Environment variables interpolation does not work when using before/after hooks #860
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#860
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
I want to backup a database while performing some actions using the
before_backup
hook.Steps to reproduce
mariadb_databases
. Here is my configuration:borgmatic --stats --list --verbosity 1
)Actual behavior
Borgmatic exits with error code 1 and prints this:
Expected behavior
It should perform the backup successfully.
Other notes / implementation ideas
I tried hardcoding the password constant:
This way it works fine. That is why my guess is that environment variable iterpolation stops working when before/after hooks are set, even empty.
I had no idea what to try to be sure about that.
Note that environment variables exist and are set if I try to
echo
them inbefore_backup
hook.borgmatic version
1.8.10
borgmatic installation method
Docker container
Borg version
1.2.8
Python version
3.12.3
Database version (if applicable)
mariadb v11.2
Operating system and version
Alpine Linux 3.19.1
Thanks for filing this! Unfortunately I haven't been able to reproduce it thus far on my system. I've tried a very similar configuration: A constant consuming an environment variable, and then using that constant in included database configuration. It all works as expected here.
So a couple of ideas on how to proceed:
Let me know what you find out!
Thanks for your answer. Unfortunately, none of the solutions worked on my part.
I have provided you a sample repository for you to try to reproduce this error: https://github.com/valfur03/borgmatic-env-issue-860
Some additional notes, I have tested on both amd64 and armv8 architectures.
Thanks again for your help!
Thank you so much for setting up a sample repro! I have indeed managed to reproduce the issue with it, and it looks like what's going on is that borgmatic's constants code is very intentionally shell escaping all constant values, in theory to prevent shell injection attacks. Unfortunately that also prevents environment variable substitution within constant values, which is exactly what you're trying to do here. I'll have to think about what can be done about this.
Update! I have a fix in hand.. I just need to write tests for it. It turned out that there was already code to selectively apply the shell escaping logic, and it wasn't supposed to apply to constants used in database passwords, but it was being applied anyway. I'll let you know once this fix is pushed.
Okay, the fix is pushed and will be part of the next release. Thanks again!
I have tested locally and everything works fine!
Thank you so much for your help!
Awesome, glad to hear it!
Released in borgmatic 1.8.12!