From ec4f42c9f85aed182e840f30f9bb01717c7ec592 Mon Sep 17 00:00:00 2001
From: Marian Beermann <public@enkore.de>
Date: Sun, 18 Dec 2016 21:45:19 +0100
Subject: [PATCH] init: explain manifest auth compatibility

---
 borg/archiver.py | 18 +++++++++++++++---
 borg/key.py      |  2 +-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/borg/archiver.py b/borg/archiver.py
index 037f3680d..9206a4b9d 100644
--- a/borg/archiver.py
+++ b/borg/archiver.py
@@ -127,7 +127,8 @@ class Archiver:
     @with_repository(create=True, exclusive=True, manifest=False)
     def do_init(self, args, repository):
         """Initialize an empty repository"""
-        logger.info('Initializing repository at "%s"' % args.location.canonical_path())
+        path = args.location.canonical_path()
+        logger.info('Initializing repository at "%s"' % path)
         key = key_creator(repository, args)
         manifest = Manifest(key, repository)
         manifest.key = key
@@ -135,8 +136,19 @@ class Archiver:
         repository.commit()
         with Cache(repository, key, manifest, warn_if_unencrypted=False):
             pass
-        tam_file = tam_required_file(repository)
-        open(tam_file, 'w').close()
+        if key.tam_required:
+            tam_file = tam_required_file(repository)
+            open(tam_file, 'w').close()
+            logger.warning(
+                '\n'
+                'By default repositories initialized with this version will produce security\n'
+                'errors if written to with an older version (up to and including Borg 1.0.8).\n'
+                '\n'
+                'If you want to use these older versions, you can disable the check by runnning:\n'
+                'borg upgrade --disable-tam \'%s\'\n'
+                '\n'
+                'See https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability '
+                'for details about the security implications.', path)
         return self.exit_code
 
     @with_repository(exclusive=True, manifest=False)
diff --git a/borg/key.py b/borg/key.py
index 318f8d0ed..3540ea58f 100644
--- a/borg/key.py
+++ b/borg/key.py
@@ -46,7 +46,7 @@ class RepoKeyNotFoundError(Error):
 
 class TAMRequiredError(IntegrityError):
     __doc__ = textwrap.dedent("""
-    Manifest is unauthenticated, but authentication is required for this repository.
+    Manifest is unauthenticated, but it is required for this repository.
 
     This either means that you are under attack, or that you modified this repository
     with a Borg version older than 1.0.9 after TAM authentication was enabled.