1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-01-04 06:21:46 +00:00

keep key_type only in security dir

removed some code borg had for backwards compatibility with
old borg versions (that had key_type only in the cache).

now the repo key_type is only checked against the key-type
file in the security dir, simplifying the code.
This commit is contained in:
Thomas Waldmann 2024-06-01 19:36:02 +02:00
parent cf8c3a3ae7
commit 89d867ea30
No known key found for this signature in database
GPG key ID: 243ACFA951F78E01

View file

@ -154,10 +154,8 @@ def assert_no_manifest_replay(self, manifest, key, cache_config=None):
else: else:
raise Cache.RepositoryReplay() raise Cache.RepositoryReplay()
def assert_key_type(self, key, cache_config=None): def assert_key_type(self, key):
# Make sure an encrypted repository has not been swapped for an unencrypted repository # Make sure an encrypted repository has not been swapped for an unencrypted repository
if cache_config and cache_config.key_type is not None and cache_config.key_type != str(key.TYPE):
raise Cache.EncryptionMethodMismatch()
if self.known() and not self.key_matches(key): if self.known() and not self.key_matches(key):
raise Cache.EncryptionMethodMismatch() raise Cache.EncryptionMethodMismatch()
@ -178,7 +176,7 @@ def assert_secure(self, manifest, key, *, cache_config=None, warn_if_unencrypted
def _assert_secure(self, manifest, key, cache_config=None): def _assert_secure(self, manifest, key, cache_config=None):
self.assert_location_matches() self.assert_location_matches()
self.assert_key_type(key, cache_config) self.assert_key_type(key)
self.assert_no_manifest_replay(manifest, key, cache_config) self.assert_no_manifest_replay(manifest, key, cache_config)
if not self.known(): if not self.known():
logger.debug("security: remembering previously unknown repository") logger.debug("security: remembering previously unknown repository")
@ -261,7 +259,6 @@ def load(self):
self.id = self._config.get("cache", "repository") self.id = self._config.get("cache", "repository")
self.manifest_id = hex_to_bin(self._config.get("cache", "manifest")) self.manifest_id = hex_to_bin(self._config.get("cache", "manifest"))
self.timestamp = self._config.get("cache", "timestamp", fallback=None) self.timestamp = self._config.get("cache", "timestamp", fallback=None)
self.key_type = self._config.get("cache", "key_type", fallback=None)
self.ignored_features = set(parse_stringified_list(self._config.get("cache", "ignored_features", fallback=""))) self.ignored_features = set(parse_stringified_list(self._config.get("cache", "ignored_features", fallback="")))
self.mandatory_features = set( self.mandatory_features = set(
parse_stringified_list(self._config.get("cache", "mandatory_features", fallback="")) parse_stringified_list(self._config.get("cache", "mandatory_features", fallback=""))
@ -281,7 +278,7 @@ def load(self):
logger.debug("Cache integrity: No integrity data found (files, chunks). Cache is from old version.") logger.debug("Cache integrity: No integrity data found (files, chunks). Cache is from old version.")
self.integrity = {} self.integrity = {}
def save(self, manifest=None, key=None): def save(self, manifest=None):
if manifest: if manifest:
self._config.set("cache", "manifest", manifest.id_str) self._config.set("cache", "manifest", manifest.id_str)
self._config.set("cache", "timestamp", manifest.timestamp) self._config.set("cache", "timestamp", manifest.timestamp)
@ -292,8 +289,6 @@ def save(self, manifest=None, key=None):
for file, integrity_data in self.integrity.items(): for file, integrity_data in self.integrity.items():
self._config.set("integrity", file, integrity_data) self._config.set("integrity", file, integrity_data)
self._config.set("integrity", "manifest", manifest.id_str) self._config.set("integrity", "manifest", manifest.id_str)
if key:
self._config.set("cache", "key_type", str(key.TYPE))
with SaveFile(self.config_path) as fd: with SaveFile(self.config_path) as fd:
self._config.write(fd) self._config.write(fd)
@ -889,7 +884,7 @@ def commit(self):
self.chunks.write(fd) self.chunks.write(fd)
self.cache_config.integrity["chunks"] = fd.integrity_data self.cache_config.integrity["chunks"] = fd.integrity_data
pi.output("Saving cache config") pi.output("Saving cache config")
self.cache_config.save(self.manifest, self.key) self.cache_config.save(self.manifest)
os.replace(os.path.join(self.path, "txn.active"), os.path.join(self.path, "txn.tmp")) os.replace(os.path.join(self.path, "txn.active"), os.path.join(self.path, "txn.tmp"))
shutil.rmtree(os.path.join(self.path, "txn.tmp")) shutil.rmtree(os.path.join(self.path, "txn.tmp"))
self._txn_active = False self._txn_active = False
@ -1271,7 +1266,7 @@ def commit(self):
integrity_data = self._write_files_cache() integrity_data = self._write_files_cache()
self.cache_config.integrity[self.files_cache_name()] = integrity_data self.cache_config.integrity[self.files_cache_name()] = integrity_data
pi.output("Saving cache config") pi.output("Saving cache config")
self.cache_config.save(self.manifest, self.key) self.cache_config.save(self.manifest)
os.replace(os.path.join(self.path, "txn.active"), os.path.join(self.path, "txn.tmp")) os.replace(os.path.join(self.path, "txn.active"), os.path.join(self.path, "txn.tmp"))
shutil.rmtree(os.path.join(self.path, "txn.tmp")) shutil.rmtree(os.path.join(self.path, "txn.tmp"))
self._txn_active = False self._txn_active = False