From b3acff02c4897040b782f4d7f8030fb6d7c6a159 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sat, 19 Dec 2015 14:30:05 +0100 Subject: [PATCH] change encryption to be on by default (repokey mode) it's 2015, let's be safe-by-default and unsafe-as-option. also: show default mode in builtin help --- borg/archiver.py | 5 ++--- borg/remote.py | 2 +- borg/repository.py | 3 ++- borg/testsuite/archiver.py | 3 ++- docs/quickstart.rst | 5 +++-- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/borg/archiver.py b/borg/archiver.py index 6482861d6a1..302a4aa3632 100644 --- a/borg/archiver.py +++ b/borg/archiver.py @@ -64,7 +64,6 @@ def open_repository(self, args, create=False, exclusive=False, lock=True): repository = RemoteRepository(location, create=create, lock_wait=self.lock_wait, lock=lock, args=args) else: repository = Repository(location.path, create=create, exclusive=exclusive, lock_wait=self.lock_wait, lock=lock) - repository._location = location return repository def print_error(self, msg, *args): @@ -758,8 +757,8 @@ def build_parser(self, args=None, prog=None): type=location_validator(archive=False), help='repository to create') subparser.add_argument('-e', '--encryption', dest='encryption', - choices=('none', 'keyfile', 'repokey', 'passphrase'), default='none', - help='select encryption key mode') + choices=('none', 'keyfile', 'repokey', 'passphrase'), default='repokey', + help='select encryption key mode (default: "%(default)s")') check_epilog = textwrap.dedent(""" The check command verifies the consistency of a repository and the corresponding archives. diff --git a/borg/remote.py b/borg/remote.py index 116e7dbf4a0..7b15db6f8c7 100644 --- a/borg/remote.py +++ b/borg/remote.py @@ -130,7 +130,7 @@ def __init__(self, name): self.name = name def __init__(self, location, create=False, lock_wait=None, lock=True, args=None): - self.location = location + self.location = self._location = location self.preload_ids = [] self.msgid = 0 self.to_send = b'' diff --git a/borg/repository.py b/borg/repository.py index 3efa31b234c..b46fc76fea1 100644 --- a/borg/repository.py +++ b/borg/repository.py @@ -11,7 +11,7 @@ from zlib import crc32 import msgpack -from .helpers import Error, ErrorWithTraceback, IntegrityError, ProgressIndicatorPercent +from .helpers import Error, ErrorWithTraceback, IntegrityError, Location, ProgressIndicatorPercent from .hashindex import NSIndex from .locking import UpgradableLock, LockError, LockErrorT from .lrucache import LRUCache @@ -54,6 +54,7 @@ class ObjectNotFound(ErrorWithTraceback): def __init__(self, path, create=False, exclusive=False, lock_wait=None, lock=True): self.path = os.path.abspath(path) + self._location = Location('file://%s' % self.path) self.io = None self.lock = None self.index = None diff --git a/borg/testsuite/archiver.py b/borg/testsuite/archiver.py index caa297b2d5c..6ffe045f48d 100644 --- a/borg/testsuite/archiver.py +++ b/borg/testsuite/archiver.py @@ -92,7 +92,7 @@ def test_return_codes(cmd, tmpdir): input = tmpdir.mkdir('input') output = tmpdir.mkdir('output') input.join('test_file').write('content') - rc, out = cmd('init', '%s' % str(repo)) + rc, out = cmd('init', '--encryption=none', '%s' % str(repo)) assert rc == EXIT_SUCCESS rc, out = cmd('create', '%s::archive' % repo, str(input)) assert rc == EXIT_SUCCESS @@ -192,6 +192,7 @@ class ArchiverTestCaseBase(BaseTestCase): def setUp(self): os.environ['BORG_CHECK_I_KNOW_WHAT_I_AM_DOING'] = '1' os.environ['BORG_DELETE_I_KNOW_WHAT_I_AM_DOING'] = '1' + os.environ['BORG_PASSPHRASE'] = 'waytooeasyonlyfortests' self.archiver = not self.FORK_DEFAULT and Archiver() or None self.tmpdir = tempfile.mkdtemp() self.repository_path = os.path.join(self.tmpdir, 'repository') diff --git a/docs/quickstart.rst b/docs/quickstart.rst index 296321c185e..9f031f5ce94 100644 --- a/docs/quickstart.rst +++ b/docs/quickstart.rst @@ -146,9 +146,10 @@ Keep an eye on CPU load and throughput. Repository encryption --------------------- -Repository encryption is enabled at repository creation time:: +Repository encryption can be enabled or disabled at repository creation time +(the default is enabled, with `repokey` method):: - $ borg init --encryption=repokey|keyfile PATH + $ borg init --encryption=none|repokey|keyfile PATH When repository encryption is enabled all data is encrypted using 256-bit AES_ encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.