Closed Zelec closed 6 months ago
After a simple edit to change that elif line to say elif encryption == "repokey" or encryption == "repokey-blake2":
so far it appears to have done the trick.
# snapborg init
$ borg init --encryption repokey-blake2 --make-parent-dirs ssh://user@server:/~/Backups/borg/Laptop
By default repositories initialized with this version will produce security
errors if written to with an older version (up to and including Borg 1.0.8).
If you want to use these older versions, you can disable the check by running:
borg upgrade --disable-tam ssh://user@server:/~/Backups/borg/Laptop
See https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability for details about the security implications.
IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
If you used a repokey mode, the key is stored in the repo, but you should back it up separately.
Use "borg key export" to export the key, optionally in printable format.
Write down the passphrase. Store both at safe place(s).
# snapborg backup
Backing up snapshots for snapper config 'root'...
Backing up snapshot number 15 from 2024-01-14T13:00:05...
$ borg create --one-file-system --stats --exclude-caches --checkpoint-interval 600 --compression auto,zstd,4 --timestamp 2024-01-14T13:00:05 --progress ssh://user@server:/~/Backups/borg/Laptop::root-15-2024-01-14T13:00:05 .
I'll create a proper PR shortly
Solved by PR https://github.com/enzingerm/snapborg/pull/30
Currently testing snapborg to see if it will fit better for my usecase than manually snapshotting and using borgmatic directly,
In borg 1.1 repokey-blake2 was added to take advantage at how newer processors were able to process Blake2b faster than SHA256 https://borgbackup.readthedocs.io/en/stable/usage/init.html#more-encryption-modes
Got this bug when I attempted to set the encryption to "repokey-blake2"
From a rudimentary look, it looks like an edit on line 117 in borg.py would need to be added to have the elif evaluate for either repokey or repokey-blake2
I haven't done an extensive look to ensure this is the only spot that needs changing, but I may take this upon myself to test & work out if that is all that is needed and put in a PR.