borgmatic-collective/borgmatic
borgmatic-collective
/
borgmatic
15
57
Fork 40
Code Issues 52 Pull Requests 1 Actions Packages Releases 121 Activity

BORG_PASSPHRASE environment variable not working as usual in 1.5.6 #330

New Issue
Closed
opened 2020-06-17 08:47:07 +00:00 by netgreg · 2 comments
netgreg commented 2020-06-17 08:47:07 +00:00
Copy Link

What I'm trying to do and why

I've noticed that since borgmatic version 1.5.6 backups won't work automatically. The problem is that even though the environment variable "BORG_PASSPHRASE" is set like "BORG_PASSPHRASE=PASSPHRASE", I get asked to enter it:
"Enter passphrase for key ssh://someserver/somearchive:". If I enter the passphrase manually the backup continues. If I install borgmatic version 1.5.5 and down, it works as expected.

Steps to reproduce (if a bug)

Load env variables and start the backup

. /borg/env
/usr/local/bin/borgmatic -c /etc/borgmatic/filesystem.yaml -v2

borgmatic-config.yaml:
location:
    source_directories:
      - /

    one_file_system: true

    repositories:
      - ssh://someserver.com/somearchive

    exclude_patterns:
        - '/proc'
        - '/sys'

    exclude_caches: true

    exclude_if_present: .nobackup

storage:
    compression: lz4

    ssh_command: ssh -i /borg/ssh/id_rsa

    archive_name_format: 'filesystem-{now}'

retention:
    keep_hourly: 1
    keep_daily: 7
    keep_weekly: 4
    keep_monthly: 6
    keep_yearly: 1

    prefix: filesystem-

consistency:
    checks:
        - repository
        - archives
    check_last: 3
    prefix: filesystem-

/borg/env:
export BORG_PASSPHRASE="PASSPHRASE"
export BORG_REPO="ssh://someserver.com/somearchive"
export BORG_RSH="ssh -i /borg/ssh/id_rsa -o StrictHostKeyChecking=no"

Actual behavior (if a bug)

root@someserver.com:~$ . /borg/env; /usr/local/bin/borgmatic -c /etc/borgmatic/filesystem.yaml -v2
Ensuring legacy configuration is upgraded
/etc/borgmatic/filesystem.yaml: No commands to run for pre-everything hook
/etc/borgmatic/filesystem.yaml: No commands to run for pre-prune hook
/etc/borgmatic/filesystem.yaml: No commands to run for pre-backup hook
Mit Jun 17 10:37:38 CEST 2020 - Starting a backup job.
/etc/borgmatic/filesystem.yaml: No commands to run for pre-check hook
ssh://someserver.com/somearchive: Pruning archives
borg prune --keep-monthly 6 --keep-weekly 4 --keep-daily 7 --keep-hourly 1 --prefix filesystem- --keep-yearly 1 --debug --show-rc ssh://someserver.com/somearchive
using builtin fallback logging configuration
35 self tests completed in 0.13 seconds
SSH command line: ['ssh', '-i', '/borg/ssh/id_rsa', '-p', '23', 'someserver.com/somearchive', 'borg', 'serve', '--umask=077', '--debug']
Enter passphrase for key ssh://someserver.com/somearchive:

Expected behavior (if a bug)

Backup working automatically without having to input the passphrase.

Other notes / implementation ideas

Environment

borgmatic version: 1.5.6

borgmatic installation method: pip3 install borgmatic

Borg version: 1.1.9

Python version: 3.5.3

operating system and version: Debian Stretch 9.12 and Ubuntu 18.04

#### What I'm trying to do and why I've noticed that since borgmatic version 1.5.6 backups won't work automatically. The problem is that even though the environment variable "BORG_PASSPHRASE" is set like "BORG_PASSPHRASE=PASSPHRASE", I get asked to enter it: "Enter passphrase for key ssh://someserver/somearchive:". If I enter the passphrase manually the backup continues. If I install borgmatic version 1.5.5 and down, it works as expected. #### Steps to reproduce (if a bug) Load env variables and start the backup ``` . /borg/env /usr/local/bin/borgmatic -c /etc/borgmatic/filesystem.yaml -v2 ``` ----- ``` borgmatic-config.yaml: location: source_directories: - / one_file_system: true repositories: - ssh://someserver.com/somearchive exclude_patterns: - '/proc' - '/sys' exclude_caches: true exclude_if_present: .nobackup storage: compression: lz4 ssh_command: ssh -i /borg/ssh/id_rsa archive_name_format: 'filesystem-{now}' retention: keep_hourly: 1 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 keep_yearly: 1 prefix: filesystem- consistency: checks: - repository - archives check_last: 3 prefix: filesystem- ``` ----- ``` /borg/env: export BORG_PASSPHRASE="PASSPHRASE" export BORG_REPO="ssh://someserver.com/somearchive" export BORG_RSH="ssh -i /borg/ssh/id_rsa -o StrictHostKeyChecking=no" ``` #### Actual behavior (if a bug) ``` root@someserver.com:~$ . /borg/env; /usr/local/bin/borgmatic -c /etc/borgmatic/filesystem.yaml -v2 Ensuring legacy configuration is upgraded /etc/borgmatic/filesystem.yaml: No commands to run for pre-everything hook /etc/borgmatic/filesystem.yaml: No commands to run for pre-prune hook /etc/borgmatic/filesystem.yaml: No commands to run for pre-backup hook Mit Jun 17 10:37:38 CEST 2020 - Starting a backup job. /etc/borgmatic/filesystem.yaml: No commands to run for pre-check hook ssh://someserver.com/somearchive: Pruning archives borg prune --keep-monthly 6 --keep-weekly 4 --keep-daily 7 --keep-hourly 1 --prefix filesystem- --keep-yearly 1 --debug --show-rc ssh://someserver.com/somearchive using builtin fallback logging configuration 35 self tests completed in 0.13 seconds SSH command line: ['ssh', '-i', '/borg/ssh/id_rsa', '-p', '23', 'someserver.com/somearchive', 'borg', 'serve', '--umask=077', '--debug'] Enter passphrase for key ssh://someserver.com/somearchive: ``` #### Expected behavior (if a bug) Backup working automatically without having to input the passphrase. #### Other notes / implementation ideas #### Environment **borgmatic version:** 1.5.6 **borgmatic installation method:** pip3 install borgmatic **Borg version:** 1.1.9 **Python version:** 3.5.3 **operating system and version:** Debian Stretch 9.12 and Ubuntu 18.04
witten commented 2020-06-17 17:22:16 +00:00
Owner
Copy Link

Thank you for filing this! Here's what I believe is going on: The fix for #323 changed the behavior of borgmatic passing environment variables to Borg, so that unless an option is specified in borgmatic's configuration file (like encryption_passhprase), its corresponding environment variable (like BORG_PASSPHRASE) won't get passed to Borg. The rationale is that certain options specified in one borgmatic configuration file should not still be present for subsequent configuration file invocations of Borg.

But there's an unintended side-effect, which is what you're seeing here: The implicit feature of borgmatic passing through Borg-specific environment variables directly to Borg no longer works.

The good news is that there's already a pull request (#327) from another user to fix this. So hopefully it'll get solved soon! As a temporary work-around, you could use borgmatic's encryption_passphrase configuration file option.

Thank you for filing this! Here's what I believe is going on: The fix for #323 changed the behavior of borgmatic passing environment variables to Borg, so that unless an option is specified in borgmatic's configuration file (like `encryption_passhprase`), its corresponding environment variable (like `BORG_PASSPHRASE`) won't get passed to Borg. The rationale is that certain options specified in one borgmatic configuration file should not still be present for subsequent configuration file invocations of Borg. But there's an unintended side-effect, which is what you're seeing here: The implicit feature of borgmatic passing through Borg-specific environment variables directly to Borg no longer works. The good news is that there's already a pull request (#327) from another user to fix this. So hopefully it'll get solved soon! As a temporary work-around, you could use borgmatic's `encryption_passphrase` configuration file option.
👍 1
witten added the
bug
 label 2020-06-17 17:22:23 +00:00
witten commented 2020-06-21 21:45:01 +00:00
Owner
Copy Link

This is fixed in master now. I'll add a note here when the fix is released. Thanks again for the bug report!

This is fixed in master now. I'll add a note here when the fix is released. Thanks again for the bug report!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
spot-check
1.8.10
1.8.9
1.8.8
1.8.7
1.8.6
1.8.5
1.8.4
1.8.3
1.8.2
1.8.1
1.8.0
1.7.15
1.7.14
1.7.13
1.7.12
1.7.11
1.7.10
1.7.9
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.24
1.5.23
1.5.22
1.5.21
1.5.20
1.5.19
1.5.18
1.5.17
1.5.16
1.5.15
1.5.14
1.5.13
1.5.12
1.5.11
1.5.10
1.5.9
1.5.8
1.5.7
1.5.7.dev0
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.5.0
1.4.22
1.4.21
1.4.20
1.4.19
1.4.18
1.4.17
1.4.16
1.4.15
1.4.14
1.4.13
1.4.12
1.4.11
1.4.10
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.21
1.3.20
1.3.19
1.3.18
1.3.17
1.3.16
1.3.15
1.3.14
1.3.13
1.3.12
1.3.11
1.3.10
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.15
1.1.14
1.1.13
1.1.12
1.1.11
1.1.10
1.1.9
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
Labels
Clear labels   
bug

   
data loss

   
design finalized

   
good first issue

   
new feature area

   
question / support

   
security

   
waiting for response
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#330
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?