upgrade: auto-use ignore_invalid_archive_tam

2025-03-09 21:57:24 +00:00 · 2024-03-24 18:17:21 +01:00 · 2024-03-24 18:17:21 +01:00 · 69a4ea7682
commit 69a4ea7682
parent ed80bf2c37
2 changed files with 53 additions and 39 deletions
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@ -76,6 +76,7 @@ try:
    from .helpers import sig_int, ignore_sigint
    from .helpers import iter_separated
    from .helpers import get_tar_filter
    from .helpers import ignore_invalid_archive_tam
    from .helpers.parseformat import BorgJsonEncoder, safe_decode
    from .nanorst import rst_to_terminal
    from .patterns import ArgparsePatternAction, ArgparseExcludeFileAction, ArgparsePatternFileAction, parse_exclude_pattern
@ -1613,47 +1614,48 @@ class Archiver:
    def do_upgrade(self, args, repository, manifest=None, key=None):
        """upgrade a repository from a previous version"""
        if args.archives_tam or args.check_archives_tam:
-            archive_tam_issues = 0
+            with ignore_invalid_archive_tam():
-            read_only = args.check_archives_tam
+                archive_tam_issues = 0
-            manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
+                read_only = args.check_archives_tam
-            with Cache(repository, key, manifest) as cache:
+                manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
-                stats = Statistics()
+                with Cache(repository, key, manifest) as cache:
-                for info in manifest.archives.list(sort_by=['ts']):
+                    stats = Statistics()
-                    archive_id = info.id
+                    for info in manifest.archives.list(sort_by=['ts']):
-                    archive_formatted = format_archive(info)
+                        archive_id = info.id
-                    cdata = repository.get(archive_id)
+                        archive_formatted = format_archive(info)
-                    data = key.decrypt(archive_id, cdata)
+                        cdata = repository.get(archive_id)
-                    archive, verified, _ = key.unpack_and_verify_archive(data, force_tam_not_required=True)
+                        data = key.decrypt(archive_id, cdata)
-                    if not verified:
+                        archive, verified, _ = key.unpack_and_verify_archive(data, force_tam_not_required=True)
-                        if not read_only:
+                        if not verified:
-                            # we do not have an archive TAM yet -> add TAM now!
+                            if not read_only:
-                            archive = ArchiveItem(internal_dict=archive)
+                                # we do not have an archive TAM yet -> add TAM now!
-                            archive.cmdline = [safe_decode(arg) for arg in archive.cmdline]
+                                archive = ArchiveItem(internal_dict=archive)
-                            data = key.pack_and_authenticate_metadata(archive.as_dict(), context=b'archive')
+                                archive.cmdline = [safe_decode(arg) for arg in archive.cmdline]
-                            new_archive_id = key.id_hash(data)
+                                data = key.pack_and_authenticate_metadata(archive.as_dict(), context=b'archive')
-                            cache.add_chunk(new_archive_id, data, stats)
+                                new_archive_id = key.id_hash(data)
-                            cache.chunk_decref(archive_id, stats)
+                                cache.add_chunk(new_archive_id, data, stats)
-                            manifest.archives[info.name] = (new_archive_id, info.ts)
+                                cache.chunk_decref(archive_id, stats)
-                            print(f"Added archive TAM:   {archive_formatted} -> [{bin_to_hex(new_archive_id)}]")
+                                manifest.archives[info.name] = (new_archive_id, info.ts)
                                print(f"Added archive TAM:   {archive_formatted} -> [{bin_to_hex(new_archive_id)}]")
                            else:
                                print(f"Archive TAM missing: {archive_formatted}")
                            archive_tam_issues += 1
                        else:
-                            print(f"Archive TAM missing: {archive_formatted}")
+                            print(f"Archive TAM present: {archive_formatted}")
-                        archive_tam_issues += 1
+                    if not read_only:
                        manifest.write()
                        repository.commit(compact=False)
                        cache.commit()
                        if archive_tam_issues > 0:
                            print(f"Fixed {archive_tam_issues} archives with TAM issues!")
                            print("All archives are TAM authenticated now.")
                        else:
                            print("All archives are TAM authenticated.")
                    else:
-                        print(f"Archive TAM present: {archive_formatted}")
+                        if archive_tam_issues > 0:
-                if not read_only:
+                            self.print_warning(f"Found {archive_tam_issues} archives with TAM issues!")
-                    manifest.write()
+                        else:
-                    repository.commit(compact=False)
+                            print("All archives are TAM authenticated.")
                    cache.commit()
                    if archive_tam_issues > 0:
                        print(f"Fixed {archive_tam_issues} archives with TAM issues!")
                        print("All archives are TAM authenticated now.")
                    else:
                        print("All archives are TAM authenticated.")
                else:
                    if archive_tam_issues > 0:
                        self.print_warning(f"Found {archive_tam_issues} archives with TAM issues!")
                    else:
                        print("All archives are TAM authenticated.")
        elif args.tam:
            manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
            if not manifest.tam_verified or not manifest.config.get(b'tam_required', False):
--- a/src/borg/helpers/init.py
+++ b/src/borg/helpers/init.py
@ -5,6 +5,7 @@ that did not fit better elsewhere.
 Code used to be in borg/helpers.py but was split into the modules in this
 package, which are imported into here for compatibility.
 """
 from contextlib import contextmanager
 from .checks import *  # NOQA
 from .datastruct import *  # NOQA
@ -27,6 +28,17 @@ from . import msgpack
 workarounds = tuple(os.environ.get('BORG_WORKAROUNDS', '').split(','))
@contextmanager
 def ignore_invalid_archive_tam():
    global workarounds
    saved = workarounds
    if 'ignore_invalid_archive_tam' not in workarounds:
        # we really need this workaround here or borg will likely raise an exception.
        workarounds += ('ignore_invalid_archive_tam',)
    yield
    workarounds = saved
 # element data type for warnings_list:
 warning_info = namedtuple("warning_info", "wc,msg,args,wt")