mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-03-09 13:53:09 +00:00
Code Issues Releases Wiki Activity

upgrade --check-archives-tam: check archives tam status

Browse source 
This is a read-only variation of --archives-tam:
- it only checks / displays the current status
- it does not add / fix the archive TAMs
This commit is contained in:
Thomas Waldmann 2024-03-24 14:53:28 +01:00
parent b1053eefa5
commit 965c87bb0a
No known key found for this signature in database
GPG key ID: 243ACFA951F78E01
1 changed files with 22 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/borg/archiver.py
View file

@ -1609,10 +1609,11 @@ class Archiver:
str(cache),
DASHES, logger=logging.getLogger('borg.output.stats'))
@with_repository(fake=('tam', 'disable_tam', 'archives_tam'), invert_fake=True, manifest=False, exclusive=True)
@with_repository(fake=('tam', 'disable_tam', 'archives_tam', 'check_archives_tam'), invert_fake=True, manifest=False, exclusive=True)
def do_upgrade(self, args, repository, manifest=None, key=None):
"""upgrade a repository from a previous version"""
if args.archives_tam:
if args.archives_tam or args.check_archives_tam:
read_only = args.check_archives_tam
manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
with Cache(repository, key, manifest) as cache:
stats = Statistics()
@ -1622,20 +1623,25 @@ class Archiver:
cdata = repository.get(archive_id)
data = key.decrypt(archive_id, cdata)
archive, verified, _ = key.unpack_and_verify_archive(data, force_tam_not_required=True)
if not verified: # we do not have an archive TAM yet -> add TAM now!
archive = ArchiveItem(internal_dict=archive)
archive.cmdline = [safe_decode(arg) for arg in archive.cmdline]
data = key.pack_and_authenticate_metadata(archive.as_dict(), context=b'archive')
new_archive_id = key.id_hash(data)
cache.add_chunk(new_archive_id, data, stats)
cache.chunk_decref(archive_id, stats)
manifest.archives[info.name] = (new_archive_id, info.ts)
print(f"Added archive TAM: {archive_formatted} -> [{bin_to_hex(new_archive_id)}]")
if not verified:
if not read_only:
# we do not have an archive TAM yet -> add TAM now!
archive = ArchiveItem(internal_dict=archive)
archive.cmdline = [safe_decode(arg) for arg in archive.cmdline]
data = key.pack_and_authenticate_metadata(archive.as_dict(), context=b'archive')
new_archive_id = key.id_hash(data)
cache.add_chunk(new_archive_id, data, stats)
cache.chunk_decref(archive_id, stats)
manifest.archives[info.name] = (new_archive_id, info.ts)
print(f"Added archive TAM: {archive_formatted} -> [{bin_to_hex(new_archive_id)}]")
else:
print(f"Archive TAM missing: {archive_formatted}")
else:
print(f"Archive TAM present: {archive_formatted}")
manifest.write()
repository.commit(compact=False)
cache.commit()
if not read_only:
manifest.write()
repository.commit(compact=False)
cache.commit()
elif args.tam:
manifest, key = Manifest.load(repository, (Manifest.Operation.CHECK,), force_tam_not_required=args.force)
if not manifest.tam_verified or not manifest.config.get(b'tam_required', False):
@ -4986,6 +4992,8 @@ class Archiver:
help='Enable manifest authentication (in key and cache) (Borg 1.0.9 and later).')
subparser.add_argument('--disable-tam', dest='disable_tam', action='store_true',
help='Disable manifest authentication (in key and cache).')
subparser.add_argument('--check-archives-tam', dest='check_archives_tam', action='store_true',
help='check TAM authentication for all archives.')
subparser.add_argument('--archives-tam', dest='archives_tam', action='store_true',
help='add TAM authentication for all archives.')
subparser.add_argument('location', metavar='REPOSITORY', nargs='?', default='',