From a1e8e538c0be8b99bc8fb2a5a230694bb9f7b663 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Tue, 9 Jun 2026 00:55:50 +0200
Subject: [PATCH] drop unused permissions param from legacy RepositoryServer

RepositoryServer stored self.permissions but never read it: open() builds
a LegacyRepository without any permissions, and legacy (borg 1.x / v1)
repositories have no permission system at all. Remove the dead __init__
parameter and stop forwarding args.permissions from do_serve.

The --permissions CLI option stays - it applies to the non-legacy
"borg serve --rest" path.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 src/borg/archiver/serve_cmd.py | 6 +++---
 src/borg/legacy/remote.py      | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/borg/archiver/serve_cmd.py b/src/borg/archiver/serve_cmd.py
index 70a05298d..d8dd657f0 100644
--- a/src/borg/archiver/serve_cmd.py
+++ b/src/borg/archiver/serve_cmd.py
@@ -16,10 +16,10 @@ class ServeMixIn:
         if args.rest:
             self.do_serve_rest(args)
         else:
+            # note: legacy (borg 1.x) repositories have no permission system, so args.permissions
+            # is intentionally not forwarded here (it only applies to "borg serve --rest").
             RepositoryServer(
-                restrict_to_paths=args.restrict_to_paths,
-                restrict_to_repositories=args.restrict_to_repositories,
-                permissions=args.permissions,
+                restrict_to_paths=args.restrict_to_paths, restrict_to_repositories=args.restrict_to_repositories
             ).serve()
 
     def do_serve_rest(self, args):
diff --git a/src/borg/legacy/remote.py b/src/borg/legacy/remote.py
index 2b7057321..091926d63 100644
--- a/src/borg/legacy/remote.py
+++ b/src/borg/legacy/remote.py
@@ -752,13 +752,15 @@ class RepositoryServer:  # pragma: no cover
         "get_manifest",  # borg2 LegacyRepository has this
     )
 
-    def __init__(self, restrict_to_paths, restrict_to_repositories, permissions=None):
+    def __init__(self, restrict_to_paths, restrict_to_repositories):
         self.repository = None
         self.RepoCls = None
         self.rpc_methods = ("open", "close", "negotiate")
         self.restrict_to_paths = restrict_to_paths
         self.restrict_to_repositories = restrict_to_repositories
-        self.permissions = permissions
+        # note: legacy (borg 1.x / v1) repositories have no permission system, so borg serve
+        # does not accept/forward permissions here (the --permissions option only applies to
+        # the non-legacy "borg serve --rest" path).
         self.client_version = None  # we update this after client sends version information
 
     def filter_args(self, f, kwargs):