bormatic 1.9.9 breaks my pass command #987

New Issue

christian-heusel · 2025-02-04T00:30:59Z

christian-heusel commented

2025-02-04 00:30:59 +00:00

What I'm trying to do and why

I'm just trying to do basic repo listing which fails with bormatic version 1.9.9 and works with 1.9.8. This looks related to the changes in #961.

Steps to reproduce

have borgmatic with passcommand
upgrade to latest version
notice login failure

Actual behavior

$ sudo borgmatic --version
1.9.9
$ sudo borgmatic list
nas: Listing archives
passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.
nas: Error running actions for repository
nas: Command 'borg list --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52.
/etc/borgmatic/config.yaml: An error occurred

summary:
An error occurred
Error running actions for repository
passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.
Command 'borg list --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52.

Need some help? https://torsion.org/borgmatic/#issues

Expected behavior

$ sudo borgmatic --version
1.9.8
$ sudo borgmatic list     
nas: Listing archives
meterpeter-2023-12-31T13:10:25.391567 Sun, 2023-12-31 13:10:28 [aa9eccd2daabe26f96e02d0a4b2801dc5a95b343cf476e129d99d2d3ac2eedec]
meterpeter-2024-07-31T02:33:57.128069 Wed, 2024-07-31 02:34:00 [e2324790989423cda0056b1e8b3cbac1c225b27b8a34dccd68de682d4bbf65e2]
meterpeter-2024-08-26T18:26:02.570490 Mon, 2024-08-26 18:26:06 [b0dd8ef7e401ff9756648d5a6d972e5522774d9f23db55efcf5502a6be1266c1]
meterpeter-2024-09-30T02:50:15.533660 Mon, 2024-09-30 02:50:18 [471c74b901b09716990f24e605f54264f4fefc26132d5ec4eec80e3b8e6152a4]
meterpeter-2024-10-30T01:05:36.138509 Wed, 2024-10-30 01:05:40 [aa7e33f50dc7691356e9b7ed936e8006baab9d055197a996aea99290cdeeca20]
meterpeter-2024-11-30T00:27:34.857783 Sat, 2024-11-30 00:27:38 [36c1fcd782f5b8698fac52f68b365fb88ba8b3b808e80d81408733664a2353f8]
meterpeter-2024-12-21T09:30:50.062025 Sat, 2024-12-21 09:30:54 [ada4ed6afa7ee22a1798cfdd7a3be9e862fa20ca81da9d01fd15abb9045c2fa5]
meterpeter-2024-12-24T00:49:20.947790 Tue, 2024-12-24 00:49:24 [32f24508d6597736bf67a1c29191b5a308b49acbf5ae04ffba207b1729cfeb2c]
meterpeter-2024-12-31T00:33:59.832073 Tue, 2024-12-31 00:34:04 [6131692973497140485fc2fd441be34c38e423758ee1f12f068d8f25a1edab4f]
meterpeter-2025-01-04T02:55:48.337777 Sat, 2025-01-04 02:55:51 [0683ad0a4a2ff706466e0ab41cdf14f5842425156dc5ee9aa0e67346f403dd53]
meterpeter-2025-01-12T01:54:39.604973 Sun, 2025-01-12 01:54:42 [58823bb679c7656516bad220c6b3852e1b5771fc4e2947c48b4ffae88e928cee]
meterpeter-2025-01-17T00:13:30.014655 Fri, 2025-01-17 00:13:33 [73541f7bab5b5a17554397617de9a75186754aa425bbdd305e6087a32ad1918d]
meterpeter-2025-01-18T01:15:21.952723 Sat, 2025-01-18 01:15:26 [88502e9e40c71b6078e047255a975306b19f754c5e23032bd36e40a2b8e92bc2]
meterpeter-2025-01-19T00:22:49.178169 Sun, 2025-01-19 00:22:54 [44b6d81e80845d467e67245ae52482cb1082713ceeff9d59670217df8067553a]
meterpeter-2025-01-20T00:29:49.284974 Mon, 2025-01-20 00:29:52 [8cb585663d967abc9769be7666dcb960134cea00c6ec66cb5f9c661063faa494]
meterpeter-2025-01-21T00:44:29.961857 Tue, 2025-01-21 00:44:34 [8931cecf39556aa0bef33309308f9971eef10e30c3b85dbdcbec3b0d771aafe6]
meterpeter-2025-01-22T02:46:18.523440 Wed, 2025-01-22 02:46:22 [91f2222a901e99db94e20c35cfe903aa29413cc386186771b27e32e2e62d45b1]
meterpeter-2025-01-24T01:54:59.100930 Fri, 2025-01-24 01:55:01 [02665b51c62e695c02c19fba3c1c7a06e5c233548ea91c24a6faff7f67fd362f]
meterpeter-2025-01-28T01:32:52.261884 Tue, 2025-01-28 01:32:56 [9f0810932da6feebbf2dd9610cdab719813858a5107fc153515708339194fd28]
meterpeter-2025-01-29T02:33:56.037784 Wed, 2025-01-29 02:34:00 [40b02e41de41387457752640b03ad19e63a80ec8718fae13f1c0cd8d39962716]
meterpeter-2025-01-30T02:11:05.450363 Thu, 2025-01-30 02:11:08 [f2c9cd880ab0c1d47d46febc6a203cf4c1a274ef88d021d8e958745ac3065d33]
meterpeter-2025-01-31T00:15:38.958786 Fri, 2025-01-31 00:15:42 [bcbf309c164e51a33b3c4c4365b1252a69446651692f60d8eded1bd398ff70f6]
meterpeter-2025-02-01T02:04:53.505990 Sat, 2025-02-01 02:04:58 [0db6958b01b1ca70ebb1e9e62e49b136805af5dd2dfb5d36457667ae1427553f]
meterpeter-2025-02-02T01:34:46.119985 Sun, 2025-02-02 01:34:49 [9ca0aee70b747deb387e1ef1460f27f778239426797f6a8c0b41bdd8c2e92fc5]

Other notes / implementation ideas

This is my config (without comments):

source_directories:
    - /root
    - /etc
    - /home/chris
    - /var/log/
repositories:
    - path: ssh://{hostname}@100.64.0.6/./borgmatic
      label: nas
exclude_if_present:
    - .nobackup
encryption_passcommand: cat /etc/borgmatic/repo_passwd.txt
encryption_passphrase: ""
ssh_command: ssh -i /root/.ssh/id_rsa
keep_hourly: 6
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
keep_yearly: 1

borgmatic version

1.9.9

borgmatic installation method

Arch Linux packge

Borg version

borg 1.4.0

Python version

Python 3.13.1

Database version (if applicable)

No response

Operating system and version

Arch Linux (rolling)

### What I'm trying to do and why I'm just trying to do basic repo listing which fails with `bormatic` version `1.9.9` and works with `1.9.8`. This looks related to the changes in #961. ### Steps to reproduce 1. have borgmatic with passcommand 2. upgrade to latest version 3. notice login failure ### Actual behavior ``` $ sudo borgmatic --version 1.9.9 $ sudo borgmatic list nas: Listing archives passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect. nas: Error running actions for repository nas: Command 'borg list --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52. /etc/borgmatic/config.yaml: An error occurred summary: An error occurred Error running actions for repository passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect. Command 'borg list --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52. Need some help? https://torsion.org/borgmatic/#issues ``` ### Expected behavior ``` $ sudo borgmatic --version 1.9.8 $ sudo borgmatic list nas: Listing archives meterpeter-2023-12-31T13:10:25.391567 Sun, 2023-12-31 13:10:28 [aa9eccd2daabe26f96e02d0a4b2801dc5a95b343cf476e129d99d2d3ac2eedec] meterpeter-2024-07-31T02:33:57.128069 Wed, 2024-07-31 02:34:00 [e2324790989423cda0056b1e8b3cbac1c225b27b8a34dccd68de682d4bbf65e2] meterpeter-2024-08-26T18:26:02.570490 Mon, 2024-08-26 18:26:06 [b0dd8ef7e401ff9756648d5a6d972e5522774d9f23db55efcf5502a6be1266c1] meterpeter-2024-09-30T02:50:15.533660 Mon, 2024-09-30 02:50:18 [471c74b901b09716990f24e605f54264f4fefc26132d5ec4eec80e3b8e6152a4] meterpeter-2024-10-30T01:05:36.138509 Wed, 2024-10-30 01:05:40 [aa7e33f50dc7691356e9b7ed936e8006baab9d055197a996aea99290cdeeca20] meterpeter-2024-11-30T00:27:34.857783 Sat, 2024-11-30 00:27:38 [36c1fcd782f5b8698fac52f68b365fb88ba8b3b808e80d81408733664a2353f8] meterpeter-2024-12-21T09:30:50.062025 Sat, 2024-12-21 09:30:54 [ada4ed6afa7ee22a1798cfdd7a3be9e862fa20ca81da9d01fd15abb9045c2fa5] meterpeter-2024-12-24T00:49:20.947790 Tue, 2024-12-24 00:49:24 [32f24508d6597736bf67a1c29191b5a308b49acbf5ae04ffba207b1729cfeb2c] meterpeter-2024-12-31T00:33:59.832073 Tue, 2024-12-31 00:34:04 [6131692973497140485fc2fd441be34c38e423758ee1f12f068d8f25a1edab4f] meterpeter-2025-01-04T02:55:48.337777 Sat, 2025-01-04 02:55:51 [0683ad0a4a2ff706466e0ab41cdf14f5842425156dc5ee9aa0e67346f403dd53] meterpeter-2025-01-12T01:54:39.604973 Sun, 2025-01-12 01:54:42 [58823bb679c7656516bad220c6b3852e1b5771fc4e2947c48b4ffae88e928cee] meterpeter-2025-01-17T00:13:30.014655 Fri, 2025-01-17 00:13:33 [73541f7bab5b5a17554397617de9a75186754aa425bbdd305e6087a32ad1918d] meterpeter-2025-01-18T01:15:21.952723 Sat, 2025-01-18 01:15:26 [88502e9e40c71b6078e047255a975306b19f754c5e23032bd36e40a2b8e92bc2] meterpeter-2025-01-19T00:22:49.178169 Sun, 2025-01-19 00:22:54 [44b6d81e80845d467e67245ae52482cb1082713ceeff9d59670217df8067553a] meterpeter-2025-01-20T00:29:49.284974 Mon, 2025-01-20 00:29:52 [8cb585663d967abc9769be7666dcb960134cea00c6ec66cb5f9c661063faa494] meterpeter-2025-01-21T00:44:29.961857 Tue, 2025-01-21 00:44:34 [8931cecf39556aa0bef33309308f9971eef10e30c3b85dbdcbec3b0d771aafe6] meterpeter-2025-01-22T02:46:18.523440 Wed, 2025-01-22 02:46:22 [91f2222a901e99db94e20c35cfe903aa29413cc386186771b27e32e2e62d45b1] meterpeter-2025-01-24T01:54:59.100930 Fri, 2025-01-24 01:55:01 [02665b51c62e695c02c19fba3c1c7a06e5c233548ea91c24a6faff7f67fd362f] meterpeter-2025-01-28T01:32:52.261884 Tue, 2025-01-28 01:32:56 [9f0810932da6feebbf2dd9610cdab719813858a5107fc153515708339194fd28] meterpeter-2025-01-29T02:33:56.037784 Wed, 2025-01-29 02:34:00 [40b02e41de41387457752640b03ad19e63a80ec8718fae13f1c0cd8d39962716] meterpeter-2025-01-30T02:11:05.450363 Thu, 2025-01-30 02:11:08 [f2c9cd880ab0c1d47d46febc6a203cf4c1a274ef88d021d8e958745ac3065d33] meterpeter-2025-01-31T00:15:38.958786 Fri, 2025-01-31 00:15:42 [bcbf309c164e51a33b3c4c4365b1252a69446651692f60d8eded1bd398ff70f6] meterpeter-2025-02-01T02:04:53.505990 Sat, 2025-02-01 02:04:58 [0db6958b01b1ca70ebb1e9e62e49b136805af5dd2dfb5d36457667ae1427553f] meterpeter-2025-02-02T01:34:46.119985 Sun, 2025-02-02 01:34:49 [9ca0aee70b747deb387e1ef1460f27f778239426797f6a8c0b41bdd8c2e92fc5] ``` ### Other notes / implementation ideas This is my config (without comments): ```yaml source_directories: - /root - /etc - /home/chris - /var/log/ repositories: - path: ssh://{hostname}@100.64.0.6/./borgmatic label: nas exclude_if_present: - .nobackup encryption_passcommand: cat /etc/borgmatic/repo_passwd.txt encryption_passphrase: "" ssh_command: ssh -i /root/.ssh/id_rsa keep_hourly: 6 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 keep_yearly: 1 ``` ### borgmatic version 1.9.9 ### borgmatic installation method Arch Linux packge ### Borg version borg 1.4.0 ### Python version Python 3.13.1 ### Database version (if applicable) _No response_ ### Operating system and version Arch Linux (rolling)

witten commented

2025-02-04 00:39:32 +00:00

Thanks for filing this! Are you intending your passphrase to come from encryption_passphrase or the command run by encryption_passcommand? And is that the actual value the passphrase is set to ("").. or did you redact it? Because borgmatic 1.9.9's behavior, if encryption_passphrase is set, is to ignore encryption_passcommand and issue a warning about that to the log. This is intended to mimic Borg's native behavior.

So if you intend encryption_passcommand to be used, then remove or comment out encryption_passphrase. But if you intend encryption_passphrase to be used here, then I guess.. do you intend for it to be blank? Because that might be causing borgmatic to interpret it as "not set," which one might consider a bug.

Thanks for filing this! Are you intending your passphrase to come from `encryption_passphrase` or the command run by `encryption_passcommand`? And is that the actual value the passphrase is set to (`""`).. or did you redact it? Because borgmatic 1.9.9's behavior, if `encryption_passphrase` is set, is to ignore `encryption_passcommand` and issue a warning about that to the log. This is intended to mimic Borg's native behavior. So if you intend `encryption_passcommand` to be used, then remove or comment out `encryption_passphrase`. But if you intend `encryption_passphrase` to be used here, then I guess.. do you intend for it to be blank? Because that might be causing borgmatic to interpret it as "not set," which one might consider a bug.

christian-heusel commented

2025-02-04 00:44:09 +00:00

Fair point! However even with that part commented out it does not work, this is the new config (with exclude patters stripped) that still fails:

source_directories:
    - /root
    - /etc
    - /home/chris
    - /var/log/
repositories:
    - path: ssh://{hostname}@100.64.0.6/./borgmatic
      label: nas
exclude_if_present:
    - .nobackup
encryption_passcommand: cat /etc/borgmatic/repo_passwd.txt
ssh_command: ssh -i /root/.ssh/id_rsa
keep_hourly: 6
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
keep_yearly: 1

Fair point! However even with that part commented out it does not work, this is the new config (with exclude patters stripped) that still fails: ```yaml source_directories: - /root - /etc - /home/chris - /var/log/ repositories: - path: ssh://{hostname}@100.64.0.6/./borgmatic label: nas exclude_if_present: - .nobackup encryption_passcommand: cat /etc/borgmatic/repo_passwd.txt ssh_command: ssh -i /root/.ssh/id_rsa keep_hourly: 6 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 keep_yearly: 1 ```

witten commented

2025-02-04 00:51:23 +00:00

Interesting! Could I see your (redacted) logs for the full run with --verbosity 2?

Interesting! Could I see your (redacted) logs for the full run with `--verbosity 2`?

christian-heusel commented

2025-02-04 00:56:14 +00:00

I think it's self redacted? If there's still anything sensitive in there please point it out and I'll rotate my creds 😆

Anyways, here are the logs:

$ sudo borgmatic list --verbosity 2
/etc/borgmatic/config.yaml: cat /etc/borgmatic/repo_passwd.txt
/etc/borgmatic/config.yaml: BORG_RSH=*** BORG_PASSPHRASE_FD=*** BORG_RELOCATED_REPO_ACCESS_IS_OK=*** BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=*** BORG_EXIT_CODES=*** borg --version --debug --show-rc
/etc/borgmatic/config.yaml: Borg 1.4.0
nas: Running actions for repository
nas: No commands to run for pre-actions hook
nas: Listing archives
nas: BORG_RSH=*** BORG_PASSPHRASE_FD=*** BORG_RELOCATED_REPO_ACCESS_IS_OK=*** BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=*** BORG_EXIT_CODES=*** borg list --glob-archives {hostname}-* --json ssh://{hostname}@100.64.0.6/./borgmatic
nas: BORG_RSH=*** BORG_PASSPHRASE_FD=*** BORG_RELOCATED_REPO_ACCESS_IS_OK=*** BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=*** BORG_EXIT_CODES=*** borg list --debug --show-rc --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic
using builtin fallback logging configuration
33 self tests completed in 0.10 seconds
SSH command line: ['ssh', '-i', '/root/.ssh/id_rsa', 'meterpeter@100.64.0.6', 'borg', 'serve', '--debug']
Remote: using builtin fallback logging configuration
Remote: 33 self tests completed in 0.25 seconds
Remote: using builtin fallback logging configuration
Remote: Initialized logging system for JSON-based protocol
Remote: Resolving repository path b'/./borgmatic'
Remote: Resolved repository path to '/backups/meterpeter/borgmatic'
Remote: Verified integrity of /backups/meterpeter/borgmatic/index.5007
RemoteRepository: 239 B bytes sent, 4.32 kB bytes received, 6 messages sent
passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.
Traceback (most recent call last):
  File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5391, in main
    exit_code = archiver.run(args)
  File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5309, in run
    rc = func(args)
  File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 178, in wrapper
    kwargs['manifest'], kwargs['key'] = Manifest.load(repository, compatibility)
                                        ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/borg/helpers/manifest.py", line 190, in load
    key = key_factory(repository, cdata)
  File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 165, in key_factory
    return identify_key(manifest_data).detect(repository, manifest_data)
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 680, in detect
    raise PassphraseWrong
borg.crypto.key.PassphraseWrong: passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.
Platform: Linux meterpeter 6.14.0-rc1-1-mainline #1 SMP PREEMPT_DYNAMIC Mon, 03 Feb 2025 12:52:24 +0000 x86_64
Linux: Unknown Linux
Borg: 1.4.0  Python: CPython 3.13.1 msgpack: 1.0.5 fuse: None [pyfuse3,llfuse]
PID: 212708  CWD: /home/chris/Documents/shared_projects/packages
sys.argv: ['/usr/bin/borg', 'list', '--debug', '--show-rc', '--glob-archives', '{hostname}-*', 'ssh://{hostname}@100.64.0.6/./borgmatic']
SSH_ORIGINAL_COMMAND: None
terminating with error status, rc 52
nas: Error running actions for repository
nas: Command 'borg list --debug --show-rc --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52.
/etc/borgmatic/config.yaml: An error occurred

summary:
/etc/borgmatic/config.yaml: Loading configuration file
An error occurred
Error running actions for repository
...
RemoteRepository: 239 B bytes sent, 4.32 kB bytes received, 6 messages sent
passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.
Traceback (most recent call last):
  File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5391, in main
    exit_code = archiver.run(args)
  File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5309, in run
    rc = func(args)
  File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 178, in wrapper
    kwargs['manifest'], kwargs['key'] = Manifest.load(repository, compatibility)
                                        ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/borg/helpers/manifest.py", line 190, in load
    key = key_factory(repository, cdata)
  File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 165, in key_factory
    return identify_key(manifest_data).detect(repository, manifest_data)
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 680, in detect
    raise PassphraseWrong
borg.crypto.key.PassphraseWrong: passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.
Platform: Linux meterpeter 6.14.0-rc1-1-mainline #1 SMP PREEMPT_DYNAMIC Mon, 03 Feb 2025 12:52:24 +0000 x86_64
Linux: Unknown Linux
Borg: 1.4.0  Python: CPython 3.13.1 msgpack: 1.0.5 fuse: None [pyfuse3,llfuse]
PID: 212708  CWD: /home/chris/Documents/shared_projects/packages
sys.argv: ['/usr/bin/borg', 'list', '--debug', '--show-rc', '--glob-archives', '{hostname}-*', 'ssh://{hostname}@100.64.0.6/./borgmatic']
SSH_ORIGINAL_COMMAND: None
terminating with error status, rc 52
Command 'borg list --debug --show-rc --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52.

Need some help? https://torsion.org/borgmatic/#issues

I think it's self redacted? If there's still anything sensitive in there please point it out and I'll rotate my creds 😆 Anyways, here are the logs: ``` $ sudo borgmatic list --verbosity 2 /etc/borgmatic/config.yaml: cat /etc/borgmatic/repo_passwd.txt /etc/borgmatic/config.yaml: BORG_RSH=*** BORG_PASSPHRASE_FD=*** BORG_RELOCATED_REPO_ACCESS_IS_OK=*** BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=*** BORG_EXIT_CODES=*** borg --version --debug --show-rc /etc/borgmatic/config.yaml: Borg 1.4.0 nas: Running actions for repository nas: No commands to run for pre-actions hook nas: Listing archives nas: BORG_RSH=*** BORG_PASSPHRASE_FD=*** BORG_RELOCATED_REPO_ACCESS_IS_OK=*** BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=*** BORG_EXIT_CODES=*** borg list --glob-archives {hostname}-* --json ssh://{hostname}@100.64.0.6/./borgmatic nas: BORG_RSH=*** BORG_PASSPHRASE_FD=*** BORG_RELOCATED_REPO_ACCESS_IS_OK=*** BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=*** BORG_EXIT_CODES=*** borg list --debug --show-rc --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic using builtin fallback logging configuration 33 self tests completed in 0.10 seconds SSH command line: ['ssh', '-i', '/root/.ssh/id_rsa', 'meterpeter@100.64.0.6', 'borg', 'serve', '--debug'] Remote: using builtin fallback logging configuration Remote: 33 self tests completed in 0.25 seconds Remote: using builtin fallback logging configuration Remote: Initialized logging system for JSON-based protocol Remote: Resolving repository path b'/./borgmatic' Remote: Resolved repository path to '/backups/meterpeter/borgmatic' Remote: Verified integrity of /backups/meterpeter/borgmatic/index.5007 RemoteRepository: 239 B bytes sent, 4.32 kB bytes received, 6 messages sent passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect. Traceback (most recent call last): File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5391, in main exit_code = archiver.run(args) File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5309, in run rc = func(args) File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 178, in wrapper kwargs['manifest'], kwargs['key'] = Manifest.load(repository, compatibility) ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.13/site-packages/borg/helpers/manifest.py", line 190, in load key = key_factory(repository, cdata) File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 165, in key_factory return identify_key(manifest_data).detect(repository, manifest_data) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 680, in detect raise PassphraseWrong borg.crypto.key.PassphraseWrong: passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect. Platform: Linux meterpeter 6.14.0-rc1-1-mainline #1 SMP PREEMPT_DYNAMIC Mon, 03 Feb 2025 12:52:24 +0000 x86_64 Linux: Unknown Linux Borg: 1.4.0 Python: CPython 3.13.1 msgpack: 1.0.5 fuse: None [pyfuse3,llfuse] PID: 212708 CWD: /home/chris/Documents/shared_projects/packages sys.argv: ['/usr/bin/borg', 'list', '--debug', '--show-rc', '--glob-archives', '{hostname}-*', 'ssh://{hostname}@100.64.0.6/./borgmatic'] SSH_ORIGINAL_COMMAND: None terminating with error status, rc 52 nas: Error running actions for repository nas: Command 'borg list --debug --show-rc --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52. /etc/borgmatic/config.yaml: An error occurred summary: /etc/borgmatic/config.yaml: Loading configuration file An error occurred Error running actions for repository ... RemoteRepository: 239 B bytes sent, 4.32 kB bytes received, 6 messages sent passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect. Traceback (most recent call last): File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5391, in main exit_code = archiver.run(args) File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 5309, in run rc = func(args) File "/usr/lib/python3.13/site-packages/borg/archiver.py", line 178, in wrapper kwargs['manifest'], kwargs['key'] = Manifest.load(repository, compatibility) ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.13/site-packages/borg/helpers/manifest.py", line 190, in load key = key_factory(repository, cdata) File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 165, in key_factory return identify_key(manifest_data).detect(repository, manifest_data) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.13/site-packages/borg/crypto/key.py", line 680, in detect raise PassphraseWrong borg.crypto.key.PassphraseWrong: passphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect. Platform: Linux meterpeter 6.14.0-rc1-1-mainline #1 SMP PREEMPT_DYNAMIC Mon, 03 Feb 2025 12:52:24 +0000 x86_64 Linux: Unknown Linux Borg: 1.4.0 Python: CPython 3.13.1 msgpack: 1.0.5 fuse: None [pyfuse3,llfuse] PID: 212708 CWD: /home/chris/Documents/shared_projects/packages sys.argv: ['/usr/bin/borg', 'list', '--debug', '--show-rc', '--glob-archives', '{hostname}-*', 'ssh://{hostname}@100.64.0.6/./borgmatic'] SSH_ORIGINAL_COMMAND: None terminating with error status, rc 52 Command 'borg list --debug --show-rc --glob-archives {hostname}-* ssh://{hostname}@100.64.0.6/./borgmatic' returned non-zero exit status 52. Need some help? https://torsion.org/borgmatic/#issues ```

witten commented

2025-02-04 02:54:05 +00:00

I think it's self redacted? If there's still anything sensitive in there please point it out and I'll rotate my creds 😆

borgmatic does redact environment variable values from the logs, but some users are sensitive about hostnames or other info that borgmatic doesn't touch.

Anyway, the good news is I have a local repro of this error! It's really odd, because when I use a passcommand that calls out to an external password manager (and prompts for a password manager's own passphrase the first time), the borgmatic list command succeeds. But when I replace it with a cat command like you have here, it fails. So that makes me think there's got to be a timing component that's impacting this. If that's the case—and the problem has to do with how I'm passing the passphrase to Borg via a pipe—then I may have to revisit that approach.

I'll dig into this when I get a chance and report back. Thanks for your patience!

> I think it's self redacted? If there's still anything sensitive in there please point it out and I'll rotate my creds 😆 borgmatic does redact environment variable values from the logs, but some users are sensitive about hostnames or other info that borgmatic doesn't touch. Anyway, the good news is I have a local repro of this error! ~~It's really odd, because when I use a passcommand that calls out to an external password manager (and prompts for a password manager's own passphrase the first time), the `borgmatic list` command succeeds.~~ But when I replace it with a `cat` command like you have here, it fails. So that makes me think there's got to be a timing component that's impacting this. If that's the case—and the problem has to do with how I'm passing the passphrase to Borg via a pipe—then I may have to revisit that approach. I'll dig into this when I get a chance and report back. Thanks for your patience!

witten added the

bug

label 2025-02-04 02:54:12 +00:00

witten commented

2025-02-04 03:05:50 +00:00

Ugh, I'm pretty sure I found the problem. What's apparently going on is that the pipe used to send the passphrase to Borg is created once and then consumed by the initial borg list call as it should be. But then the pipe is never recreated for the second call—which means Borg can't actually read the passphrase from it. I'll need to think about how to solve this.

(FYI I don't think this ever worked for list, not even for the password manager case. I was incorrect about that.)

Ugh, I'm pretty sure I found the problem. What's apparently going on is that the pipe used to send the passphrase to Borg is created once and then consumed by the initial `borg list` call as it should be. But then the pipe is never recreated for the second call—which means Borg can't actually read the passphrase from it. I'll need to think about how to solve this. (FYI I don't think this ever worked for `list`, not even for the password manager case. I was incorrect about that.)

witten referenced this issue from a commit

2025-02-04 07:12:19 +00:00

Fix a "list" action error when the "encryption_passcommand" option is set (#987).

witten referenced this issue from a commit

2025-02-04 07:22:40 +00:00

When both "encryption_passcommand" and "encryption_passphrase" are configured, prefer "encryption_passphrase" even if it's an empty value (#987).

witten commented

2025-02-04 07:22:57 +00:00

Okay, this is fixed in main and will be part of the next release. The solution was indeed to avoiding reusing anonymous pipes that transmit the collected passphrase to Borg.

I also tweaked the passphrase vs. passcommand logic to prefer a passphrase over a passcommand even when the passphrase is an empty value. I think this behavior is probably less surprising given that an empty passphrase is a valid thing with Borg.

Thanks again!

Okay, this is fixed in main and will be part of the next release. The solution was indeed to avoiding reusing anonymous pipes that transmit the collected passphrase to Borg. I also tweaked the passphrase vs. passcommand logic to prefer a passphrase over a passcommand even when the passphrase is an empty value. I think this behavior is probably less surprising given that an empty passphrase is a valid thing with Borg. Thanks again!

witten closed this issue

2025-02-04 07:22:57 +00:00

christian-heusel commented

2025-02-04 09:40:11 +00:00

Thanks for coming up with a fix so quickly, that is really appreciated! 🎉

👍 1

witten commented

2025-02-11 06:35:48 +00:00

Released in borgmatic 1.9.10!

Sign in to join this conversation.