Merge pull request #2124 from enkore/f/keycmds

Move migrate-to-repokey, change-passphrase to key group

docs/changes.rst

@@ -131,6 +131,11 @@ Changelog
 Version 1.1.0b4 (not released yet)
 ----------------------------------
 
+Compatibility notes:
+
+- Moved "borg migrate-to-repokey" to "borg key migrate-to-repokey".
+- "borg change-passphrase" is deprecated, use "borg key change-passphrase" instead.
+
 New features:
 
 - the --exclude-if-present option now supports tagging a folder with any

docs/usage.rst

@@ -687,8 +687,9 @@ borgfs
 
 .. include:: usage/key_import.rst.inc
 
+.. _borg-change-passphrase:
 
-.. include:: usage/change-passphrase.rst.inc
+.. include:: usage/key_change-passphrase.rst.inc
 
 Examples
 ~~~~~~~~
@@ -707,7 +708,7 @@ Examples
     Done.
 
     # Change key file passphrase
-    $ borg change-passphrase -v /path/to/repo
+    $ borg key change-passphrase -v /path/to/repo
     Enter passphrase for key /root/.config/borg/keys/mnt_backup:
     Enter new passphrase:
     Enter same passphrase again:
@@ -720,7 +721,7 @@ Fully automated using environment variables:
 
     $ BORG_NEW_PASSPHRASE=old borg init repo
     # now "old" is the current passphrase.
-    $ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg change-passphrase repo
+    $ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
     # now "new" is the current passphrase.
 
 
@@ -774,7 +775,7 @@ Thus, to upgrade a "passphrase" attic repo to a "repokey" borg repo, 2 steps
 are needed, in this order:
 
 - borg upgrade repo
-- borg migrate-to-repokey repo
+- borg key migrate-to-repokey repo
 
 
 .. include:: usage/recreate.rst.inc

docs/usage/migrate-to-repokey.rst.inc

@@ -1,36 +0,0 @@
-.. IMPORTANT: this file is auto-generated from borg's built-in help, do not edit!
-
-.. _borg_migrate-to-repokey:
-
-borg migrate-to-repokey
------------------------
-::
-
-    borg migrate-to-repokey <options> REPOSITORY
-
-positional arguments
-    REPOSITORY
-
-
-`Common options`_
-    |
-
-Description
-~~~~~~~~~~~
-
-This command migrates a repository from passphrase mode (not supported any
-more) to repokey mode.
-
-You will be first asked for the repository passphrase (to open it in passphrase
-mode). This is the same passphrase as you used to use for this repo before 1.0.
-
-It will then derive the different secrets from this passphrase.
-
-Then you will be asked for a new passphrase (twice, for safety). This
-passphrase will be used to protect the repokey (which contains these same
-secrets in encrypted form). You may use the same passphrase as you used to
-use, but you may also use a different one.
-
-After migrating to repokey mode, you can change the passphrase at any time.
-But please note: the secrets will always stay the same and they could always
-be derived from your (old) passphrase-mode passphrase.

src/borg/archiver.py

@@ -251,6 +251,11 @@ class Archiver:
             logger.info('Key location: %s', key.find_key())
         return EXIT_SUCCESS
 
+    def do_change_passphrase_deprecated(self, args):
+        logger.warning('"borg change-passphrase" is deprecated and will be removed in Borg 1.2.\n'
+                       'Use "borg key change-passphrase" instead.')
+        return self.do_change_passphrase(args)
+
     @with_repository(lock=False, exclusive=False, manifest=False, cache=False)
     def do_key_export(self, args, repository):
         """Export the repository key for backup"""
@@ -1809,19 +1814,6 @@ class Archiver:
                                help="""show progress display while checking""")
         self.add_archives_filters_args(subparser)
 
-        change_passphrase_epilog = textwrap.dedent("""
-        The key files used for repository encryption are optionally passphrase
-        protected. This command can be used to change this passphrase.
-        """)
-        subparser = subparsers.add_parser('change-passphrase', parents=[common_parser], add_help=False,
-                                          description=self.do_change_passphrase.__doc__,
-                                          epilog=change_passphrase_epilog,
-                                          formatter_class=argparse.RawDescriptionHelpFormatter,
-                                          help='change repository passphrase')
-        subparser.set_defaults(func=self.do_change_passphrase)
-        subparser.add_argument('location', metavar='REPOSITORY', nargs='?', default='',
-                               type=location_validator(archive=False))
-
         subparser = subparsers.add_parser('key', parents=[common_parser], add_help=False,
                                           description="Manage a keyfile or repokey of a repository",
                                           epilog="",
@@ -1886,9 +1878,32 @@ class Archiver:
                                default=False,
                                help='interactively import from a backup done with --paper')
 
+        change_passphrase_epilog = textwrap.dedent("""
+        The key files used for repository encryption are optionally passphrase
+        protected. This command can be used to change this passphrase.
+        """)
+        subparser = key_parsers.add_parser('change-passphrase', parents=[common_parser], add_help=False,
+                                          description=self.do_change_passphrase.__doc__,
+                                          epilog=change_passphrase_epilog,
+                                          formatter_class=argparse.RawDescriptionHelpFormatter,
+                                          help='change repository passphrase')
+        subparser.set_defaults(func=self.do_change_passphrase)
+        subparser.add_argument('location', metavar='REPOSITORY', nargs='?', default='',
+                               type=location_validator(archive=False))
+
+        # Borg 1.0 alias for change passphrase (without the "key" subcommand)
+        subparser = subparsers.add_parser('change-passphrase', parents=[common_parser], add_help=False,
+                                          description=self.do_change_passphrase.__doc__,
+                                          epilog=change_passphrase_epilog,
+                                          formatter_class=argparse.RawDescriptionHelpFormatter,
+                                          help='change repository passphrase')
+        subparser.set_defaults(func=self.do_change_passphrase_deprecated)
+        subparser.add_argument('location', metavar='REPOSITORY', nargs='?', default='',
+                               type=location_validator(archive=False))
+
         migrate_to_repokey_epilog = textwrap.dedent("""
-        This command migrates a repository from passphrase mode (not supported any
-        more) to repokey mode.
+        This command migrates a repository from passphrase mode (removed in Borg 1.0)
+        to repokey mode.
 
         You will be first asked for the repository passphrase (to open it in passphrase
         mode). This is the same passphrase as you used to use for this repo before 1.0.
@@ -1904,7 +1919,7 @@ class Archiver:
         But please note: the secrets will always stay the same and they could always
         be derived from your (old) passphrase-mode passphrase.
         """)
-        subparser = subparsers.add_parser('migrate-to-repokey', parents=[common_parser], add_help=False,
+        subparser = key_parsers.add_parser('migrate-to-repokey', parents=[common_parser], add_help=False,
                                           description=self.do_migrate_to_repokey.__doc__,
                                           epilog=migrate_to_repokey_epilog,
                                           formatter_class=argparse.RawDescriptionHelpFormatter,

src/borg/key.py

@@ -476,7 +476,7 @@ class PassphraseKey(ID_HMAC_SHA_256, AESKeyBase):
 
     @classmethod
     def detect(cls, repository, manifest_data):
-        prompt = 'Enter passphrase for %s: ' % repository._location.orig
+        prompt = 'Enter passphrase for %s: ' % repository._location.canonical_path()
         key = cls(repository)
         passphrase = Passphrase.env_passphrase()
         if passphrase is None: