Something in 1.9.x broke BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK #939

Closed
opened 2024-11-18 10:25:32 +00:00 by spali · 3 comments

What I'm trying to do and why

I used BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK a lot with 1.8.14.
And since upgrade to 1.9.1 (assuming 1.9.0 is affected to) BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK does not work anymore via borgmatic. Only the borgmatic setting unknown_unencrypted_repo_access_is_ok in the configuration is working.
As this may be a workaround to use the setting, I would prefer to not have it set by default in the configuration and only using it situative when needed.

My use-case is monitoring a repo where the HOME is always fresh and doesn't know the repo.

Steps to reproduce

  1. execute any action against a existing repo that is already trusted.

  2. Temporarily set HOME to something else (i.e. /tmp).

  3. set BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK

export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
  1. execute any action on the same repo as before.

Actual behavior

it fails now as it's an "new untrusted" repo.

Warning: Attempting to access a previously unknown unencrypted repository!
Do you want to continue? [yN] no (from BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK)

Expected behavior

works without error and shows:
Do you want to continue? [yN] yes (from BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK)

Other notes / implementation ideas

No response

borgmatic version

1.9.1

borgmatic installation method

container (1.9.1)

Borg version

1.4.0

Python version

3.12.7

Database version (if applicable)

No response

Operating system and version

container (1.9.1) alpine linux 3.19.4

### What I'm trying to do and why I used `BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK` a lot with 1.8.14. And since upgrade to 1.9.1 (assuming 1.9.0 is affected to) `BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK` does not work anymore via borgmatic. Only the borgmatic setting `unknown_unencrypted_repo_access_is_ok` in the configuration is working. As this may be a workaround to use the setting, I would prefer to not have it set by default in the configuration and only using it situative when needed. My use-case is monitoring a repo where the `HOME` is always fresh and doesn't know the repo. ### Steps to reproduce 1. execute any action against a existing repo that is already trusted. 1. Temporarily set `HOME` to something else (i.e. /tmp). 1. set `BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK` ``` export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes ``` 1. execute any action on the same repo as before. ### Actual behavior it fails now as it's an "new untrusted" repo. ``` Warning: Attempting to access a previously unknown unencrypted repository! Do you want to continue? [yN] no (from BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK) ``` ### Expected behavior works without error and shows: `Do you want to continue? [yN] yes (from BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK)` ### Other notes / implementation ideas _No response_ ### borgmatic version 1.9.1 ### borgmatic installation method container (1.9.1) ### Borg version 1.4.0 ### Python version 3.12.7 ### Database version (if applicable) _No response_ ### Operating system and version container (1.9.1) alpine linux 3.19.4
Owner

Thanks for taking the time to report this. I think I know what happened here. The implementation of #914 changed borgmatic's behavior with respect to BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK. Instead of only setting that environment variable when the corresponding configuration option is set, borgmatic now sets that environment variable unconditionally, defaulting to no. That prevents Borg throwing up an interactive prompt when not run in interactive mode, which lead to an apparent hang since the user couldn't see the prompt.

So I think this has the side effect of now ignoring BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK if that environment variable is set outside of borgmatic. I think the fix is to further alter the logic to only set the environment variable if: 1. It's not already set in the environment, or 2. there's a configured borgmatic option for it.

Thanks for taking the time to report this. I think I know what happened here. The implementation of #914 changed borgmatic's behavior with respect to `BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK`. Instead of only setting that environment variable when the corresponding configuration option is set, borgmatic now sets that environment variable unconditionally, defaulting to `no`. That prevents Borg throwing up an interactive prompt when not run in interactive mode, which lead to an apparent hang since the user couldn't see the prompt. So I think this has the side effect of now ignoring `BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK` if that environment variable is set outside of borgmatic. I think the fix is to further alter the logic to only set the environment variable if: 1. It's not already set in the environment, or 2. there's a configured borgmatic option for it.
witten added the
bug
label 2024-11-18 17:23:55 +00:00
Owner

Fixed in main. This will be part of the next release! Thanks again.

Fixed in main. This will be part of the next release! Thanks again.
Owner

Released in borgmatic 1.9.2!

Released in borgmatic 1.9.2!
Sign in to join this conversation.
No Milestone
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#939
No description provided.