Skip to content

Commit

Permalink
change encryption to be on by default (repokey mode)
Browse files Browse the repository at this point in the history
it's 2015, let's be safe-by-default and unsafe-as-option.

also: show default mode in builtin help
  • Loading branch information
ThomasWaldmann committed Jan 15, 2016
1 parent 0b53701 commit b3acff0
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 8 deletions.
5 changes: 2 additions & 3 deletions borg/archiver.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ def open_repository(self, args, create=False, exclusive=False, lock=True):
repository = RemoteRepository(location, create=create, lock_wait=self.lock_wait, lock=lock, args=args)
else:
repository = Repository(location.path, create=create, exclusive=exclusive, lock_wait=self.lock_wait, lock=lock)
repository._location = location
return repository

def print_error(self, msg, *args):
Expand Down Expand Up @@ -758,8 +757,8 @@ def build_parser(self, args=None, prog=None):
type=location_validator(archive=False),
help='repository to create')
subparser.add_argument('-e', '--encryption', dest='encryption',
choices=('none', 'keyfile', 'repokey', 'passphrase'), default='none',
help='select encryption key mode')
choices=('none', 'keyfile', 'repokey', 'passphrase'), default='repokey',
help='select encryption key mode (default: "%(default)s")')

check_epilog = textwrap.dedent("""
The check command verifies the consistency of a repository and the corresponding archives.
Expand Down
2 changes: 1 addition & 1 deletion borg/remote.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def __init__(self, name):
self.name = name

def __init__(self, location, create=False, lock_wait=None, lock=True, args=None):
self.location = location
self.location = self._location = location
self.preload_ids = []
self.msgid = 0
self.to_send = b''
Expand Down
3 changes: 2 additions & 1 deletion borg/repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from zlib import crc32

import msgpack
from .helpers import Error, ErrorWithTraceback, IntegrityError, ProgressIndicatorPercent
from .helpers import Error, ErrorWithTraceback, IntegrityError, Location, ProgressIndicatorPercent
from .hashindex import NSIndex
from .locking import UpgradableLock, LockError, LockErrorT
from .lrucache import LRUCache
Expand Down Expand Up @@ -54,6 +54,7 @@ class ObjectNotFound(ErrorWithTraceback):

def __init__(self, path, create=False, exclusive=False, lock_wait=None, lock=True):
self.path = os.path.abspath(path)
self._location = Location('file://%s' % self.path)
self.io = None
self.lock = None
self.index = None
Expand Down
3 changes: 2 additions & 1 deletion borg/testsuite/archiver.py
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def test_return_codes(cmd, tmpdir):
input = tmpdir.mkdir('input')
output = tmpdir.mkdir('output')
input.join('test_file').write('content')
rc, out = cmd('init', '%s' % str(repo))
rc, out = cmd('init', '--encryption=none', '%s' % str(repo))
assert rc == EXIT_SUCCESS
rc, out = cmd('create', '%s::archive' % repo, str(input))
assert rc == EXIT_SUCCESS
Expand Down Expand Up @@ -192,6 +192,7 @@ class ArchiverTestCaseBase(BaseTestCase):
def setUp(self):
os.environ['BORG_CHECK_I_KNOW_WHAT_I_AM_DOING'] = '1'
os.environ['BORG_DELETE_I_KNOW_WHAT_I_AM_DOING'] = '1'
os.environ['BORG_PASSPHRASE'] = 'waytooeasyonlyfortests'
self.archiver = not self.FORK_DEFAULT and Archiver() or None
self.tmpdir = tempfile.mkdtemp()
self.repository_path = os.path.join(self.tmpdir, 'repository')
Expand Down
5 changes: 3 additions & 2 deletions docs/quickstart.rst
Original file line number Diff line number Diff line change
Expand Up @@ -146,9 +146,10 @@ Keep an eye on CPU load and throughput.
Repository encryption
---------------------

Repository encryption is enabled at repository creation time::
Repository encryption can be enabled or disabled at repository creation time
(the default is enabled, with `repokey` method)::

$ borg init --encryption=repokey|keyfile PATH
$ borg init --encryption=none|repokey|keyfile PATH

When repository encryption is enabled all data is encrypted using 256-bit AES_
encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.
Expand Down

0 comments on commit b3acff0

Please sign in to comment.