mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-24 08:45:13 +00:00
Merge pull request #2070 from ThomasWaldmann/release-1.1.0b3
Release 1.1.0b3
This commit is contained in:
commit
9c045806c2
7 changed files with 57 additions and 28 deletions
|
@ -2,6 +2,7 @@ include README.rst AUTHORS LICENSE CHANGES.rst MANIFEST.in
|
|||
graft src
|
||||
recursive-exclude src *.pyc
|
||||
recursive-exclude src *.pyo
|
||||
recursive-exclude src *.so
|
||||
recursive-include docs *
|
||||
recursive-exclude docs *.pyc
|
||||
recursive-exclude docs *.pyo
|
||||
|
|
|
@ -126,12 +126,13 @@ The best check that everything is ok is to run a dry-run extraction::
|
|||
Changelog
|
||||
=========
|
||||
|
||||
Version 1.1.0b3 (not released yet)
|
||||
----------------------------------
|
||||
Version 1.1.0b3 (2017-01-15)
|
||||
----------------------------
|
||||
|
||||
Compatibility notes:
|
||||
|
||||
- borg init: removed the default of "--encryption/-e", #1979
|
||||
This was done so users do a informed decision about -e mode.
|
||||
|
||||
Bug fixes:
|
||||
|
||||
|
@ -140,6 +141,7 @@ Bug fixes:
|
|||
- borg init: fix free space check crashing if disk is full, #1821
|
||||
- borg debug delete/get obj: fix wrong reference to exception
|
||||
- fix processing of remote ~/ and ~user/ paths (regressed since 1.1.0b1), #1759
|
||||
- posix platform module: only build / import on non-win32 platforms, #2041
|
||||
|
||||
New features:
|
||||
|
||||
|
|
|
@ -73,8 +73,12 @@ Description
|
|||
~~~~~~~~~~~
|
||||
|
||||
This command creates a backup archive containing all files found while recursively
|
||||
traversing all paths specified. The archive will consume almost no disk space for
|
||||
files or parts of files that have already been stored in other archives.
|
||||
traversing all paths specified. When giving '-' as path, borg will read data
|
||||
from standard input and create a file 'stdin' in the created archive from that
|
||||
data.
|
||||
|
||||
The archive will consume almost no disk space for files or parts of files that
|
||||
have already been stored in other archives.
|
||||
|
||||
The archive name needs to be unique. It must not end in '.checkpoint' or
|
||||
'.checkpoint.N' (with N being a number), because these names are used for
|
||||
|
|
|
@ -14,7 +14,7 @@ positional arguments
|
|||
|
||||
optional arguments
|
||||
``-e``, ``--encryption``
|
||||
| select encryption key mode (default: "repokey")
|
||||
| select encryption key mode (default: "None")
|
||||
``-a``, ``--append-only``
|
||||
| create an append-only mode repository
|
||||
|
||||
|
@ -27,21 +27,22 @@ Description
|
|||
This command initializes an empty repository. A repository is a filesystem
|
||||
directory containing the deduplicated data from zero or more archives.
|
||||
|
||||
Encryption can be enabled at repository init time (the default).
|
||||
Encryption can be enabled at repository init time.
|
||||
|
||||
It is not recommended to disable encryption. Repository encryption protects you
|
||||
e.g. against the case that an attacker has access to your backup repository.
|
||||
It is not recommended to work without encryption. Repository encryption protects
|
||||
you e.g. against the case that an attacker has access to your backup repository.
|
||||
|
||||
But be careful with the key / the passphrase:
|
||||
|
||||
If you want "passphrase-only" security, use the repokey mode. The key will
|
||||
be stored inside the repository (in its "config" file). In above mentioned
|
||||
attack scenario, the attacker will have the key (but not the passphrase).
|
||||
If you want "passphrase-only" security, use one of the repokey modes. The
|
||||
key will be stored inside the repository (in its "config" file). In above
|
||||
mentioned attack scenario, the attacker will have the key (but not the
|
||||
passphrase).
|
||||
|
||||
If you want "passphrase and having-the-key" security, use the keyfile mode.
|
||||
The key will be stored in your home directory (in .config/borg/keys). In
|
||||
the attack scenario, the attacker who has just access to your repo won't have
|
||||
the key (and also not the passphrase).
|
||||
If you want "passphrase and having-the-key" security, use one of the keyfile
|
||||
modes. The key will be stored in your home directory (in .config/borg/keys).
|
||||
In the attack scenario, the attacker who has just access to your repo won't
|
||||
have the key (and also not the passphrase).
|
||||
|
||||
Make a backup copy of the key file (keyfile mode) or repo config file
|
||||
(repokey mode) and keep it at a safe place, so you still have the key in
|
||||
|
@ -72,12 +73,27 @@ Encryption modes
|
|||
repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256 for
|
||||
authentication in an encrypt-then-MAC (EtM) construction. The chunk ID hash
|
||||
is HMAC-SHA256 as well (with a separate key).
|
||||
These modes are compatible with borg 1.0.x.
|
||||
|
||||
repokey-blake2 and keyfile-blake2 use the same authenticated encryption, but
|
||||
use a keyed BLAKE2b-256 hash for the chunk ID hash.
|
||||
repokey-blake2 and keyfile-blake2 are also authenticated encryption modes,
|
||||
but use BLAKE2b-256 instead of HMAC-SHA256 for authentication. The chunk ID
|
||||
hash is a keyed BLAKE2b-256 hash.
|
||||
These modes are new and not compatible with borg 1.0.x.
|
||||
|
||||
"authenticated" mode uses no encryption, but authenticates repository contents
|
||||
through the same keyed BLAKE2b-256 hash as the other blake2 modes.
|
||||
The key is stored like repokey.
|
||||
through the same keyed BLAKE2b-256 hash as the other blake2 modes (it uses it
|
||||
as chunk ID hash). The key is stored like repokey.
|
||||
This mode is new and not compatible with borg 1.0.x.
|
||||
|
||||
"none" mode uses no encryption and no authentication. It uses sha256 as chunk
|
||||
ID hash. Not recommended, rather consider using an authenticated or
|
||||
authenticated/encrypted mode.
|
||||
This mode is compatible with borg 1.0.x.
|
||||
|
||||
Hardware acceleration will be used automatically.
|
||||
|
||||
On modern Intel/AMD CPUs (except very cheap ones), AES is usually hw
|
||||
accelerated. BLAKE2b is faster than sha256 on Intel/AMD 64bit CPUs.
|
||||
|
||||
On modern ARM CPUs, NEON provides hw acceleration for sha256 making it faster
|
||||
than BLAKE2b-256 there.
|
||||
|
|
|
@ -17,6 +17,8 @@ optional arguments
|
|||
| do not change repository
|
||||
``--force``
|
||||
| force pruning of corrupted archives
|
||||
``-p``, ``--progress``
|
||||
| show progress display while deleting archives
|
||||
``-s``, ``--stats``
|
||||
| print statistics for the deleted archive
|
||||
``--list``
|
||||
|
|
|
@ -36,7 +36,7 @@ Description
|
|||
Upgrade an existing Borg repository.
|
||||
|
||||
Borg 1.x.y upgrades
|
||||
-------------------
|
||||
+++++++++++++++++++
|
||||
|
||||
Use ``borg upgrade --tam REPO`` to require manifest authentication
|
||||
introduced with Borg 1.0.9 to address security issues. This means
|
||||
|
@ -58,7 +58,7 @@ https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoo
|
|||
for details.
|
||||
|
||||
Attic and Borg 0.xx to Borg 1.x
|
||||
-------------------------------
|
||||
+++++++++++++++++++++++++++++++
|
||||
|
||||
This currently supports converting an Attic repository to Borg and also
|
||||
helps with converting Borg 0.xx to 1.0.
|
||||
|
|
|
@ -74,10 +74,12 @@ static int
|
|||
have_clmul(void)
|
||||
{
|
||||
unsigned eax, ebx, ecx, edx;
|
||||
int has_pclmulqdq;
|
||||
int has_sse41;
|
||||
cpuid(1 /* feature bits */, &eax, &ebx, &ecx, &edx);
|
||||
|
||||
int has_pclmulqdq = ecx & 0x2; /* bit 1 */
|
||||
int has_sse41 = ecx & 0x80000; /* bit 19 */
|
||||
has_pclmulqdq = ecx & 0x2; /* bit 1 */
|
||||
has_sse41 = ecx & 0x80000; /* bit 19 */
|
||||
|
||||
return has_pclmulqdq && has_sse41;
|
||||
}
|
||||
|
@ -345,6 +347,13 @@ crc32_clmul(const uint8_t *src, long len, uint32_t initial_crc)
|
|||
|
||||
int first = 1;
|
||||
|
||||
/* fold 512 to 32 step variable declarations for ISO-C90 compat. */
|
||||
const __m128i xmm_mask = _mm_load_si128((__m128i *)crc_mask);
|
||||
const __m128i xmm_mask2 = _mm_load_si128((__m128i *)crc_mask2);
|
||||
|
||||
uint32_t crc;
|
||||
__m128i x_tmp0, x_tmp1, x_tmp2, crc_fold;
|
||||
|
||||
if (len < 16) {
|
||||
if (len == 0)
|
||||
return initial_crc;
|
||||
|
@ -464,11 +473,6 @@ done:
|
|||
(void)0;
|
||||
|
||||
/* fold 512 to 32 */
|
||||
const __m128i xmm_mask = _mm_load_si128((__m128i *)crc_mask);
|
||||
const __m128i xmm_mask2 = _mm_load_si128((__m128i *)crc_mask2);
|
||||
|
||||
uint32_t crc;
|
||||
__m128i x_tmp0, x_tmp1, x_tmp2, crc_fold;
|
||||
|
||||
/*
|
||||
* k1
|
||||
|
|
Loading…
Reference in a new issue