on_error and Apprise causing Borgmatic to fail backups #839
Labels
No Label
blocked
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#839
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
I'm trying to figure out why my Borgmatic + Apprise configuration stopped working from a Borgmatic update, when it was working fine before. The problematic config lines are the following:
Steps to reproduce
Try and run borgmatic with the configuration that includes the lines provided above
Actual behavior
It produces the following error:
It seems like the
{error}
variable does some quote escaping, which manages to escape out of the--body=""
quotes.Expected behavior
Borgmatic should not fail to run with this configuration, by doing the quote escaping properly or not at all.
Other notes / implementation ideas
Transferred from https://github.com/borgmatic-collective/docker-borgmatic/issues/306
borgmatic version
1.8.8
borgmatic installation method
Docker container
Borg version
1.2.7
Python version
3.11.5
Database version (if applicable)
N/A
Operating system and version
Slackware 15.0 (unRAID)
Thanks for (re)filing this! Since borgmatic #810 in 1.8.7, interpolated hook variables are escaped to prevent shell injection attacks, and so you are correct that escaping of the
{error}
value is what's causing problems here. Specifically, the problem looks to be that{error}
is escaped as if it was a single argument when in fact it's contained in quotes within your--body
value, ironically resulting in the "break-out" that causes the Apprise error you see.Unfortunately I'm not sure of a good way around this at the escaping level. That's because the escaping function I'm using (
shlex.escape()
) isn't smart enough to know about the context in which it's used. I'm open to suggestions though.However, I do have an idea for an alternative. If borgmatic's existing Apprise hook included support for sending logs (and therefore errors) to Apprise notification services, would that address your need here? I'm thinking of adding an optional
send_logs
flag that could be used as follows:That would cause full borgmatic logs to be added automatically to the Apprise
body
upon send.Anyway, let me know your thoughts!
EDIT: Moved
send_logs:
up a level, because I don't think it needs to be configurable per state.Yup, the
send_logs
flag would definitely be very useful! The main reason I want the log included in the notifying email is because it's a bit of a chore to dig through the Docker logs to figure out where the error is, especially if Borgmatic has since done more automated backups following the schedule.Okay, thanks. I'll work on getting
send_logs
supported. (It would still probably be a good idea to fix the escaping, but right now I don't have line of sight to a solution for that part.)send_logs
is now implemented in main, enabled by default without having to configure anything additional, and will be part of the next release! I also added alogs_size_limit
option underapprise:
which may be of use.Documentation is here: https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#apprise-hook
Feedback welcome.
I'm going to leave this ticket open a bit longer though to look at the original escaping issue when I get a chance.
Well, I ended up "fixing" the escaping issue by documenting around it. (See the bottom of that section.)
Hopefully though it's no longer as much of an issue now that the Apprise hook can do its own logging.
Calling this done for now.
Released in borgmatic 1.8.9!
Thank you @witten! Looking forward to testing it once it hits the Docker registry and pulls to my server :)