpers import replace_placeholders
-from .helpers import yes
+from .helpers import hostname_is_unique
 from .repository import Repository, MAX_OBJECT_SIZE, LIST_SCAN_LIMIT
 from .version import parse_version, format_version
 from .logger import create_logger
@@ -646,8 +645,8 @@ This problem will go away as soon as the server has been upgraded to 1.0.7+.
             except AttributeError:
                 pass
         env_vars = []
-        if yes(env_var_override='BORG_HOSTNAME_IS_UNIQUE', env_msg=None, prompt=False):
-            env_vars.append('BORG_HOSTNAME_IS_UNIQUE=yes')
+        if not hostname_is_unique():
+            env_vars.append('BORG_HOSTNAME_IS_UNIQUE=no')
         if testing:
             return env_vars + [sys.executable, '-m', 'borg.archiver', 'serve'] + opts + self.extra_test_args
         else:  # pragma: no cover

src/borg/repository.py

@@ -17,7 +17,7 @@ from .helpers import Error, ErrorWithTraceback, IntegrityError, format_file_size
 from .helpers import Location
 from .helpers import ProgressIndicatorPercent
 from .helpers import bin_to_hex
-from .helpers import yes
+from .helpers import hostname_is_unique
 from .helpers import secure_erase
 from .locking import Lock, LockError, LockErrorT
 from .logger import create_logger
@@ -124,9 +124,6 @@ class Repository:
         self.created = False
         self.exclusive = exclusive
         self.append_only = append_only
-        self.hostname_is_unique = yes(env_var_override='BORG_HOSTNAME_IS_UNIQUE', env_msg=None, prompt=False)
-        if self.hostname_is_unique:
-            logger.info('Enabled removal of stale repository locks')
 
     def __del__(self):
         if self.lock:
@@ -279,7 +276,7 @@ class Repository:
         if not os.path.isdir(path):
             raise self.DoesNotExist(path)
         if lock:
-            self.lock = Lock(os.path.join(path, 'lock'), exclusive, timeout=lock_wait, kill_stale_locks=self.hostname_is_unique).acquire()
+            self.lock = Lock(os.path.join(path, 'lock'), exclusive, timeout=lock_wait, kill_stale_locks=hostname_is_unique()).acquire()
         else:
             self.lock = None
         self.config = ConfigParser(interpolation=None)