diff options
author | Thomas Waldmann <tw@waldmann-edv.de> | 2023-06-16 21:56:06 +0200 |
---|---|---|
committer | Thomas Waldmann <tw@waldmann-edv.de> | 2023-08-30 00:57:33 +0200 |
commit | 462c1bdf2e597bd2e276c8fea82c84fabc0b7244 (patch) | |
tree | 3ae99584efa52de9e0983fbc5265147830338f82 /src | |
parent | bfead4b288833f890523d8881797ff6b345edaf9 (diff) |
check: rebuild_refcounts verify and recreate TAM
This part of the archive checker recreates the Archive
items (always, just in case some missing chunks needed
repairing).
When loading the Archive item, we now verify the TAM.
When saving the (potentially modified) Archive item,
we now (re-)generate the TAM.
Archives without a valid TAM are dropped rather than TAM-authenticated
when saving them. There shouldn't be any archives without a valid TAM:
- borg writes an archive TAM since long (1.0.9)
- users are expected to TAM-authenticate archives created
by older borg when upgrading to borg 1.2.5.
Also:
Archive.set_meta: TAM-authenticate new archive
This is also used by Archive.rename and .recreate.
Diffstat (limited to 'src')
-rw-r--r-- | src/borg/archive.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/borg/archive.py b/src/borg/archive.py index ef4217a9b..5c5b8d2b6 100644 --- a/src/borg/archive.py +++ b/src/borg/archive.py @@ -1024,7 +1024,7 @@ Duration: {0.duration} setattr(metadata, key, value) if "items" in metadata: del metadata.items - data = msgpack.packb(metadata.as_dict()) + data = self.key.pack_and_authenticate_metadata(metadata.as_dict(), context=b"archive") new_id = self.key.id_hash(data) self.cache.add_chunk(new_id, {}, data, stats=self.stats) self.manifest.archives[self.name] = (new_id, metadata.time) @@ -2261,7 +2261,17 @@ class ArchiveChecker: self.error_found = True del self.manifest.archives[info.name] continue - archive = ArchiveItem(internal_dict=msgpack.unpackb(data)) + try: + archive, verified = self.key.unpack_and_verify_archive(data, force_tam_not_required=False) + except IntegrityError as integrity_error: + # looks like there is a TAM issue with this archive, this might be an attack! + # when upgrading to borg 1.2.5, users are expected to TAM-authenticate all archives they + # trust, so there shouldn't be any without TAM. + logger.error("Archive TAM authentication issue for archive %s: %s", info.name, integrity_error) + self.error_found = True + del self.manifest.archives[info.name] + continue + archive = ArchiveItem(internal_dict=archive) if archive.version != 2: raise Exception("Unknown archive metadata version") items_buffer = ChunkBuffer(self.key) @@ -2280,7 +2290,7 @@ class ArchiveChecker: archive.item_ptrs = archive_put_items( items_buffer.chunks, repo_objs=self.repo_objs, add_reference=add_reference ) - data = msgpack.packb(archive.as_dict()) + data = self.key.pack_and_authenticate_metadata(archive.as_dict(), context=b"archive") new_archive_id = self.key.id_hash(data) cdata = self.repo_objs.format(new_archive_id, {}, data) add_reference(new_archive_id, len(data), cdata) |