Home Explore Help
Sign In
mirrors
/
borgmatic
mirror of https://github.com/witten/borgmatic
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Move from Fosstodon to FLOSS.social.

Dan Helfman 1 month ago
parent
d36e5f24ce
commit
30d2108399
4 changed files with 31 additions and 6 deletions
Unified View Show Diff Stats
  1. 1 0
      NEWS
  2. 2 1
      README.md
  3. 17 0
      borgmatic/config/schema.yaml
  4. 11 5
      borgmatic/hooks/data_source/mariadb.py

+ 1 - 0
NEWS
View File 

@@ -7,6 +7,7 @@
 
  * #1085: Fix a regression in which the default monitoring verbosity is 0 (warnings only) instead of
 
  * #1085: Fix a regression in which the default monitoring verbosity is 0 (warnings only) instead of
 
    1 (info about steps borgmatic is taking). This prevented logs from showing up in monitoring
 
    1 (info about steps borgmatic is taking). This prevented logs from showing up in monitoring
 
    services like Healthchecks unless you had an explicit monitoring verbosity set.
 
    services like Healthchecks unless you had an explicit monitoring verbosity set.
 
+ * Move Mastodon social hosting from Fosstodon to FLOSS.social: https://floss.social/@borgmatic
 
 
 
 2.0.4
 
 2.0.4
 
  * #1072: Fix path rewriting for non-root patterns in the ZFS, Btrfs, and LVM hooks.
 
  * #1072: Fix path rewriting for non-root patterns in the ZFS, Btrfs, and LVM hooks.

+ 2 - 1
README.md
View File 

@@ -138,7 +138,8 @@ issues.
 
 
 
 ### Social
 
 ### Social
 
 
 
-Follow [borgmatic on Mastodon](https://fosstodon.org/@borgmatic).
 
+Follow <a rel="me" href="https://floss.social/@borgmatic">borgmatic on
 
+Mastodon</a>.
 
 
 
 
 
 ### Chat
 
 ### Chat

+ 17 - 0
borgmatic/config/schema.yaml
View File 

@@ -1560,6 +1560,23 @@ properties:
 
                         Defaults to the "password" option. Supports the
 
                         Defaults to the "password" option. Supports the
 
                         "{credential ...}" syntax.
 
                         "{credential ...}" syntax.
 
                     example: trustsome1
 
                     example: trustsome1
 
+                password_transport:
 
+                    type: string
 
+                    enum:
 
+                        - pipe
 
+                        - environment
 
+                    description: |
 
+                        How to transmit database passwords from borgmatic to the
 
+                        MariaDB client, one of:
 
+                         * "pipe": Securely transmit passwords via anonymous
 
+                           pipe. Only works if the database client is on the same
 
+                           host as borgmatic. (The server can be somewhere else.)
 
+                           This is the default value.
 
+                         * "environment": Transmit passwords via environment
 
+                           variable. Potentially less secure than a pipe, but
 
+                           necessary when the database client is elsewhere, e.g.
 
+                           when "mariadb_dump_command" is configured to "exec"
 
+                           into a container and run a client there.
 
                 tls:
 
                 tls:
 
                     type: boolean
 
                     type: boolean
 
                     description: |
 
                     description: |

+ 11 - 5
borgmatic/hooks/data_source/mariadb.py
View File 

@@ -120,13 +120,15 @@ def database_names_to_dump(database, config, username, password, environment, dr
 
         shlex.quote(part) for part in shlex.split(database.get('mariadb_command') or 'mariadb')
 
         shlex.quote(part) for part in shlex.split(database.get('mariadb_command') or 'mariadb')
 
     )
 
     )
 
     extra_options, defaults_extra_filename = parse_extra_options(database.get('list_options'))
 
     extra_options, defaults_extra_filename = parse_extra_options(database.get('list_options'))
 
+    password_transport = config.get('password_transport', 'pipe')
 
     show_command = (
 
     show_command = (
 
         mariadb_show_command
 
         mariadb_show_command
 
-        + make_defaults_file_options(username, password, defaults_extra_filename)
 
+        + (make_defaults_file_options(username, password, defaults_extra_filename) if password_transport == 'pipe' else ())
 
         + extra_options
 
         + extra_options
 
         + (('--host', database['hostname']) if 'hostname' in database else ())
 
         + (('--host', database['hostname']) if 'hostname' in database else ())
 
         + (('--port', str(database['port'])) if 'port' in database else ())
 
         + (('--port', str(database['port'])) if 'port' in database else ())
 
         + (('--protocol', 'tcp') if 'hostname' in database or 'port' in database else ())
 
         + (('--protocol', 'tcp') if 'hostname' in database or 'port' in database else ())
 
+        + (('--user', username) if username and password_transport == 'environment' else ())
 
         + (('--ssl',) if database.get('tls') is True else ())
 
         + (('--ssl',) if database.get('tls') is True else ())
 
         + (('--skip-ssl',) if database.get('tls') is False else ())
 
         + (('--skip-ssl',) if database.get('tls') is False else ())
 
         + ('--skip-column-names', '--batch')
 
         + ('--skip-column-names', '--batch')
 
@@ -184,14 +186,16 @@ def execute_dump_command(
 
         for part in shlex.split(database.get('mariadb_dump_command') or 'mariadb-dump')
 
         for part in shlex.split(database.get('mariadb_dump_command') or 'mariadb-dump')
 
     )
 
     )
 
     extra_options, defaults_extra_filename = parse_extra_options(database.get('options'))
 
     extra_options, defaults_extra_filename = parse_extra_options(database.get('options'))
 
+    password_transport = config.get('password_transport', 'pipe')
 
     dump_command = (
 
     dump_command = (
 
         mariadb_dump_command
 
         mariadb_dump_command
 
-        + make_defaults_file_options(username, password, defaults_extra_filename)
 
+        + (make_defaults_file_options(username, password, defaults_extra_filename) if password_transport == 'pipe' else ())
 
         + extra_options
 
         + extra_options
 
         + (('--add-drop-database',) if database.get('add_drop_database', True) else ())
 
         + (('--add-drop-database',) if database.get('add_drop_database', True) else ())
 
         + (('--host', database['hostname']) if 'hostname' in database else ())
 
         + (('--host', database['hostname']) if 'hostname' in database else ())
 
         + (('--port', str(database['port'])) if 'port' in database else ())
 
         + (('--port', str(database['port'])) if 'port' in database else ())
 
         + (('--protocol', 'tcp') if 'hostname' in database or 'port' in database else ())
 
         + (('--protocol', 'tcp') if 'hostname' in database or 'port' in database else ())
 
+        + (('--user', username) if username and password_transport == 'environment' else ())
 
         + (('--ssl',) if database.get('tls') is True else ())
 
         + (('--ssl',) if database.get('tls') is True else ())
 
         + (('--skip-ssl',) if database.get('tls') is False else ())
 
         + (('--skip-ssl',) if database.get('tls') is False else ())
 
         + ('--databases',)
 
         + ('--databases',)
 
@@ -255,7 +259,7 @@ def dump_data_sources(
 
         password = borgmatic.hooks.credential.parse.resolve_credential(
 
         password = borgmatic.hooks.credential.parse.resolve_credential(
 
             database.get('password'), config
 
             database.get('password'), config
 
         )
 
         )
 
-        environment = dict(os.environ)
 
+        environment = dict(os.environ, **({'MYSQL_PWD': password} if password and config.get('password_transport') == 'environment' else {}))
 
         dump_database_names = database_names_to_dump(
 
         dump_database_names = database_names_to_dump(
 
             database, config, username, password, environment, dry_run
 
             database, config, username, password, environment, dry_run
 
         )
 
         )
 
@@ -383,18 +387,20 @@ def restore_data_source_dump(
 
         shlex.quote(part) for part in shlex.split(data_source.get('mariadb_command') or 'mariadb')
 
         shlex.quote(part) for part in shlex.split(data_source.get('mariadb_command') or 'mariadb')
 
     )
 
     )
 
     extra_options, defaults_extra_filename = parse_extra_options(data_source.get('restore_options'))
 
     extra_options, defaults_extra_filename = parse_extra_options(data_source.get('restore_options'))
 
+    password_transport = config.get('password_transport', 'pipe')
 
     restore_command = (
 
     restore_command = (
 
         mariadb_restore_command
 
         mariadb_restore_command
 
-        + make_defaults_file_options(username, password, defaults_extra_filename)
 
+        + (make_defaults_file_options(username, password, defaults_extra_filename) if password_transport == 'pipe' else ())
 
         + extra_options
 
         + extra_options
 
         + ('--batch',)
 
         + ('--batch',)
 
         + (('--host', hostname) if hostname else ())
 
         + (('--host', hostname) if hostname else ())
 
         + (('--port', str(port)) if port else ())
 
         + (('--port', str(port)) if port else ())
 
         + (('--protocol', 'tcp') if hostname or port else ())
 
         + (('--protocol', 'tcp') if hostname or port else ())
 
+        + (('--user', username) if username and password_transport == 'environment' else ())
 
         + (('--ssl',) if tls is True else ())
 
         + (('--ssl',) if tls is True else ())
 
         + (('--skip-ssl',) if tls is False else ())
 
         + (('--skip-ssl',) if tls is False else ())
 
     )
 
     )
 
-    environment = dict(os.environ)
 
+    environment = dict(os.environ, **({'MYSQL_PWD': password} if password and password_transport == 'environment' else {}))
 
 
 
     logger.debug(f"Restoring MariaDB database {data_source['name']}{dry_run_label}")
 
     logger.debug(f"Restoring MariaDB database {data_source['name']}{dry_run_label}")
 
     if dry_run:
 
     if dry_run: