mirror of https://github.com/borgbackup/borg.git
Merge pull request #7901 from ThomasWaldmann/update-docs-1.2
Update docs (1.2-maint)
This commit is contained in:
commit
cf5c61644b
|
@ -33,14 +33,17 @@ Below, if we speak of borg 1.2.6, we mean a borg version >= 1.2.6 **or** a
|
|||
borg version that has the relevant security patches for this vulnerability applied
|
||||
(could be also an older version in that case).
|
||||
|
||||
Steps you must take to upgrade a repository:
|
||||
Steps you must take to upgrade a repository (this applies to all kinds of repos
|
||||
no matter what encryption mode they use, including "none"):
|
||||
|
||||
1. Upgrade all clients using this repository to borg 1.2.6.
|
||||
Note: it is not required to upgrade a server, except if the server-side borg
|
||||
is also used as a client (and not just for "borg serve").
|
||||
|
||||
Do **not** run ``borg check`` with borg > 1.2.4 before completing the upgrade steps.
|
||||
Do **not** run ``borg check`` with borg 1.2.6 before completing the upgrade steps:
|
||||
|
||||
- ``borg check`` would complain about archives without a valid archive TAM.
|
||||
- ``borg check --repair`` would remove such archives!
|
||||
2. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg info --debug <repo> 2>&1 | grep TAM | grep -i manifest``.
|
||||
|
||||
a) If you get "TAM-verified manifest", continue with 3.
|
||||
|
@ -307,6 +310,8 @@ Some things can be recommended for the upgrade process from borg 1.1.x
|
|||
- if you want to play safer, first **create a backup of your borg repository**.
|
||||
- upgrade to latest borg 1.2.x release (you could use the fat binary from
|
||||
github releases page)
|
||||
- borg 1.2.6 has a security fix for the pre-1.2.5 archives spoofing vulnerability
|
||||
(CVE-2023-36811), see details and necessary upgrade procedure described above.
|
||||
- run `borg compact --cleanup-commits` to clean up a ton of 17 bytes long files
|
||||
in your repo caused by a borg 1.1 bug
|
||||
- run `borg check` again (now with borg 1.2.x) and check if there is anything
|
||||
|
@ -315,8 +320,6 @@ Some things can be recommended for the upgrade process from borg 1.1.x
|
|||
take significant time, but after that it will be fast) - for more details
|
||||
see below.
|
||||
- check the compatibility notes (see below) and adapt your scripts, if needed.
|
||||
- borg 1.2.5 has a security fix for the pre-1.2.5 archives spoofing vulnerability
|
||||
(CVE-2023-36811), see details and necessary upgrade procedure described above.
|
||||
- if you run into any issues, please check the github issue tracker before
|
||||
posting new issues there or elsewhere.
|
||||
|
||||
|
|
|
@ -113,6 +113,9 @@ run into this by yourself by restoring an older copy of your repository.
|
|||
"attack": maybe an attacker has replaced your repo by an older copy, trying to
|
||||
trick you into AES counter reuse, trying to break your repo encryption.
|
||||
|
||||
Borg users have also reported that fs issues (like hw issues / I/O errors causing
|
||||
the fs to become read-only) can cause this warning, see :issue:`7853`.
|
||||
|
||||
If you'ld decide to ignore this and accept unsafe operation for this repository,
|
||||
you could delete the manifest-timestamp and the local cache:
|
||||
|
||||
|
|
Loading…
Reference in New Issue