upgrade: allow enable/disable manifest TAM for unencrypted repos

Recent borg wrote TAM authenticated **archives** even for unencrypted repos (encryption "none"), so we also do that for the manifest. It's kind of fake as there is no secret key involved then, but it simplifies the code.
2023-06-27 12:30:47 +02:00 · 2023-06-27 12:30:47 +02:00 · 35e34597f4
parent 005662a8fe
commit 35e34597f4
1 changed files with 2 additions and 7 deletions
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@ -1741,11 +1741,6 @@ class Archiver:
                cache.commit()
        elif args.tam:
            manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
-
-            if not hasattr(key, 'change_passphrase'):
-                print('This repository is not encrypted, cannot enable TAM.')
-                return EXIT_ERROR
-
            if not manifest.tam_verified or not manifest.config.get(b'tam_required', False):
                print('Manifest contents:')
                for archive_info in manifest.archives.list(sort_by=['ts']):
@ -1753,7 +1748,7 @@ class Archiver:
                manifest.config[b'tam_required'] = True
                manifest.write()
                repository.commit()
-            if not key.tam_required:
+            if not key.tam_required and hasattr(key, 'change_passphrase'):
                key.tam_required = True
                key.change_passphrase(key._passphrase)
                print('Key updated')
@ -1767,7 +1762,7 @@ class Archiver:
            manifest, key = Manifest.load(repository, Manifest.NO_OPERATION_CHECK, force_tam_not_required=True)
            if tam_required(repository):
                os.unlink(tam_required_file(repository))
-            if key.tam_required:
+            if key.tam_required and hasattr(key, 'change_passphrase'):
                key.tam_required = False
                key.change_passphrase(key._passphrase)
                print('Key updated')