mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-02-21 13:47:16 +00:00
Code Issues Releases Wiki Activity

Merge pull request #6046 from Killamus/fix_overwrite_keys

Browse source 
Disallow overwriting of existing keyfiles on init
This commit is contained in:
TW 2022-02-04 20:15:53 +01:00 committed by GitHub
commit 1a6437d8ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/borg/crypto/key.py
View file

@ -679,12 +679,12 @@ def create(cls, repository, args):
key.init_from_random_data()
key.init_ciphers()
target = key.get_new_target(args)
key.save(target, passphrase)
key.save(target, passphrase, create=True)
logger.info('Key in "%s" created.' % target)
logger.info('Keep this key safe. Your data will be inaccessible without it.')
return key
def save(self, target, passphrase):
def save(self, target, passphrase, create=False):
raise NotImplementedError
def get_new_target(self, args):
@ -767,7 +767,12 @@ def load(self, target, passphrase):
self.target = target
return success
def save(self, target, passphrase):
def save(self, target, passphrase, create=False):
if create and os.path.isfile(target):
# if a new keyfile key repository is created, ensure that an existing keyfile of another
# keyfile key repo is not accidentally overwritten by careless use of the BORG_KEY_FILE env var.
# see issue #6036
raise Error('Aborting because key in "%s" already exists.' % target)
key_data = self._save(passphrase)
with SaveFile(target) as fd:
fd.write('%s %s\n' % (self.FILE_ID, bin_to_hex(self.repository_id)))
@ -807,7 +812,7 @@ def load(self, target, passphrase):
self.target = target
return success
def save(self, target, passphrase):
def save(self, target, passphrase, create=False):
self.logically_encrypted = passphrase != ''
key_data = self._save(passphrase)
key_data = key_data.encode('utf-8') # remote repo: msgpack issue #99, giving bytes
@ -845,8 +850,8 @@ def load(self, target, passphrase):
self.logically_encrypted = False
return success
def save(self, target, passphrase):
super().save(target, passphrase)
def save(self, target, passphrase, create=False):
super().save(target, passphrase, create=create)
self.logically_encrypted = False
def init_ciphers(self, manifest_data=None):