Merge pull request #7686 from ThomasWaldmann/fwd-ports

misc fwd ports
2026-06-12 18:30:18 -04:00 · 2023-06-30 00:20:01 +02:00 · 2023-06-30 00:20:01 +02:00 · f43fcd3bdb
commit f43fcd3bdb
parent b37c38afa9 58d3dbcec0
4 changed files with 32 additions and 4 deletions
--- a/docs/usage/list.rst
+++ b/docs/usage/list.rst
@ -27,11 +27,11 @@ Examples
    -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.text
    ...

-    $ borg list archiveA --pattern 're:\.ext$'
+    $ borg list archiveA --pattern '+ re:\.ext$' --pattern '- re:^.*$'
    -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
    ...

-    $ borg list archiveA --pattern 're:.ext$'
+    $ borg list archiveA --pattern '+ re:.ext$' --pattern '- re:^.*$'
    -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
    -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.text
    ...
--- a/scripts/upload-pypi
+++ b/scripts/upload-pypi
@ -15,4 +15,4 @@ fi

 D=dist/borgbackup-$R.tar.gz

-twine upload "$D.asc" "$D"
+twine upload "$D"
--- a/src/borg/cache.py
+++ b/src/borg/cache.py
@ -1049,6 +1049,9 @@ class LocalCache(CacheStatsMixin):
        elif "m" in cache_mode:
            cmtime_type = "mtime"
            cmtime_ns = safe_ns(st.st_mtime_ns)
+        else:  # neither 'c' nor 'm' in cache_mode, avoid UnboundLocalError
+            cmtime_type = "ctime"
+            cmtime_ns = safe_ns(st.st_ctime_ns)
        entry = FileCacheEntry(
            age=0, inode=st.st_ino, size=st.st_size, cmtime=int_to_timestamp(cmtime_ns), chunk_ids=ids
        )
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@ -1,3 +1,4 @@
+import binascii
 import hmac
 import os
 import textwrap
@ -615,7 +616,31 @@ class FlexiKey:
                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
            if fd.read(len(repo_id)) != repo_id:
                raise KeyfileMismatchError(self.repository._location.canonical_path(), filename)
-            return filename
+        # we get here if it really looks like a borg key for this repo,
+        # do some more checks that are close to how borg reads/parses the key.
+        with open(filename, "r") as fd:
+            lines = fd.readlines()
+            if len(lines) < 2:
+                logger.warning(f"borg key sanity check: expected 2+ lines total. [{filename}]")
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+            if len(lines[0].rstrip()) > len(file_id) + len(repo_id):
+                logger.warning(f"borg key sanity check: key line 1 seems too long. [{filename}]")
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+            key_b64 = "".join(lines[1:])
+            try:
+                key = a2b_base64(key_b64)
+            except binascii.Error:
+                logger.warning(f"borg key sanity check: key line 2+ does not look like base64. [{filename}]")
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+            if len(key) < 20:
+                # this is in no way a precise check, usually we have about 400b key data.
+                logger.warning(
+                    f"borg key sanity check: binary encrypted key data from key line 2+ suspiciously short."
+                    f" [{filename}]"
+                )
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+        # looks good!
+        return filename

    def find_key(self):
        if self.STORAGE == KeyBlobStorage.KEYFILE: