Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easy way to retrieve hints data from encrypted repository without key #5050

Closed
felinira opened this issue Mar 20, 2020 · 3 comments · Fixed by #8332
Closed

Easy way to retrieve hints data from encrypted repository without key #5050

felinira opened this issue Mar 20, 2020 · 3 comments · Fixed by #8332

Comments

@felinira
Copy link

Is there an easy way to retrieve hints (and other) data from an encrypted repository without having the key? I would like to parse the currently used quota on my backup server to send quota warnings to users without needing to enter a passphrase. I also don't want to spend time scrubbing the disk to get an estimated quota that is even slightly wrong.

My quick and dirty way:

def get_borg_repo_hints(repo_path):
    import os
    from borg.repository import Repository
    from borg.helpers import msgpack

    repo = Repository(repo_path)
    transaction_id = repo.get_index_transaction_id()
    hints_path = os.path.join(repo_path, 'hints.%d' % transaction_id)
    with open(hints_path, 'rb') as fd:
        hints = msgpack.unpack(fd)
    return hints

This is of course not very safe, doesn't use locking and doesn't verify the hints file integrity. I could expand this of course, by following the implementation from Repository.prepare_txn() but I don't really want to and don't think it is a good idea to re-implement borg repository handling outside of borg itself.

Is there a better way without digging even deeper and reimplementing even more? (I would prefer to just run borg info --json but this requires a passphrase which I do not have and do not want.)

If not: Would it be feasible to add an option (like --only-unencrypted) to borg info or borg debug that would make it possible to retrieve all information that is not encrypted?

(I know I am working against the borg attack model here. But some data will never be encrypted because it is impossible to combine server enforced repository quotas without the server being able to read/write the used quota value. If it is not encrypted it should not be hard to make use of it.)
@ThomasWaldmann
Copy link
Member

The hints.nnn file is not encrypted, so one does not need the key to read it.

The functionality you want should be implemented in borg. Don't we already output quota info somewhere? Or is that after asking for the key?

Of course you could also just do a du -sk repo or so on the repo server, that should be pretty quick and does not depend on borg.

@felinira
Copy link
Author

The info is only available after asking for the key.

Yes I can do du -s but the value I get will be different from the way borg counts things. Also it is duplicating information that is already there and it takes time and disk I/O to complete.

I have a way to retrieve it by importing borg but I think it is the only way right now.

@ThomasWaldmann
Copy link
Member

#7121 works on outputting the quota infos in borg rinfo (borg 2.0). key requirement has to get checked.

@ThomasWaldmann ThomasWaldmann mentioned this issue Aug 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use borgstore and other big changes ThomasWaldmann/borg
2 participants
@felinira @ThomasWaldmann