ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

btrbk: treat all filenames as unsafe

unsafe-filenames
Axel Burri 2021-08-16 16:58:51 +02:00
parent 2933e65cbe
commit 27388c7589
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
btrbk
View File

@ -582,7 +582,7 @@ sub init_transaction_log($$)
my $file = shift; my $file = shift;
my $config_syslog_facility = shift; my $config_syslog_facility = shift;
if(defined($file) && (not $dryrun)) { if(defined($file) && (not $dryrun)) {
if(open($tlog_fh, ">> $file")) { if(open($tlog_fh, '>>', $file)) {
# print headers (disabled) # print headers (disabled)
# print_formatted("transaction", [ ], output_format => "tlog", outfile => $tlog_fh); # print_formatted("transaction", [ ], output_format => "tlog", outfile => $tlog_fh);
INFO "Using transaction log: $file"; INFO "Using transaction log: $file";
@ -1753,7 +1753,7 @@ sub btrfs_send_to_file($$$;$$)
# of slower random generation. # of slower random generation.
my @gpg_options = ( '--batch', '--no-tty', '--no-random-seed-file', '--trust-model', 'always' ); my @gpg_options = ( '--batch', '--no-tty', '--no-random-seed-file', '--trust-model', 'always' );
push @gpg_options, ( '--compress-algo', 'none' ) if($compress); # NOTE: if --compress-algo is not set, gpg might still compress according to OpenPGP standard. push @gpg_options, ( '--compress-algo', 'none' ) if($compress); # NOTE: if --compress-algo is not set, gpg might still compress according to OpenPGP standard.
push(@gpg_options, ( '--no-default-keyring', '--keyring', $encrypt->{keyring} )) if($encrypt->{keyring}); push(@gpg_options, ( '--no-default-keyring', '--keyring', { unsafe => $encrypt->{keyring} } )) if($encrypt->{keyring});
push(@gpg_options, ( '--default-recipient', $encrypt->{recipient} )) if($encrypt->{recipient}); push(@gpg_options, ( '--default-recipient', $encrypt->{recipient} )) if($encrypt->{recipient});
push @cmd_pipe, { push @cmd_pipe, {
cmd => [ 'gpg', @gpg_options, '--encrypt' ], cmd => [ 'gpg', @gpg_options, '--encrypt' ],
@ -1783,7 +1783,7 @@ sub btrfs_send_to_file($$$;$$)
if($encrypt->{kdf_backend}) { if($encrypt->{kdf_backend}) {
WARN "Both openssl_keyfile and kdf_backend are configured, ignoring kdf_backend!"; WARN "Both openssl_keyfile and kdf_backend are configured, ignoring kdf_backend!";
} }
$encrypt_key = '$(cat ' . $encrypt->{keyfile} . ')'; $encrypt_key = '$(cat ' . quoteshell($encrypt->{keyfile}) . ')';
} }
elsif($encrypt->{kdf_backend}) { elsif($encrypt->{kdf_backend}) {
if($encrypt->{kdf_keygen_each}) { if($encrypt->{kdf_keygen_each}) {
@ -1801,7 +1801,7 @@ sub btrfs_send_to_file($$$;$$)
my $key_target_text = $encrypt->{kdf_keygen_each} ? "\"$vol_received->{PRINT}\"" : "all raw backups"; my $key_target_text = $encrypt->{kdf_keygen_each} ? "\"$vol_received->{PRINT}\"" : "all raw backups";
print STDOUT "\nGenerate session key for $key_target_text:\n"; print STDOUT "\nGenerate session key for $key_target_text:\n";
my $kdf_values = run_cmd(cmd => [ $encrypt->{kdf_backend}, $encrypt->{kdf_keysize} ], my $kdf_values = run_cmd(cmd => [ { unsafe => $encrypt->{kdf_backend} }, $encrypt->{kdf_keysize} ],
non_destructive => 1, non_destructive => 1,
name => $kdf_backend_name name => $kdf_backend_name
); );
@ -2947,7 +2947,7 @@ sub vinfo_rsh($;@)
push(@ssh_options, '-p', $ssh_port) if($ssh_port); push(@ssh_options, '-p', $ssh_port) if($ssh_port);
push(@ssh_options, '-c', $ssh_cipher_spec) if($ssh_cipher_spec ne "default"); push(@ssh_options, '-c', $ssh_cipher_spec) if($ssh_cipher_spec ne "default");
if($ssh_identity) { if($ssh_identity) {
push(@ssh_options, '-i', $ssh_identity); push(@ssh_options, '-i', { unsafe => $ssh_identity });
} else { } else {
WARN_ONCE "No SSH identity provided (option ssh_identity is not set) for: " . ($vinfo->{CONFIG}->{url} // $vinfo->{PRINT}); WARN_ONCE "No SSH identity provided (option ssh_identity is not set) for: " . ($vinfo->{CONFIG}->{url} // $vinfo->{PRINT});
} }
@ -6040,7 +6040,7 @@ MAIN:
# #
$lockfile //= config_key($config, "lockfile"); $lockfile //= config_key($config, "lockfile");
if(defined($lockfile) && (not $dryrun)) { if(defined($lockfile) && (not $dryrun)) {
unless(open(LOCKFILE, ">>$lockfile")) { unless(open(LOCKFILE, '>>', $lockfile)) {
# NOTE: the lockfile is never deleted by design # NOTE: the lockfile is never deleted by design
ERROR "Failed to open lock file '$lockfile': $!"; ERROR "Failed to open lock file '$lockfile': $!";
exit 3; exit 3;