Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check: improve logging for TAM issues, fixes #7797 #7798

Merged
merged 1 commit into from
Sep 1, 2023
Merged

check: improve logging for TAM issues, fixes #7797 #7798

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/borg/archive.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1820,13 +1820,17 @@ def valid_archive(obj):
# are likely looking at an archive item here, also check the TAM authentication:
try:
archive, verified, _ = self.key.unpack_and_verify_archive(data, force_tam_not_required=False)
except IntegrityError:
except IntegrityError as integrity_error:
# TAM issues - do not accept this archive!
# either somebody is trying to attack us with a fake archive data or
# we have an ancient archive made before TAM was a thing (borg < 1.0.9) **and** this repo
# was not correctly upgraded to borg 1.2.5 (see advisory at top of the changelog).
# borg can't tell the difference, so it has to assume this archive might be an attack
# and drops this archive.
name = archive.get(b'name', b'<unknown>').decode('ascii', 'replace')
logger.error('Archive TAM authentication issue for archive %s: %s', name, integrity_error)
logger.error('This archive will *not* be added to the rebuilt manifest! It will be deleted.')
self.error_found = True
continue
# note: if we get here and verified is False, a TAM is not required.
archive = ArchiveItem(internal_dict=archive)
Expand Down Expand Up @@ -2071,6 +2075,7 @@ def valid_item(obj):
# when upgrading to borg 1.2.5, users are expected to TAM-authenticate all archives they
# trust, so there shouldn't be any without TAM.
logger.error('Archive TAM authentication issue for archive %s: %s', info.name, integrity_error)
logger.error('This archive will be *removed* from the manifest! It will be deleted.')
self.error_found = True
del self.manifest.archives[info.name]
continue
Expand Down
Loading