rebuild_refcounts verifies and recreates the TAM.
Now it re-uses the salt, so that the archive ID does not change
just because of a new salt if the archive has still the same data.
Recent borg wrote TAM authenticated **archives**
even for unencrypted repos (encryption "none"),
so we also do that for the manifest.
It's kind of fake as there is no secret key involved then,
but it simplifies the code.
borg check (rebuild_manifest and rebuild_refcounts) drops archives without TAM,
so let's just always add the TAM.
for unencrypted repos (encryption=none) the TAM is insecure,
but without encryption and authentication, there is no expectation
of security anyway.
list: shows either "verified" or "none", depending on
whether a TAM auth tag could be verified or was
missing (old archives from borg < 1.0.9).
when loading an archive, we now try to verify the archive
TAM, but we do not require it. people might still have
old archives in their repos and we want to be able to
list such repos without fatal exceptions.
This part of the archive checker recreates the Archive
items (always, just in case some missing chunks needed
repairing).
When loading the Archive item, we now verify the TAM.
When saving the (potentially modified) Archive item,
we now (re-)generate the TAM.
Archives without a valid TAM are dropped rather than TAM-authenticated
when saving them. There shouldn't be any archives without a valid TAM:
- borg writes an archive TAM since long (1.0.9)
- users are expected to TAM-authenticate archives created
by older borg when upgrading to borg 1.2.5.
Also:
Archive.set_meta: TAM-authenticate new archive
This is also used by Archive.rename and .recreate.
This is an emergency workaround for authenticated repos
if the user has lost the borg key.
We can't compute the TAM key without the borg key, so just
skip all the TAM stuff.
This commit is a backport of the following commits to the `1.2-maint` branch:
commit 9edbf4e931
Author: Daniel Rudolf
Docs: Rewrite `borg check` docs
commit 9d59146de4
Author: Daniel Rudolf
Docs: Remove technical description from `borg check` docs
commit a661da13ee
Author: Daniel Rudolf
Docs: Improve explanation of `borg check --max-duration`'s side effects
commit 2647673dc8
Author: Daniel Rudolf
Docs: Improve `borg check` docs
`datetime.utcnow()` is deprecated since Python 3.12. This causes additional lines of
output and thus breaks the test suite. I was not sure if all borg internals are
ready to deal with timezone-aware datetime instances so tried to keep the changes
minimal.
Move the explanation below the general explanation of the `--keep-*` option
behavior rephrase the last sentence to make it clear that it works like the
other options that were explained in the previous paragraph.
Resolves#7687
(cherry picked from commit a6f452a050)
