Backups include unnecessary config files #725
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#725
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
How to reproduce
Put several config files in a
conf.d/
directory and start withborgmatic -c conf.d
.a.yaml:
Same for
/etc/borgmatic.d/
andborgmatic
without arguments.Actual behavior
borgmatic includes all config files in all backups.
Expected behavior
I wouldn't have expected
b.yaml
to be included in a-backups and vice versa. I also think this could lead to leaked passphrases or other sensitive data.Environment
borgmatic version: 1.7.15
borgmatic installation method: pip
Borg version: 1.1.15, 1.2.4
Python version: 3.11
Database version (if applicable): n/a
operating system and version: Debian, macOS
Thanks for taking the time to file this. Config files are included in each repository in order to support the (soon-to-be documented)
config bootstrap
action. The idea is that you should be able to "bootstrap" a fresh system from your backups, and the first step in doing that is to extract all borgmatic configuration files so then borgmatic can work. If each repository only contained a partial set of the configuration files, that wouldn't be possible without multipleconfig bootstrap
invocations. Hope that makes sense.It absolutely makes sense, but I don't need
b.yaml
in my backup ofa
. The above example should maybe use two different repos to make this a bit clearer.The use case is to be able to give different clients or users different keys and be able to give them access to only their own repository.
I could iterate over the config files myself and invoke borgmatic for each of them separately, I guess, but some mechanism to do that for a single invocation would be nice.
… if /that/ makes sense.
That makes sense, although that change would make the bootstrap feature potentially less useful for other use cases. (Like restoring all configs with a single borgmatic command.) So here are a few different ideas on how to address this:
bootstrap
action from working, but it'd avoid leaking any information across repositories.bootstrap
action less useful, but it'd still work. And a user would have to intentionally opt in to this.borgmatic config bootstrap
command-line. I'm not a huge fan of this idea though, as: 1. It's encrypting something already store in an encrypted repository, and 2. borgmatic would have to get into the business of encryption, which right now it 100% farms out to Borg. The upshot though is you could still bootstrap with a single command (assuming you have the decryption key).I'm open to other ideas as well.
I would be happy about the first option over not having any choice at all. In my use case, automatic bootstrapping is not a key issue after system failure. Essentially, the system can be built from scratch and only data needs to be recovered afterwards.
For the second, I'm not familiar enough about the system to tell whether the effort is worth it, but it sounds ideal.
It should be opt-in in any case, I agree.
The third option seems too complicated, brittle and inelegant.
I discussed with witten that I'll implement the first option when I'm free from other GSoC tasks.
Implemented in main by @diivi via a new
store_config_files
option that can be set tofalse
. This will be part of the next release! Thanks again for the ticket.Just released in borgmatic 1.8.1!