Merge pull request #2070 from ThomasWaldmann/release-1.1.0b3

Release 1.1.0b3
2017-01-15 19:54:46 +01:00 · 2017-01-15 19:54:46 +01:00 · 9c045806c2
parent 8fa63aff86 d67cc229f6
commit 9c045806c2
7 changed files with 57 additions and 28 deletions
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -2,6 +2,7 @@ include README.rst AUTHORS LICENSE CHANGES.rst MANIFEST.in
 graft src
 recursive-exclude src *.pyc
 recursive-exclude src *.pyo
+recursive-exclude src *.so
 recursive-include docs *
 recursive-exclude docs *.pyc
 recursive-exclude docs *.pyo
--- a/docs/changes.rst
+++ b/docs/changes.rst
@ -126,12 +126,13 @@ The best check that everything is ok is to run a dry-run extraction::
 Changelog
 =========

-Version 1.1.0b3 (not released yet)
----------------------------------
+Version 1.1.0b3 (2017-01-15)
+----------------------------

 Compatibility notes:

 - borg init: removed the default of "--encryption/-e", #1979
+  This was done so users do a informed decision about -e mode.

 Bug fixes:

@ -140,6 +141,7 @@ Bug fixes:
 - borg init: fix free space check crashing if disk is full, #1821
 - borg debug delete/get obj: fix wrong reference to exception
 - fix processing of remote ~/ and ~user/ paths (regressed since 1.1.0b1), #1759
+- posix platform module: only build / import on non-win32 platforms, #2041

 New features:

--- a/docs/usage/create.rst.inc
+++ b/docs/usage/create.rst.inc
@ -73,8 +73,12 @@ Description
 ~~~~~~~~~~~

 This command creates a backup archive containing all files found while recursively
-traversing all paths specified. The archive will consume almost no disk space for
-files or parts of files that have already been stored in other archives.
+traversing all paths specified. When giving '-' as path, borg will read data
+from standard input and create a file 'stdin' in the created archive from that
+data.
+
+The archive will consume almost no disk space for files or parts of files that
+have already been stored in other archives.

 The archive name needs to be unique. It must not end in '.checkpoint' or
 '.checkpoint.N' (with N being a number), because these names are used for
--- a/docs/usage/init.rst.inc
+++ b/docs/usage/init.rst.inc
@ -14,7 +14,7 @@ positional arguments

 optional arguments
    ``-e``, ``--encryption``
-        | select encryption key mode (default: "repokey")
+        | select encryption key mode (default: "None")
    ``-a``, ``--append-only``
        | create an append-only mode repository

@ -27,21 +27,22 @@ Description
 This command initializes an empty repository. A repository is a filesystem
 directory containing the deduplicated data from zero or more archives.

-Encryption can be enabled at repository init time (the default).
+Encryption can be enabled at repository init time.

-It is not recommended to disable encryption. Repository encryption protects you
-e.g. against the case that an attacker has access to your backup repository.
+It is not recommended to work without encryption. Repository encryption protects
+you e.g. against the case that an attacker has access to your backup repository.

 But be careful with the key / the passphrase:

-If you want "passphrase-only" security, use the repokey mode. The key will
-be stored inside the repository (in its "config" file). In above mentioned
-attack scenario, the attacker will have the key (but not the passphrase).
+If you want "passphrase-only" security, use one of the repokey modes. The
+key will be stored inside the repository (in its "config" file). In above
+mentioned attack scenario, the attacker will have the key (but not the
+passphrase).

-If you want "passphrase and having-the-key" security, use the keyfile mode.
-The key will be stored in your home directory (in .config/borg/keys). In
-the attack scenario, the attacker who has just access to your repo won't have
-the key (and also not the passphrase).
+If you want "passphrase and having-the-key" security, use one of the keyfile
+modes. The key will be stored in your home directory (in .config/borg/keys).
+In the attack scenario, the attacker who has just access to your repo won't
+have the key (and also not the passphrase).

 Make a backup copy of the key file (keyfile mode) or repo config file
 (repokey mode) and keep it at a safe place, so you still have the key in
@ -72,12 +73,27 @@ Encryption modes
 repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256 for
 authentication in an encrypt-then-MAC (EtM) construction. The chunk ID hash
 is HMAC-SHA256 as well (with a separate key).
+These modes are compatible with borg 1.0.x.

-repokey-blake2 and keyfile-blake2 use the same authenticated encryption, but
-use a keyed BLAKE2b-256 hash for the chunk ID hash.
+repokey-blake2 and keyfile-blake2 are also authenticated encryption modes,
+but use BLAKE2b-256 instead of HMAC-SHA256 for authentication. The chunk ID
+hash is a keyed BLAKE2b-256 hash.
+These modes are new and not compatible with borg 1.0.x.

 "authenticated" mode uses no encryption, but authenticates repository contents
-through the same keyed BLAKE2b-256 hash as the other blake2 modes.
-The key is stored like repokey.
+through the same keyed BLAKE2b-256 hash as the other blake2 modes (it uses it
+as chunk ID hash). The key is stored like repokey.
+This mode is new and not compatible with borg 1.0.x.
+
+"none" mode uses no encryption and no authentication. It uses sha256 as chunk
+ID hash. Not recommended, rather consider using an authenticated or
+authenticated/encrypted mode.
+This mode is compatible with borg 1.0.x.

 Hardware acceleration will be used automatically.
+
+On modern Intel/AMD CPUs (except very cheap ones), AES is usually hw
+accelerated. BLAKE2b is faster than sha256 on Intel/AMD 64bit CPUs.
+
+On modern ARM CPUs, NEON provides hw acceleration for sha256 making it faster
+than BLAKE2b-256 there.
--- a/docs/usage/prune.rst.inc
+++ b/docs/usage/prune.rst.inc
@ -17,6 +17,8 @@ optional arguments
        | do not change repository
    ``--force``
        | force pruning of corrupted archives
+    ``-p``, ``--progress``
+        | show progress display while deleting archives
    ``-s``, ``--stats``
        | print statistics for the deleted archive
    ``--list``
--- a/docs/usage/upgrade.rst.inc
+++ b/docs/usage/upgrade.rst.inc
@ -36,7 +36,7 @@ Description
 Upgrade an existing Borg repository.

 Borg 1.x.y upgrades
-------------------
+++++++++++++++++++

 Use ``borg upgrade --tam REPO`` to require manifest authentication
 introduced with Borg 1.0.9 to address security issues. This means
@ -58,7 +58,7 @@ https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoo
 for details.

 Attic and Borg 0.xx to Borg 1.x
-------------------------------
+++++++++++++++++++++++++++++++

 This currently supports converting an Attic repository to Borg and also
 helps with converting Borg 0.xx to 1.0.
--- a/src/borg/_crc32/clmul.c
+++ b/src/borg/_crc32/clmul.c
@ -74,10 +74,12 @@ static int
 have_clmul(void)
 {
    unsigned eax, ebx, ecx, edx;
+    int has_pclmulqdq;
+    int has_sse41;
    cpuid(1 /* feature bits */, &eax, &ebx, &ecx, &edx);

-    int has_pclmulqdq = ecx & 0x2; /* bit 1 */
-    int has_sse41 = ecx & 0x80000; /* bit 19 */
+    has_pclmulqdq = ecx & 0x2; /* bit 1 */
+    has_sse41 = ecx & 0x80000; /* bit 19 */

    return has_pclmulqdq && has_sse41;
 }
@ -345,6 +347,13 @@ crc32_clmul(const uint8_t *src, long len, uint32_t initial_crc)

    int first = 1;

+    /* fold 512 to 32 step variable declarations for ISO-C90 compat. */
+    const __m128i xmm_mask  = _mm_load_si128((__m128i *)crc_mask);
+    const __m128i xmm_mask2 = _mm_load_si128((__m128i *)crc_mask2);
+
+    uint32_t crc;
+    __m128i x_tmp0, x_tmp1, x_tmp2, crc_fold;
+
    if (len < 16) {
        if (len == 0)
            return initial_crc;
@ -464,11 +473,6 @@ done:
    (void)0;

    /* fold 512 to 32 */
-    const __m128i xmm_mask  = _mm_load_si128((__m128i *)crc_mask);
-    const __m128i xmm_mask2 = _mm_load_si128((__m128i *)crc_mask2);
-
-    uint32_t crc;
-    __m128i x_tmp0, x_tmp1, x_tmp2, crc_fold;

    /*
     * k1